Jump to content
Rami

Windows Defender weird behaviour after EFS installation

Recommended Posts

Every restart for the server , Windows Defender detects that ESET has turned Windows Defender off and detects the changes as viruses and asks for reversing them.

Win32\I don't remember what , server is secure and clear for sure , it's clean installation , scanned by ESET also.

Windows Server 2019 1809

Edited by Rami

Share this post


Link to post
Share on other sites

Actually 3rd party AVs don't turn off  Defender. AVs register to WSC and Windows itself subsequently turns off Defender. It sounds like it takes longer to start the Security Center service so Defender turns on and after the SC service starts, ESET registers to it and Windows turns off Defender.

Share this post


Link to post
Share on other sites

The problem here is that WD's engine, MsMpEng.exe, shouldn't even be loading. It obviously has been loaded and additionally is detecting Eset as malware:

7 hours ago, Rami said:

Windows Defender detects that ESET has turned Windows Defender off and detects the changes as viruses and asks for reversing them.

None of the above sounds anywhere near normal Windows Security Center normal initialization processing as far as third party AV use goes.

Microsoft just announced it is auto enabling WD's self-protection on all Win 10 versions. This also might apply to Win Server 2019. It also might be a factor of what is going on in regards to this very weird EFS and WD behavior.

-EDIT- Another possibility is Eset's ELAM driver. If Windows detects this third party AV driver isn't loaded at boot time, it will enable both WD's and the third party AV real-time scanner running them concurrently.

Edited by itman

Share this post


Link to post
Share on other sites

Now it doesn't appear after a restart but still Windows Security shows that real time is turned off and recommends that it should be on , it doesn't show anywhere that ESET is running.

Share this post


Link to post
Share on other sites
10 hours ago, Rami said:

Now it doesn't appear after a restart but still Windows Security shows that real time is turned off and recommends that it should be on , it doesn't show anywhere that ESET is running.

I assume you have verified that ekrn.exe is indeed running and Eset is fully functional? Also did you verify that WD; i.e. MsMpEng.exe, is not running?

Appears this is a "glitch" with EFS registration processing on Server 2019. Suggest you open an Eset support ticket.

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...