Most Valued Members Nightowl 202 Posted October 16, 2019 Most Valued Members Share Posted October 16, 2019 (edited) Every restart for the server , Windows Defender detects that ESET has turned Windows Defender off and detects the changes as viruses and asks for reversing them. Win32\I don't remember what , server is secure and clear for sure , it's clean installation , scanned by ESET also. Windows Server 2019 1809 Edited October 16, 2019 by Rami Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted October 16, 2019 Administrators Share Posted October 16, 2019 Actually 3rd party AVs don't turn off Defender. AVs register to WSC and Windows itself subsequently turns off Defender. It sounds like it takes longer to start the Security Center service so Defender turns on and after the SC service starts, ESET registers to it and Windows turns off Defender. Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 16, 2019 Share Posted October 16, 2019 (edited) The problem here is that WD's engine, MsMpEng.exe, shouldn't even be loading. It obviously has been loaded and additionally is detecting Eset as malware: 7 hours ago, Rami said: Windows Defender detects that ESET has turned Windows Defender off and detects the changes as viruses and asks for reversing them. None of the above sounds anywhere near normal Windows Security Center normal initialization processing as far as third party AV use goes. Microsoft just announced it is auto enabling WD's self-protection on all Win 10 versions. This also might apply to Win Server 2019. It also might be a factor of what is going on in regards to this very weird EFS and WD behavior. -EDIT- Another possibility is Eset's ELAM driver. If Windows detects this third party AV driver isn't loaded at boot time, it will enable both WD's and the third party AV real-time scanner running them concurrently. Edited October 16, 2019 by itman Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted October 17, 2019 Author Most Valued Members Share Posted October 17, 2019 Now it doesn't appear after a restart but still Windows Security shows that real time is turned off and recommends that it should be on , it doesn't show anywhere that ESET is running. Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 17, 2019 Share Posted October 17, 2019 (edited) 10 hours ago, Rami said: Now it doesn't appear after a restart but still Windows Security shows that real time is turned off and recommends that it should be on , it doesn't show anywhere that ESET is running. I assume you have verified that ekrn.exe is indeed running and Eset is fully functional? Also did you verify that WD; i.e. MsMpEng.exe, is not running? Appears this is a "glitch" with EFS registration processing on Server 2019. Suggest you open an Eset support ticket. Edited October 17, 2019 by itman Link to comment Share on other sites More sharing options...
Recommended Posts