Jump to content

Windows Defender weird behaviour after EFS installation


Recommended Posts

  • Most Valued Members

Every restart for the server , Windows Defender detects that ESET has turned Windows Defender off and detects the changes as viruses and asks for reversing them.

Win32\I don't remember what , server is secure and clear for sure , it's clean installation , scanned by ESET also.

Windows Server 2019 1809

Edited by Rami
Link to comment
Share on other sites

  • Administrators

Actually 3rd party AVs don't turn off  Defender. AVs register to WSC and Windows itself subsequently turns off Defender. It sounds like it takes longer to start the Security Center service so Defender turns on and after the SC service starts, ESET registers to it and Windows turns off Defender.

Link to comment
Share on other sites

The problem here is that WD's engine, MsMpEng.exe, shouldn't even be loading. It obviously has been loaded and additionally is detecting Eset as malware:

7 hours ago, Rami said:

Windows Defender detects that ESET has turned Windows Defender off and detects the changes as viruses and asks for reversing them.

None of the above sounds anywhere near normal Windows Security Center normal initialization processing as far as third party AV use goes.

Microsoft just announced it is auto enabling WD's self-protection on all Win 10 versions. This also might apply to Win Server 2019. It also might be a factor of what is going on in regards to this very weird EFS and WD behavior.

-EDIT- Another possibility is Eset's ELAM driver. If Windows detects this third party AV driver isn't loaded at boot time, it will enable both WD's and the third party AV real-time scanner running them concurrently.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members

Now it doesn't appear after a restart but still Windows Security shows that real time is turned off and recommends that it should be on , it doesn't show anywhere that ESET is running.

Link to comment
Share on other sites

10 hours ago, Rami said:

Now it doesn't appear after a restart but still Windows Security shows that real time is turned off and recommends that it should be on , it doesn't show anywhere that ESET is running.

I assume you have verified that ekrn.exe is indeed running and Eset is fully functional? Also did you verify that WD; i.e. MsMpEng.exe, is not running?

Appears this is a "glitch" with EFS registration processing on Server 2019. Suggest you open an Eset support ticket.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...