disable EIS and have windows defender running instead

[kellyz 0]

Hi, would anyone know how to disable EIS in such a way that windows defender is running? This is an old frustrating issue. I upgraded to 13.x and now i cannot connect to a vpn using Pulse Secure (which only supports 12.x). I recall I read somewhere that you can alter a setting in windows somewhere such that when you reboot the pc, it will have EIS completely disabled and have Windows Defender running. I tried disabling realtime protection, but that doesn't work. I tried stopping the EIS service, but i get 'access denied'. The only way i can see around this is to set up a virtual machine with no EIS installed, and access the vpn through that. There should be a way of disabling it completely though. Thanks

Edited December 7, 2019 by kellyz

[itman 1,659]

If you disable real-time protection in the Eset GUI, WD real-time protection should kick in automatically.

Just make sure you verify that WD's self-protection is enabled.

[Marcos 5,074]

You can uninstall v13, install v12 and temporarily disable program updates in the advanced update setup until Pulse adds recognition of v13. We'll try to contact them through our IT support.

[kellyz 0]

Thanks for the replies. I tried staying on 12.x with updates disabled, but it was annoying me with frequent popups  in relation to module updates unable to be installed.

But the good news is that I seem to have been able to solve connectivity with EIS 13.x using Pulse Secure.

What I had to do was:

1. Advanced Setup > Detection Engine > Real-time file system protection > [Disable] Enable Real-time file system protection
2. Advanced Setup > Network Protection > Firewall > Basic > [Disable] Enable Firewall
3. Right click EIS taskbar icon and select "Pause Protection"

Now I can connect to my company vpn under 13.x.

I noticed if I perform the above steps out of sequence, i.e. step 3 before step 1 or 2, it does not work. I need to perform step 3 at the very end. I am not sure why. Maybe pausing protection, then disabling the firewall and real-time file system protection doesn't shut down certain modules correctly. I am also not sure why I have to do step 1 even if I do step 3, because doing step 3 tells me it is deactivating real-time protection anyways, which is confusing:

So doing steps 2 and 3 alone will not work... confusing... But anyways, I got it working now and I am happy.

Thanks again for all your help.

Edited December 8, 2019 by kellyz

[Marcos 5,074]

Having ESET installed but disabled and Defender protecting your computer doesn't make much sense. You should be able to use v12 until without any pop-ups with program updates temporarily disabled. Did you actually disable program updates when you had v12 isntalled?

[kellyz 0]

Yes I had v12 installed and disabled program updates. But I received notifications telling me that there were issues installing various modules as a result for some reason.

The whole idea behind disabling v13 was to obtain access to the vpn using pulse secure. As you know pulse secure doesn't allow v13 to connect (only v12). Once connected, I just enable v13 back again... that's it. How else would I go about doing this in a simpler manner? I don't want to be stuck on v12 with updates disabled, that makes no sense; and I have no desire to run Defender.

I still have no idea why i have to execute all three steps to allow pulse secure access (steps 2 and 3 should be enough), and why executing step 3 before step 2 doesn't work. If anyone has any insight that would be great.

Edited December 8, 2019 by kellyz

[Nightowl 202]

19 hours ago, itman said:

If you disable real-time protection in the Eset GUI, WD real-time protection should kick in automatically.

Just make sure you verify that WD's self-protection is enabled.

Does the Anti-Tamper really do it's job ? or it's just a name?

[itman 1,659]

4 hours ago, Rami said:

Does the Anti-Tamper really do it's job ?

Seems to be effective. I haven't seen a published bypass of it to date.

[Nightowl 202]

5 minutes ago, itman said:

Seems to be effective. I haven't seen a published bypass of it to date.

I remember when it used to be a registry entry , one line would disable the whole protection..

[itman 1,659]

21 minutes ago, Rami said:

I remember when it used to be a registry entry , one line would disable the whole protection..

I also recently read a posting in another forum that indicates in Win 10 1909, not only is WD self-protection enabled now by default but also WD self-sandboxing. Previously, WD sandboxing had to manually enabled via PowerShell command.

[Nightowl 202]

3 minutes ago, itman said:

I also recently read a posting in another forum that indicates in Win 10 1909, not only is WD self-protection enabled now by default but also WD self-sandboxing. Previously, WD sandboxing had to manually enabled via PowerShell command.

So it does sandbox the file and run it inside and see what is result? and then determine the file?

[itman 1,659]

12 hours ago, kellyz said:

What I had to do was:

1. Advanced Setup > Detection Engine > Real-time file system protection > [Disable] Enable Real-time file system protection
2. Advanced Setup > Network Protection > Firewall > Basic > [Disable] Enable Firewall
3. Right click EIS taskbar icon and select "Pause Protection"

Actually, all you needed to do is step 1). to activate WD's real-time protection. If running with WD real-time protection and you still can't connect to your VPN, the issue is not Eset's real-time protection. The issue appears to be Eset's firewall instead.

I have not yet been able to figure out how to disable Eset's firewall and have the Windows's firewall auto activiate.

Edited December 8, 2019 by itman

[itman 1,659]

49 minutes ago, Rami said:

So it does sandbox the file and run it inside and see what is result? and then determine the file?

No. The WD kernel process itself is sandboxed. MS did this to prevent malware from spreading if the WD kernel process was compromised.

[Nightowl 202]

22 minutes ago, itman said:

No. The WD kernel process itself is sandboxed. MS did this to prevent malware from spreading if the WD kernel process was compromised.

I understand , thank you for the information my friend.

[kellyz 0]

19 hours ago, itman said:

Actually, all you needed to do is step 1). to activate WD's real-time protection. If running with WD real-time protection and you still can't connect to your VPN, the issue is not Eset's real-time protection. The issue appears to be Eset's firewall instead.

I have not yet been able to figure out how to disable Eset's firewall and have the Windows's firewall auto activiate.

This is the warning i get from Pulse Secure with 13x:

I need to perform all three steps. I tried all combinations 1, (1,2), (1,3) etc. (1,2,3) works for whatever reason.

 

[Marcos 5,074]

Our IT department will contact Pulse Secure regarding v13 support. In the mean time, you can uninstall v13, install v12 and temporarily disable program updates in the advanced update setup.