Jump to content
MoRbIdBoY

Both Windows Firewall and ESET Security are both turned off.

Recommended Posts

Hello. I have a quite heavily loaded system I used for audio production (lots of drivers, lots of data). Being able to "get to work" on the PC (without ESET) takes about 30 seconds after the desktop initially loads. With ESET it's taking about 10 minutes. Even though it's booting from EVO-850 SSD.

I'm using ESET 13.0.24.0 which I beleive is the latest and Windows version 10 Pro, 10.0.17763.

I HAVE TWO PROBLEMS

1. Message shortly before the system actually lets me do some work. Message: "Both Windows and ESET Firewall are both turned off". The "Network Protection" section appears in red the entire 10 minutes I'm unable to work on the Desktop. It then appears to go green about 1 minutes after receiving the firewall turned off message, and the ESET firewall functions throughout this period.

2. Even though I have both the "System startup file check" options turned off, ESET still appears to be doing a huge scan of my registry and then my entire file system, in refference to any executable files it finds in the registry. I have A LOT of executable files on my file system, I have A LOT of applications installed on it. It also does this when I resume from sleep. So besides taking an absolute age to boot, it takes an absolute age to resume from sleep.


What is wrong with your Antivuris and Firewall solution? This started happening when ESET Smart Security went past version 9 and started with this "modern interface" - which is complete garbage by the way. ESET 9 firewall was much better (and MORE IMPORTANTLY CLEARER) at showing you what was going on with you firewall and EDITING changes.

Have we come to a point where ESET has so much bloat, it is taking most of my VALUABLE system resouces? I don't upgrade my PC so that ESET's software can suddenly start using it all up. I expect your software to GET FASTER and USE LESS RESOURCES, not the other way around.

I've tried uninstalling and re-installing ESET's software. I've tried using the ESET removal tool (in safe mode). I've tried installing the software and then waiting for it to finish it's entire scan of my PC before doing anything else. I've tried starting from fresh with ESET and not importing my existing settings. Same problems.

So - Both Windows and ESET Firewall are both turned off - and - NOT respecting my option NOT to perform a startup scan and doing an entire scan of my registry and all associated executable files. Thereby reporting a false warning that both firewalls are turned off (because it's taking so long to boot to desktop) AND taking an age before I can start working or launch firefox. Sometimes taking 10 to 15 minutes to load to desktop.

IS IT TIME I DUMP ESET - WHICH I'VE BEEN USING FOR 10 YEARS AND LOOK FOR AN ALTERNATIVE?
 

Edited by MoRbIdBoY

Share this post


Link to post
Share on other sites
1 hour ago, MoRbIdBoY said:

Hello. I have a quite heavily loaded system I used for audio production (lots of drivers, lots of data). Being able to "get to work" on the PC (without ESET) takes about 30 seconds after the desktop initially loads. With ESET it's taking about 10 minutes. Even though it's booting from EVO-850 SSD.

I'm using ESET 13.0.24.0 which I beleive is the latest and Windows version 10 Pro, 10.0.17763.

I HAVE TWO PROBLEMS

1. Message shortly before the system actually lets me do some work. Message: "Both Windows and ESET Firewall are both turned off". The "Network Protection" section appears in red the entire 10 minutes I'm unable to work on the Desktop. It then appears to go green about 1 minutes after receiving the firewall turned off message, and the ESET firewall functions throughout this period.

2. Even though I have both the "System startup file check" options turned off, ESET still appears to be doing a huge scan of my registry and then my entire file system, in refference to any executable files it finds in the registry. I have A LOT of executable files on my file system, I have A LOT of applications installed on it. It also does this when I resume from sleep. So besides taking an absolute age to boot, it takes an absolute age to resume from sleep.


What is wrong with your Antivuris and Firewall solution? This started happening when ESET Smart Security went past version 9 and started with this "modern interface" - which is complete garbage by the way. ESET 9 firewall was much better (and MORE IMPORTANTLY CLEARER) at showing you what was going on with you firewall and EDITING changes.

Have we come to a point where ESET has so much bloat, it is taking most of my VALUABLE system resouces? I don't upgrade my PC so that ESET's software can suddenly start using it all up. I expect your software to GET FASTER and USE LESS RESOURCES, not the other way around.

I've tried uninstalling and re-installing ESET's software. I've tried using the ESET removal tool (in safe mode). I've tried installing the software and then waiting for it to finish it's entire scan of my PC before doing anything else. I've tried starting from fresh with ESET and not importing my existing settings. Same problems.

So - Both Windows and ESET Firewall are both turned off - and - NOT respecting my option NOT to perform a startup scan and doing an entire scan of my registry and all associated executable files. Thereby reporting a false warning that both firewalls are turned off (because it's taking so long to boot to desktop) AND taking an age before I can start working or launch firefox. Sometimes taking 10 to 15 minutes to load to desktop.

IS IT TIME I DUMP ESET - WHICH I'VE BEEN USING FOR 10 YEARS AND LOOK FOR AN ALTERNATIVE?
 

Not sure what could be causing this but I'd recommend collecting logs and creating a support ticket. If something is causing it to slow your computer they may be able to identify and fix it

Share this post


Link to post
Share on other sites

Disable the "update scan at user logon time" also and see if that improves Eset initialization. Note that disabling any of the Eset startup/update scans reduces your security protection.

Also these startup/update scans are not full registry and hard drive scans; only select areas where malware is known to reside are scanned. So it appears, something is not right with your Eset setup. When you installed Eset, did your allow for the full in-depth scan that runs after installation to fully complete? This scan in effect will mark files once scanned so that they are not scanned again resulting in significant reduction in future scan times. . Another possibility is this initial in-depth scan never fully completed and is resuming upon system restart. Finally, verify that scan profile in Eset is set to the default "Smart scan" one.

Edited by itman

Share this post


Link to post
Share on other sites

I'd recommend enabling advanced operating system logging under tools -> diagnostics and rebooting the machine to reproduce the issue. Next disable advanced logging, collect logs with ESET Log Collector and add C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl to the generated archive. Upload the archive to a safe location and drop me a personal message with a download link.

Share this post


Link to post
Share on other sites

OK, I'll have a go at logging I think. itman, yes all detection parameters section are at their default and the full scan was allowed to complete across all drives. running process monitor (procmon) and logging through that, it appears that ESET is going through the entire registry (software and installation sections) looking for installed programs, taking note of executables and the like and then performing a scan on those related files (procmon registry and file logging). repeatedly, it seems to be doing this every time I start up (like it will first scan through and get to -example- Steinberg registry entries and then scan the same dll and exe files mentioned in that registry section on my hard drives steinberg folder).
 

Share this post


Link to post
Share on other sites

The registry is basically scanned only when cleaning threats after detection. Normally only startup locations are scanned by the startup scan.

Share this post


Link to post
Share on other sites
3 hours ago, MoRbIdBoY said:

it seems to be doing this every time I start up (like it will first scan through and get to -example- Steinberg registry entries and then scan the same dll and exe files mentioned in that registry section on my hard drives steinberg folder).

This sounds like your audio apps are in effect re-installing themselves are system startup time. Are these apps permanently installed in your Win OS build or are they in effect, portable apps that run at system startup time? Also are these audio apps Cloud based apps?

Share this post


Link to post
Share on other sites

Think I may have solved this. Just testing it out now and it seems a hell of a lot faster.

I cleared down HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store - which listed virtually every single exe on my system and disabled compatability assistant in the group policy editor.

gpedit.msc
Computer Configuration
Administrative Templates
Windows Components
Application Compatability
Telemetry - off (Enabled)
Compatability Assistant - off (Enabled)
Inventory Collector - off (Enabled)
Steps Recorder - off (Enabled)

I've also disabled "Customer Experience" for good measure
Administrative Templates
System
Internet Communication Settings
Turn off Windows Customer Experience - off (Enabled)

Disk activity has gone down to nothing and I'm getting to the desktop almost immediately (was scanning hundereds of mb before - for about 5 minutes) on my SSD. No firewall both turned off messages as yet, I'm just rebooting and few times to check, it's brilliant! Network protection section on ESET still has 3 red "disabled" sections for about 2 minutes after boot, but then they go green.
 

Share this post


Link to post
Share on other sites

HA HA HA HA HAR!!!! YES!!!!!

Really have sorted it this time.

So, I turned off HIPS and noticed Both Windows and ESET Firewall are both turned off message completely disappears.

Turned it back on, read through the various HIPS options and found "Enable Deep Behavioral Inspection" and thought to myself "anything with the word deep means slow". So I turned it off.

Now ESET firewall registers correctly with WMI Security Center without time out.

I'm guessing that ESET Deep Behavioral Inspection keeps a list of all your uncommon or none standard exe files (probably compares exe files to to see which ones not many people have) and keeps scanning them.

Anyway, on my system, it prevented ESET firewall registering with the WMI Security Center in time, prompting the aforementioned message,

You might want to look into that and alter your programs priorities. Registering the firewall with Windows should come pretty top of your list, before any scanning.

Share this post


Link to post
Share on other sites
3 hours ago, MoRbIdBoY said:

I'm guessing that ESET Deep Behavioral Inspection keeps a list of all your uncommon or none standard exe files (probably compares exe files to to see which ones not many people have) and keeps scanning them.

Eset technical documentation on how DBI works internally is a bit sparse. My best guess is there is a reputational component to it. An unknown or low rep. process might indeed be monitored for suspicious activities if performing code injection, thread setting, and the like.

However, the impact you described at system startup would only occur if your app software falls in the above suspicious category. Mainstream software downloaded from trusted publisher sources should only be scanned once and not monitored thereafter unless the software was updated or modified in some way.

On 1/18/2020 at 7:48 AM, MoRbIdBoY said:

-example- Steinberg registry entries and then scan the same dll and exe files mentioned in that registry section on my hard drives steinberg folder).

Rather that disabling DBI which is a security risk, you should try to exclude software as noted above from DBI scanning and see if that resolves the issue.

Edited by itman

Share this post


Link to post
Share on other sites

Does the issue occur if you re-enable Deep Behavioral Inspection and reboot the machine? It should not affect registration to Security Center whatsoever.

Share this post


Link to post
Share on other sites

OK, so, coming back to this thread after a while off (because I dont like to see them unresolved if I may have answers to help someone else in the future).

Uninstalled ESET, removed any directory remnants, used avremover_nt64_enu.exe and the old esetuninstaller.exe. Used the script I mention here AND didn't import any old configs (started again with my firewall rules, which - I might add - hurt):

 

Thought I'd cracked it - couple of reboots later the problem came back. Tried the following on an elevated command line (I found after a lot of searching around):

"C:\Program Files\ESET\Internet Security\ecmd.exe" /registerav

This apparently registers the firewall with Windows Security Center through WMI (Windows Management Interface). Every time I tried the command a windows notification came up immediately informing me Both Windows and ESET Firewall are both turned off. That was clearly wrong, because ESET Firewall was most definitely ON by this time (all green).

But it did lead me to think that clearly WMI was suffering with early onset dementia. Then I came across THIS TREASURE.

https://support.eset.com/en/kb217-windows-security-center-is-not-detecting-my-windows-eset-product

Quote

 

If Windows Security Center is not detecting your Windows ESET security product, please follow the steps below:

Click Start - All Programs - Accessories. Right-click Command Prompt and select Run as administrator from the context menu.

Windows 8 users: Press the Windows key + Q to open an app search and type cmd into the Search field.
Right-click the cmd application when it appears in results and select Run as administrator from the context menu.
         
    In the command prompt window, type NET STOP WINMGMT /Y and press ENTER.
    Type REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY REP.OLD and press ENTER.
    Type EXIT and press ENTER to close the window.
     
    Restart the system.

Windows should start normally, but you may be prompted to restart the system once more to complete the changes caused by resetting the core repository. You may also need to restart once more if Windows Security Center still does not detect your ESET product.

 


Believe me, when I say I've searched there, and the entire internet, 1000 times and could not find that. It seems to have sorted the problem.

I have to say though, everything after version 8, has been complete garbage bloatware. It's been far more trouble, far more complicated and far more frustrating and more unreliable. I honestly used to feel very safe with everything up to version 8. Since 9 onwards... not so much.

Anyway... here hoping another problem has been fixed.
PS. It is worth mentioning that nothing else had a problem with WMI on my system and I did check the WMI integrity with:

winmgmt.exe /verifyrepository

As explained here:
https://support.quest.com/vworkspace/kb/88861/how-to-repair-or-fully-rebuild-windows-wmi-repository

and it came back consistent. So the question really is WHY did I have delete a perfectly good verified repository? * (Rhetorical).

PPS. FFS. Please TAG or RENAME the BELOW link:

https://support.eset.com/en/kb217-windows-security-center-is-not-detecting-my-windows-eset-product

With Both Windows and ESET Firewall are both turned off because THAT IS WHAT THAT ADVICES ERROR MESSAGE ACTUALLY ELUDES TO - IT IS NOT MENTIONED ANYWHERE - AND SO OTHERWISE PEOPLE WILL NOT FIND THAT ADVICE - AND THEREFORE, WHAT POINT IS THERE TO IT !!!!

Edited by MoRbIdBoY

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...