taquionbcn 0 Posted April 1, 2020 Share Posted April 1, 2020 Hi, since last week when I boot my windows I get the message the messages: Time;Component;Event;User 01/04/2020 12:36:01;ESET Kernel;ESET Firewall status update in Windows Security Center failed;SYSTEM if I go to ESET logs, this message appear 3 or 4 times per minute Time;Component;Event;User 29/03/2020 4:03:37;ESET Kernel;ESET Security status update in Windows Security Center failed;SYSTEM Thanks, Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted April 1, 2020 ESET Staff Share Posted April 1, 2020 Hi @taquionbcn, Your issue is that we are failing to update status due to some issue in system. Please follow these steps: - enable advanced logging under Help and support -> Details for customer care - wait few moments - disable logging - collect logs with ESET Log Collector and supply the generated archive. Link to comment Share on other sites More sharing options...
taquionbcn 0 Posted April 1, 2020 Author Share Posted April 1, 2020 Hi @JozefG, what do you mean with supply? I send them to you via private message, post them here, send them trough support links inside nod32 application? thanks, Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted April 1, 2020 ESET Staff Share Posted April 1, 2020 It is enough to post them here. Link to comment Share on other sites More sharing options...
taquionbcn 0 Posted April 1, 2020 Author Share Posted April 1, 2020 There is no personal information or license information in this data? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,408 Posted April 1, 2020 Administrators Share Posted April 1, 2020 Attachments are available only to ESET staff so feel free to post the logs here. Link to comment Share on other sites More sharing options...
taquionbcn 0 Posted April 1, 2020 Author Share Posted April 1, 2020 Ok then, here is the file thanks! eis_logs.zip Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted April 1, 2020 ESET Staff Share Posted April 1, 2020 From provided logs I can tell that system returns us 0x80070005(ERROR_ACCESS_DENIED) on both Antivirus(ESET Security) and Firewall(ESET Firewall) providers. This is confirmed also by Windows Application Event log. Possibly interesting might be that in Windows Event log there are some WMI errors 0x80041010 Error Invalid class for our process. Can you please check WMI: press Windows + R and type WMIMGMT.MSC right click WMI Control (Local) and select Properties check if it connected successfully similar to image below, in case of errors please share the screenshot Link to comment Share on other sites More sharing options...
taquionbcn 0 Posted April 1, 2020 Author Share Posted April 1, 2020 Yes it says it is connected Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted April 2, 2020 ESET Staff Share Posted April 2, 2020 (edited) So these WMI errors are unrelated to the issue. Is your computer in domain? If yes are there some group policies set for blocking some local RPC communication? Also can you share screenshot of Windows security center? We also need Process Monitor log to check why it might be failing. Best would be if it was aligned with Advanced logging (same steps as before). Edited April 2, 2020 by JozefG Process monitor Link to comment Share on other sites More sharing options...
taquionbcn 0 Posted April 2, 2020 Author Share Posted April 2, 2020 Hi, Security center: antivirus: (is not shown in the image but there is a flicker, i think because the information is being updated on each attempt of nod32 to register) the log I've created with the advanced logging on, and then procesed with the eset log collector is 500MB, I will put in 5 replies: Because the limitation of extension I can attach this 5 files are "compressed" in another zip each file eis_logs_2part.zip.001.zip Link to comment Share on other sites More sharing options...
taquionbcn 0 Posted April 2, 2020 Author Share Posted April 2, 2020 It's not letting me to upload another file, please send me an e-mail and I will send you a wetransfer link Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted April 2, 2020 ESET Staff Share Posted April 2, 2020 @taquionbcn send it through private message Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted April 2, 2020 ESET Staff Share Posted April 2, 2020 As I am looking at your images it seems that it works, but we are getting that error. That is really strange. Go to Setup -> Computer Protection -> click on the switcher next to Real-time file system protection and check if it gets updated inside Windows Security Center UI. Link to comment Share on other sites More sharing options...
itman 1,790 Posted April 2, 2020 Share Posted April 2, 2020 My suggestion is the following: 1. Export your existing Eset settings if you have made custom changes. 2. Uninstall Eset and reboot. 3. Verify that Windows Security Center is correctly set up to use Windows Defender as real-time protection and the Win firewall as firewall protection. If this is not the case, this Eset issue is related to an issue with Windows Security Center that needs to be addressed. 4. Assuming no issues arise from Windows Security Center, reinstall Eset. 5. Import Eset settings if previously saved via Export. Now verify if Eset is correctly registered in Windows Security Center. It should show Eset is the real-time protection and Windows Defender is turned off. Likewise, it should show Eset is the firewall protection and the Windows firewall is turned off. Finally verify that the Eset Event log no longer displays entries indicating there is a Windows Security Center issue. Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted April 2, 2020 ESET Staff Share Posted April 2, 2020 @itman according to those screenshots it looks like everything is fine. Meaning that we are registered and active provider, but the system is consistently returning ACCESS_DENIED. Link to comment Share on other sites More sharing options...
itman 1,790 Posted April 2, 2020 Share Posted April 2, 2020 (edited) 11 minutes ago, JozefG said: @itman according to those screenshots it looks like everything is fine. Meaning that we are registered and active provider, but the system is consistently returning ACCESS_DENIED. Since this issue just started a week ago per OP's posting, I am hoping that an Eset uninstall/install with WSC reset in the interim will correct the permissions issue. If not, then the OP should run from admin level command prompt window: DISM.exe /Online /Cleanup-image /Restorehealth And determine if that fixes the permissions issues. Edited April 2, 2020 by itman Link to comment Share on other sites More sharing options...
taquionbcn 0 Posted April 2, 2020 Author Share Posted April 2, 2020 Hi, @itman & @JozefG JozefG, I sent you the wetransfer via pm I already did what itman is saying, when I started to see this message. first with eset installed I did the powershell health check & restore, and sfc: sfc /scannow -> no problems found DISM /Online /Cleanup-Image /CheckHealth DISM /Online /Cleanup-Image /RestoreHealth then saved my configurations, downloaded a new copy from eset webpage and reinstall it (in spanish), and retried the powershell commands, same result. Messages keep appearing so I reinstall it without copying my settings, but message keep appearing. So in order to search the error in english, because there is no a code for this error on the logs I reinstall again but this time in english. but messages keep appearing. and I came to the forum. ---------- My last move is to format and do a clean install, but I can't do it now because this covid crisis I'm not able to go to my office, the windows is mine, I could reinstall windows but most of the engineering software I use has to be installed there for licences. Link to comment Share on other sites More sharing options...
itman 1,790 Posted April 2, 2020 Share Posted April 2, 2020 (edited) 1 hour ago, taquionbcn said: I already did what itman is saying, when I started to see this message. Thanks for the feedback. Per the below screen shot, verify that Windows Security Service is running and its Startup type is set to Manual: Ref.: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center Quote Warning If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. This will significantly lower the protection of your device and could lead to malware infection. Edited April 2, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted April 2, 2020 ESET Staff Share Posted April 2, 2020 2 hours ago, taquionbcn said: My last move is to format and do a clean install, but I can't do it now because this covid crisis I'm not able to go to my office, the windows is mine, I could reinstall windows but most of the engineering software I use has to be installed there for licences. That should not be necessary to reinstall whole operating system. Did you try to change the state of Real-time file system protection? If the state changes in Security Center UI like on image below it means we can do something in Security Center integration module to workaround this error. Link to comment Share on other sites More sharing options...
itman 1,790 Posted April 2, 2020 Share Posted April 2, 2020 25 minutes ago, JozefG said: That should not be necessary to reinstall whole operating system. Did you try to change the state of Real-time file system protection? If the state changes in Security Center UI like on image below it means we can do something in Security Center integration module to workaround this error. Just tried this. As expected from prior testing, no such screen displays. Rather Windows Defender is fully activated and shows as such in Windows Security Center. Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted April 2, 2020 ESET Staff Share Posted April 2, 2020 @itman Do you also have issues with integration into Windows Security Center? Does your ESET Event log contain any errors regarding Windows Security Center? If so please provide aligned Advanced logs and Process Monitor log. Link to comment Share on other sites More sharing options...
itman 1,790 Posted April 2, 2020 Share Posted April 2, 2020 (edited) 40 minutes ago, JozefG said: Do you also have issues with integration into Windows Security Center? Does your ESET Event log contain any errors regarding Windows Security Center? No. The message "Eset Security is snoozed" in Windows Security Center is only displayed when "Pause protection" is selected via right button mouse click on the Eset desktop toolbar icon. When Eset real-time protection is disabled via: 6 hours ago, JozefG said: Go to Setup -> Computer Protection -> click on the switcher next to Real-time file system protection This permanently disables Eset's real-time protection causing Windows Defender to startup, register itself in Windows Security Center, and become the active real-time protection. This is per Win 10 design in the event currently installed third part AV solution malfunctions, is disabled by malware, or the like. Edited April 2, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted April 3, 2020 ESET Staff Share Posted April 3, 2020 9 hours ago, itman said: No. The message "Eset Security is snoozed" in Windows Security Center is only displayed when "Pause protection" is selected via right button mouse click on the Eset desktop toolbar icon. When Eset real-time protection is disabled via: This permanently disables Eset's real-time protection causing Windows Defender to startup, register itself in Windows Security Center, and become the active real-time protection. This is per Win 10 design in the event currently installed third part AV solution malfunctions, is disabled by malware, or the like. When you click on the switcher there is a dialog where you choose if you want to pause it for some time this way it should always get to Snoozed state. Only way how to get Defender to kick in is if you uncheck Enable Real-time file system protection in Advanced setup. Either way if one of those actions is reflected in Windows Security Center UI, there might be a possible workaround around this error. Link to comment Share on other sites More sharing options...
itman 1,790 Posted April 3, 2020 Share Posted April 3, 2020 (edited) 7 hours ago, JozefG said: When you click on the switcher there is a dialog where you choose if you want to pause it for some time this way it should always get to Snoozed state. Only way how to get Defender to kick in is if you uncheck Enable Real-time file system protection in Advanced setup. Sorry, I misunderstood you and interpreted what you posted to permanently disable real-time protection. Yes, your statement in the above first sentence works as described; puts Eset in a "snoozed" state as far as WSC is concerned. I do recommend however that that Eset real-time scanning be permanently disabled once to test that Windows Defender immediately initializes as I described previously. I for one had an issue with this when I originally upgraded from Win 7 to Win 10 a few years back. As I recollect, it eventually resolved itself after a subsequent Win 10 Feature upgrade. Edited April 3, 2020 by itman Link to comment Share on other sites More sharing options...
Recommended Posts