Jump to content
taquionbcn

ESET Internet Security: ESET Firewall status update in Windows Security Center failed

Recommended Posts

Hi,

since last week when I boot my windows I get the message the messages:

Time;Component;Event;User
01/04/2020 12:36:01;ESET Kernel;ESET Firewall status update in Windows Security Center failed;SYSTEM
if I go to ESET logs, this message appear 3 or 4 times per minute

Time;Component;Event;User
29/03/2020 4:03:37;ESET Kernel;ESET Security status update in Windows Security Center failed;SYSTEM
 

 

image.thumb.png.abb86bfdb5861b4381282497314e4520.png

 

Thanks,

 

Share this post


Link to post
Share on other sites

Hi @taquionbcn,

Your issue is that we are failing to update status due to some issue in system.

Please follow these steps:

- enable advanced logging under Help and support -> Details for customer care
- wait few moments
- disable logging
- collect logs with ESET Log Collector and supply the generated archive.

Share this post


Link to post
Share on other sites

Hi @JozefG,

what do you mean with supply? I send them to you via private message, post them here, send them trough support links inside nod32 application?

 

thanks,

 

Share this post


Link to post
Share on other sites

There is no personal information or license information in this data?

Share this post


Link to post
Share on other sites

Attachments are available only to ESET staff so feel free to post the logs here.

Share this post


Link to post
Share on other sites

From provided logs I can tell that system returns us 0x80070005(ERROR_ACCESS_DENIED) on both Antivirus(ESET Security) and Firewall(ESET Firewall) providers.

This is confirmed also by Windows Application Event log.

Possibly interesting might be that in Windows Event log there are some WMI errors 0x80041010 Error Invalid class for our process.

Can you please check WMI:

  • press Windows + R  and type WMIMGMT.MSC
  • right click WMI Control (Local) and select Properties
  • check if it connected successfully similar to image below, in case of errors please share the screenshot

image.png

Share this post


Link to post
Share on other sites
Posted (edited)

So these WMI errors are unrelated to the issue.

Is your computer in domain? If yes are there some group policies set for blocking some local RPC communication? Also can you share screenshot of Windows security center?

We also need Process Monitor log to check why it might be failing. Best would be if it was aligned with Advanced logging (same steps as before).

Edited by JozefG
Process monitor

Share this post


Link to post
Share on other sites

Hi,

Security center: 

image.thumb.png.ab5f6d1dacabe329403c52dd03b115a1.png

antivirus: (is not shown in the image but there is a flicker, i think because the information is being updated on each attempt of nod32 to register)

image.thumb.png.8c958ab4fcaed4119fbc8e14b199b970.png

the log I've created with the advanced logging on, and then procesed with the eset log collector is 500MB, I will put in 5 replies:

Because the limitation of extension I can attach this 5 files are "compressed" in another zip each file

eis_logs_2part.zip.001.zip

Share this post


Link to post
Share on other sites

It's not letting me to upload another file, please send me an e-mail and I will send you a wetransfer link

Share this post


Link to post
Share on other sites

As I am looking at your images it seems that it works, but we are getting that error. That is really strange.

Go to Setup -> Computer Protection -> click on the switcher next to Real-time file system protection and check if it gets updated inside Windows Security Center UI.

Share this post


Link to post
Share on other sites

My suggestion is the following:

1. Export your existing Eset settings if you have made custom changes.

2. Uninstall Eset and reboot.

3. Verify that Windows Security Center is correctly set up to use Windows Defender as real-time protection and the Win firewall as firewall protection. If this is not the case, this Eset issue is related to an issue with Windows Security Center that needs to be addressed.

4. Assuming no issues arise from Windows Security Center, reinstall Eset.

5. Import Eset settings if previously saved via Export.

Now verify if Eset is correctly registered in Windows Security Center. It should show Eset is the real-time protection and Windows Defender is turned off. Likewise, it should show Eset is the firewall protection and the Windows firewall is turned off. Finally verify that the Eset Event log no longer displays entries indicating there is a Windows Security Center issue.

Share this post


Link to post
Share on other sites

@itman according to those screenshots it looks like everything is fine. Meaning that we are registered and active provider, but the system is consistently returning ACCESS_DENIED.

Share this post


Link to post
Share on other sites
Posted (edited)
11 minutes ago, JozefG said:

@itman according to those screenshots it looks like everything is fine. Meaning that we are registered and active provider, but the system is consistently returning ACCESS_DENIED.

Since this issue just started a week ago per OP's posting, I am hoping that an Eset uninstall/install with WSC reset in the interim will correct the permissions issue. If not, then the OP should run from admin level command prompt window:

DISM.exe /Online /Cleanup-image /Restorehealth

And determine if that fixes the permissions issues.

Edited by itman

Share this post


Link to post
Share on other sites

Hi, @itman & @JozefG

JozefG, I sent you the wetransfer via pm

I already did what itman is saying, when I started to see this message.

first with eset installed I did the powershell health check & restore, and sfc:
 

sfc /scannow -> no problems found

DISM /Online /Cleanup-Image /CheckHealth

DISM /Online /Cleanup-Image /RestoreHealth

 then saved my configurations, downloaded a new copy from eset webpage and reinstall it (in spanish), and retried the powershell commands, same result.

Messages keep appearing so I reinstall it without copying my settings, but message keep appearing.

So in order to search the error in english, because there is no a code for this error on the logs I reinstall again but this time in english.

but messages keep appearing.

and I came to the forum.

----------

My last move is to format and do a clean install, but I can't do it now because this covid crisis I'm not able to go to my office, the windows is mine, I could reinstall windows but most of the engineering software I use has to be installed there for licences.

 

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, taquionbcn said:

I already did what itman is saying, when I started to see this message.

Thanks for the feedback.

Per the below screen shot, verify that Windows Security Service is running and its Startup type is set to Manual:

WSC_Service.thumb.png.380ff73436ee8979d84acb8f10ca9677.png

Ref.: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center

Quote

Warning

If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.

It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.

This will significantly lower the protection of your device and could lead to malware infection.

 

Edited by itman

Share this post


Link to post
Share on other sites
2 hours ago, taquionbcn said:

My last move is to format and do a clean install, but I can't do it now because this covid crisis I'm not able to go to my office, the windows is mine, I could reinstall windows but most of the engineering software I use has to be installed there for licences.

That should not be necessary to reinstall whole operating system.

Did you try to change the state of Real-time file system protection? If the state changes in Security Center UI like on image below it means we can do something in Security Center integration module to workaround this error.

 

image.png

Share this post


Link to post
Share on other sites
25 minutes ago, JozefG said:

That should not be necessary to reinstall whole operating system.

Did you try to change the state of Real-time file system protection? If the state changes in Security Center UI like on image below it means we can do something in Security Center integration module to workaround this error.

 

image.png

Just tried this.

As expected from prior testing, no such screen displays. Rather Windows Defender is fully activated and shows as such in Windows Security Center.

Share this post


Link to post
Share on other sites

@itman Do you also have issues with integration into Windows Security Center? Does your ESET Event log contain any errors regarding Windows Security Center?

If so please provide aligned Advanced logs and Process Monitor log.

Share this post


Link to post
Share on other sites
Posted (edited)
40 minutes ago, JozefG said:

Do you also have issues with integration into Windows Security Center? Does your ESET Event log contain any errors regarding Windows Security Center?

No.

The message "Eset Security is snoozed" in Windows Security Center is only displayed when "Pause protection" is selected via right button mouse click on the Eset desktop toolbar icon.

When Eset real-time protection is disabled via:

6 hours ago, JozefG said:

Go to Setup -> Computer Protection -> click on the switcher next to Real-time file system protection

This permanently disables Eset's real-time protection causing Windows Defender to startup, register itself in Windows Security Center, and become the active real-time protection.

This is per Win 10 design in the event currently installed third part AV solution malfunctions, is disabled by malware, or the like.

Edited by itman

Share this post


Link to post
Share on other sites
9 hours ago, itman said:

No.

The message "Eset Security is snoozed" in Windows Security Center is only displayed when "Pause protection" is selected via right button mouse click on the Eset desktop toolbar icon.

When Eset real-time protection is disabled via:

This permanently disables Eset's real-time protection causing Windows Defender to startup, register itself in Windows Security Center, and become the active real-time protection.

This is per Win 10 design in the event currently installed third part AV solution malfunctions, is disabled by malware, or the like.

When you click on the switcher there is a dialog where you choose if you want to pause it for some time this way it should always get to Snoozed state.

Only way how to get Defender to kick in is if you uncheck Enable Real-time file system protection in Advanced setup.

Either way if one of those actions is reflected in Windows Security Center UI, there might be a possible workaround around this error.

Share this post


Link to post
Share on other sites
Posted (edited)
7 hours ago, JozefG said:

When you click on the switcher there is a dialog where you choose if you want to pause it for some time this way it should always get to Snoozed state.

Only way how to get Defender to kick in is if you uncheck Enable Real-time file system protection in Advanced setup.

Sorry, I misunderstood you and interpreted what you posted to permanently disable real-time protection.

Yes, your statement in the above first sentence works as described; puts Eset in a "snoozed" state as far as WSC is concerned.

I do recommend however that that Eset real-time scanning be permanently disabled once to test that Windows Defender immediately initializes as I described previously. I for one had an issue with this when I originally upgraded from Win 7 to Win 10 a few years back. As I recollect, it eventually resolved itself after a subsequent Win 10 Feature upgrade.

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...