taquionbcn 0 Posted April 4, 2020 Author Posted April 4, 2020 (edited) Hi, Quote Is your computer in domain? yes, at CERN domain but it has been at this domain for the las 2 years Quote Per the below screen shot, verify that Windows Security Service is running and its Startup type is set to Manual Done, it is in manual and running If i disable the protection from the system tray icon i get the above result. If I do it from the Advanced setup it seems to work and stop using nod32 to start using windows defender. and then back to normal. What is not shown in the static image is that the above options are flickering as if there where updated every 5 seconds Edited April 4, 2020 by taquionbcn
itman 1,806 Posted April 4, 2020 Posted April 4, 2020 2 hours ago, taquionbcn said: What is not shown in the static image is that the above options are flickering as if there where updated every 5 seconds It really appears everything is OK with Windows Security Center and Eset's registration of itself within. I would think that this flickering you are observing is more related to an issue with your graphics card/chip. Or possibly an issue with the driver/s it is using.
taquionbcn 0 Posted April 4, 2020 Author Posted April 4, 2020 Quote I would think that this flickering you are observing is more related to an issue with your graphics card/chip. Or possibly an issue with the driver/s it is using. I don't think so, no other flicker anywhere and I do intense use of the nvidia this days, for simulations with cuda and gaming , also if I disable nod32 real -time and windows defender is enabled(automatically) as shown in the second figure of previous post there is no flicker.
itman 1,806 Posted April 4, 2020 Posted April 4, 2020 36 minutes ago, taquionbcn said: I don't think so, no other flicker anywhere and I do intense use of the nvidia this days, for simulations with cuda and gaming , also if I disable nod32 real -time and windows defender is enabled(automatically) as shown in the second figure of previous post there is no flicker. Are you still getting update errors in the Eset Event log?
taquionbcn 0 Posted April 5, 2020 Author Posted April 5, 2020 15 hours ago, itman said: Are you still getting update errors in the Eset Event log? yes
itman 1,806 Posted April 5, 2020 Posted April 5, 2020 (edited) At this point, I would say that something in Windows Security Center is corrupted preventing Eset from properly registering there. Also whatever the issue is, it appears that Eset is indeed being initialized in WSC correctly but Eset is not recognizing this and is creating the log entries being observed. Another possibility is there is an issue for some reason with Eset's ELAM driver. Win 10 verifies that this driver is loaded and functioning properly and this activity is factored into WCS initialization processing. There also might a permissions issue in regards to Eset being able to access WSC settings, possibly in the Registry, to properly initialize itself in WSC. I have searched for articles on how to repair WSC and have come up empty. There are articles on how to reset Windows 10 security settings back to default that you might want to try. The final alternative is to run a Win 10 Repair which will keep all your files in place. You will however have to reinstall all your apps including Eset. Edited April 5, 2020 by itman
ESET Staff JozefG 10 Posted April 6, 2020 ESET Staff Posted April 6, 2020 According to provided PML we know what causes this access denied. It is wscsvc failing to open these registry keys on read/write disposition HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{885D845F-AF19-0124-FECE-FFF49D00F440} HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{B066057A-E576-007C-D591-56C163D3B33B} @taquionbcn can you please check the permissions for these registry keys? Both of these keys should inherit permissions from Av and Fw keys respectively. On my virtual machine it looks like this for Av and similarly for Fw.
taquionbcn 0 Posted April 6, 2020 Author Posted April 6, 2020 The difference I see is the special permissions, for me is not activated for system, also I don't have wscsvc on the groups&users list.
ESET Staff JozefG 10 Posted April 6, 2020 ESET Staff Posted April 6, 2020 @taquionbcn can you please check if parent registry key Av and Fw have correct permissions? Can you also try to enable inheritance? taquionbcn 1
taquionbcn 0 Posted April 6, 2020 Author Posted April 6, 2020 ok, that works, windows security windows stop flickering and the events logs of nod32 is not throwing the status update failure. Thanks!
itman 1,806 Posted April 6, 2020 Posted April 6, 2020 (edited) I see other issues here. As far as these keys are concerned: 13 hours ago, JozefG said: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{885D845F-AF19-0124-FECE-FFF49D00F440} HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{B066057A-E576-007C-D591-56C163D3B33B} My Groups or use names correspond exactly to what @JozefG posted. Any other entries there are suspect. You might want find something that will set your registry permissions back to Win 10 defaults. Or proceed with a Win 10 repair or fresh install. Edited April 6, 2020 by itman
taquionbcn 0 Posted April 6, 2020 Author Posted April 6, 2020 Hi @itman changing the permissions that @JozefG said did the trick. When this crisis is passed and I go back to my office I will do a fresh install to do a clean up, this W10 has been installed for 2 years, that's to much time for windows 😉 Thanks.
Recommended Posts