Jump to content

Recommended Posts

Posted (edited)

Hi,

Quote

Is your computer in domain? 

yes, at CERN domain but it has been at this domain for the las 2 years

Quote

Per the below screen shot, verify that Windows Security Service is running and its Startup type is set to Manual

Done, it is in manual and running

image.thumb.png.92da1402712ff87583a861ac97d67160.png

If i disable the protection from the system tray icon i get the above result.

image.thumb.png.b68997dc9d9243f85a131d9991e66c09.png

If I do it from the Advanced setup it seems to work and stop using nod32 to start using windows defender.

image.thumb.png.722cb609878d1eedded6f901208e25f0.png

and then back to normal.

image.png.8df24dd980becf95f86c8cf7a6243518.png

What is not shown in the static image is that the above options are flickering as if there where updated every 5 seconds

 

Edited by taquionbcn
Posted
2 hours ago, taquionbcn said:

What is not shown in the static image is that the above options are flickering as if there where updated every 5 seconds

It really appears everything is OK with Windows Security Center and Eset's registration of itself within.

I would think that this flickering you are observing is more related to an issue with your graphics card/chip. Or possibly an issue with the driver/s it is using.

Posted

 

Quote

I would think that this flickering you are observing is more related to an issue with your graphics card/chip. Or possibly an issue with the driver/s it is using.

I don't think so, no other flicker anywhere and I do intense use of the nvidia this days, for simulations with cuda and gaming , also if I disable nod32 real -time and windows defender is enabled(automatically) as shown in the second figure of previous post there is no flicker.

Posted
36 minutes ago, taquionbcn said:

 

I don't think so, no other flicker anywhere and I do intense use of the nvidia this days, for simulations with cuda and gaming , also if I disable nod32 real -time and windows defender is enabled(automatically) as shown in the second figure of previous post there is no flicker.

Are you still getting update errors in the Eset Event log?

Posted
15 hours ago, itman said:

Are you still getting update errors in the Eset Event log?

yes

Posted (edited)

At this point, I would say that something in Windows Security Center is corrupted preventing Eset from properly registering there. Also whatever the issue is, it appears that Eset is indeed being initialized in WSC correctly but Eset is not recognizing this and is creating the log entries being observed.

Another possibility is there is an issue for some reason with Eset's ELAM driver. Win 10 verifies that this driver is loaded and functioning properly and this activity is factored into WCS initialization processing.

There also might a permissions issue in regards to Eset being able to access WSC settings, possibly in the Registry, to properly initialize itself in WSC.

I have searched for articles on how to repair WSC and have come up empty. There are articles on how to reset Windows 10 security settings back to default that you might want to try. The final alternative is to run a Win 10 Repair which will keep all your files in place. You will however have to reinstall all your apps including Eset.

Edited by itman
  • ESET Staff
Posted

According to provided PML we know what causes  this access denied.

It is wscsvc failing to open these registry keys on read/write disposition

HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{885D845F-AF19-0124-FECE-FFF49D00F440}
HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{B066057A-E576-007C-D591-56C163D3B33B}

@taquionbcn can you please check the permissions for these registry keys? Both of these keys should inherit permissions from Av and Fw keys respectively. On my virtual machine it looks like this for Av and similarly for Fw.

image.png

Posted

The difference I see is the special permissions, for me is not activated for system, also I don't have wscsvc on the groups&users list.

image.thumb.png.7af45845bdcd9f6b91ed14d379f23e17.png

image.thumb.png.34c096097892525364b2e2df309454f3.png

  • ESET Staff
Posted

@taquionbcn can you please check if parent registry key Av and Fw have correct permissions? Can you also try to enable inheritance?

Posted

ok, that works, windows security windows stop flickering and the events logs of nod32 is not throwing  the status update failure.

Thanks!

Posted (edited)

I see other issues here.

As far as these keys are concerned:

13 hours ago, JozefG said:

HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{885D845F-AF19-0124-FECE-FFF49D00F440} HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{B066057A-E576-007C-D591-56C163D3B33B}

My Groups or use names correspond exactly to what @JozefG posted. Any other entries there are suspect. You might want find something that will set your registry permissions back to Win 10 defaults. Or proceed with a Win 10 repair or fresh install.

Edited by itman
Posted

Hi @itman changing the permissions that @JozefG said did the trick.

When this crisis is passed and I go back to my office I will do a fresh install to do a clean up, this W10 has been installed for 2 years, that's to much time for windows 😉

Thanks.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...