Many bugs in Eset Internet Security 13.2.15.0

[deepblue2000 1]

@itman

so.. I can confirm a success

Windows10 19041.330 and Windows 19042.330

If I disable the "protocol check" in eset, Windows10 Update works again !!!

WindowsUpdate.log with the error:

 

2020.07.13 16:41:28.6891072 3204  3240  Misc            Cert chain length check failed, length=2
2020.07.13 16:41:28.6891087 3204  3240  WebServices     Certificate failed SSL intermediate CA check.
2020.07.13 16:41:28.6891248 3204  3240  WebServices     WS error: Fehler bei der Kommunikation mit dem Endpunkt bei https://fe2cr.update.microsoft.com/v6/ClientWebService/client.asmx"."
2020.07.13 16:41:28.6891269 3204  3240  WebServices     *FAILED* [80240437] Web service call
2020.07.13 16:41:28.6891275 3204  3240  WebServices     Current service auth scheme=0.
2020.07.13 16:41:28.6891279 3204  3240  WebServices     Current Proxy auth scheme=0.
2020.07.13 16:41:28.6949107 3204  3240  SLS             Get response for service 7971F918-A847-4430-9279-4A52D1EFE18D - forceExpire[True] asyncRefreshOnExpiry[False]
2020.07.13 16:41:28.6949298 3204  3240  SLS             path used for cache lookup: /SLS/{7971F918-A847-4430-9279-4A52D1EFE18D}/x64/10.0.19041.329/0?CH=681&L=de-DE&P=&PT=0x30&WUA=10.0.19041.329&MK=To+Be+Filled+By+O.E.M.&MD=To+Be+Filled+By+O.E.M.
2020.07.13 16:41:28.6952377 3204  3240  SLS             Revision Check is on with Environment ID [PrereleaseMUv6LiveProductionPublic-GradualRollout] Revision [5]...
2020.07.13 16:41:28.6952388 3204  3240  SLS             Retrieving SLS response from server using ETAG g6ySNANv+jlqorlHrEPtAurU0qWcZTwJj1PQESSDKjw=_1440"..."
2020.07.13 16:41:28.6956578 3204  3240  SLS             Making request with URL HTTPS://slscr.update.microsoft.com/SLS/{7971F918-A847-4430-9279-4A52D1EFE18D}/x64/10.0.19041.329/0?CH=681&L=de-DE&P=&PT=0x30&WUA=10.0.19041.329&MK=To+Be+Filled+By+O.E.M.&MD=To+Be+Filled+By+O.E.M. and send SLS events.
2020.07.13 16:41:29.9530268 3204  3240  Misc            StatusCode for transaction returned from WinHttpQueryHeaders is 304
2020.07.13 16:41:29.9533677 3204  3240  Misc            Cert chain length check failed, length=2
2020.07.13 16:41:29.9533689 3204  3240  WebServices     Certificate failed SSL intermediate CA check.
2020.07.13 16:41:30.1629162 3204  3240  Misc            Cert chain length check failed, length=2
2020.07.13 16:41:30.1629173 3204  3240  WebServices     Certificate failed SSL intermediate CA check.
2020.07.13 16:41:30.3674781 3204  3240  SLS             Complete the request URL HTTPS://slscr.update.microsoft.com/SLS/{7971F918-A847-4430-9279-4A52D1EFE18D}/x64/10.0.19041.329/0?CH=681&L=de-DE&P=&PT=0x30&WUA=10.0.19041.329&MK=To+Be+Filled+By+O.E.M.&MD=To+Be+Filled+By+O.E.M. with [00000000] and http status code[304] and send SLS events.
2020.07.13 16:41:30.3674980 3204  3240  SLS             *** Potential Failover Scenario ***
2020.07.13 16:41:30.3684995 3204  3240  Misc            Validating signature for C:\WINDOWS\SoftwareDistribution\SLS\7971F918-A847-4430-9279-4A52D1EFE18D\sls.cab with dwProvFlags 0x00000080:
2020.07.13 16:41:30.3704219 3204  3240  Misc            C:\WINDOWS\SoftwareDistribution\SLS\7971F918-A847-4430-9279-4A52D1EFE18D\sls.cab has 1 secondary signatures.
2020.07.13 16:41:30.3747012 3204  3240  Misc             Infrastructure RSA signed: Yes (id=7), ECC signed: Yes (id=12), ECC required: Yes
2020.07.13 16:41:30.3759837 3204  3240  Misc            Validating signature for C:\WINDOWS\SoftwareDistribution\SLS\7971F918-A847-4430-9279-4A52D1EFE18D\TMP1737.tmp with dwProvFlags 0x00000080:
2020.07.13 16:41:30.3775433 3204  3240  Misc            C:\WINDOWS\SoftwareDistribution\SLS\7971F918-A847-4430-9279-4A52D1EFE18D\TMP1737.tmp has 1 secondary signatures.
2020.07.13 16:41:30.3815723 3204  3240  Misc             Infrastructure RSA signed: Yes (id=6), ECC signed: Yes (id=11), ECC required: Yes
2020.07.13 16:41:30.3821966 3204  3240  SLS             Send SLS Discovery Validation [0] event [00000000].
2020.07.13 16:41:30.3822009 3204  3240  SLS             SLS Response was invalid for service 7971F918-A847-4430-9279-4A52D1EFE18D - HTTPStatusCode[304]
2020.07.13 16:41:30.3822050 3204  3240  Misc            *FAILED* [80245006] Method failed [CSLSEndpointProvider::GetWUClientData:2275]
2020.07.13 16:41:30.3822061 3204  3240  Misc            *FAILED* [80245006] EP: get client data
2020.07.13 16:41:30.3822079 3204  3240  Misc            *FAILED* [80245006] Failed to obtain 7971F918-A847-4430-9279-4A52D1EFE18D redir Client/Server URL
2020.07.13 16:41:30.3822108 3204  3240  ProtocolTalker  *FAILED* [80245006] Method failed [CAgentProtocolTalkerContext::DetermineServiceEndpoint:347]
2020.07.13 16:41:30.3822120 3204  3240  ProtocolTalker  *FAILED* [80245006] Method failed [CAgentProtocolTalkerContext::RefreshUrlsFromServer:389]
2020.07.13 16:41:30.3822133 3204  3240  ProtocolTalker  *FAILED* [80245006] SyncUpdates_WithRecovery failed
2020.07.13 16:41:30.3822157 3204  3240  IdleTimer       WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover, operation # 85) stopped; does use network; is at background priority
2020.07.13 16:41:30.3822193 3204  3240  ProtocolTalker  SyncUpdates round trips: 1
2020.07.13 16:41:30.3822199 3204  3240  ProtocolTalker  *FAILED* [80245006] Sync of Updates
2020.07.13 16:41:30.3822254 3204  3240  ProtocolTalker  *FAILED* [80245006] SyncServerUpdatesInternal failed
2020.07.13 16:41:30.3824465 3204  3240  Agent           *FAILED* [80245006] Synchronize
2020.07.13 16:41:30.3837244 3204  3240  Agent           * END * Finding updates CallerId = MoUpdateOrchestrator, Id = 15, Exit code = 0x80245006 (cV = KDjPm/7pA0axewoF.0.1.0.0.2)
2020.07.13 16:41:30.3840305 3204  3240  IdleTimer       WU operation (CSearchCall::Init ID 15, operation # 81) stopped; does use network; is not at background priority
2020.07.13 16:41:30.3841454 3204  10668 Agent           Service 8B24B027-1DEE-BABB-9A95-3517DFB9C552 is in sequential scan list
2020.07.13 16:41:30.3844034 3204  1428  Agent           * END * Queueing Finding updates [CallerId = MoUpdateOrchestrator  Id = 16]
2020.07.13 16:41:30.3845949 3204  1428  Agent           * START * Finding updates CallerId = MoUpdateOrchestrator  Id = 16 (cV = KDjPm/7pA0axewoF.0.1.1.0.2)
2020.07.13 16:41:30.3845962 3204  1428  Agent           Online = Yes; Interactive = Yes; AllowCachedResults = No; Ignore download priority = No
2020.07.13 16:41:30.3845970 3204  1428  Agent           Criteria = CallerProfile='AUv2' and IsInstalled=0 and DeploymentAction='Installation' or IsInstalled=0 and DeploymentAction='OptionalInstallation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1""
2020.07.13 16:41:30.3845986 3204  1428  Agent           ServiceID = {8B24B027-1DEE-BABB-9A95-3517DFB9C552} Third party service
2020.07.13 16:41:30.3845992 3204  1428  Agent           Search Scope = {Machine}
2020.07.13 16:41:30.3846010 3204  1428  Agent           Caller SID for Applicability: S-1-5-21-1900233252-1408748546-213136426-1001
2020.07.13 16:41:30.3846015 3204  1428  Agent           ProcessDriverDeferrals is set
2020.07.13 16:41:30.3891498 10212 9236  ComApi          *RESUMED*   Search ClientId = MoUpdateOrchestrator, ServiceId = 7971F918-A847-4430-9279-4A52D1EFE18D (cV = KDjPm/7pA0axewoF.0.1.0.0)
2020.07.13 16:41:30.3893347 10212 9236  ComApi          Exit code = 0x00000000, Result code = 0x80245006 (cV = KDjPm/7pA0axewoF.0.1.0.0)
2020.07.13 16:41:30.3893373 10212 9236  ComApi          * END *   Search ClientId = MoUpdateOrchestrator, Updates found = 0, ServiceId = 7971F918-A847-4430-9279-4A52D1EFE18D (cV = KDjPm/7pA0axewoF.0.1.0.0)
2020.07.13 16:41:30.4138604 3204  1428  SLS             Get response for service 8B24B027-1DEE-BABB-9A95-3517DFB9C552 - forceExpire[False] asyncRefreshOnExpiry[False]
2020.07.13 16:41:30.4138788 3204  1428  SLS             path used for cache lookup: /SLS/{8B24B027-1DEE-BABB-9A95-3517DFB9C552}/x64/10.0.19041.329/0?CH=681&L=de-DE&P=&PT=0x30&WUA=10.0.19041.329&MK=To+Be+Filled+By+O.E.M.&MD=To+Be+Filled+By+O.E.M.
2020.07.13 16:41:30.4142861 3204  1428  Misc            Got 8B24B027-1DEE-BABB-9A95-3517DFB9C552 redir Client/Server URL: https://fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx""
2020.07.13 16:41:30.4148248 3204  1428  Misc            Token Requested with 0 category IDs.
2020.07.13 16:41:30.4207534 3204  1428  Misc            GetUserTickets: No user tickets found. Returning WU_E_NO_USERTOKEN.
2020.07.13 16:41:30.4220743 3204  1428  Misc            Acquired new token from Server
2020.07.13 16:41:30.4221275 3204  1428  Misc            Got service 8B24B027-1DEE-BABB-9A95-3517DFB9C552 plugin Client/Server auth token of type 0x00000001
2020.07.13 16:41:30.4275429 3204  1428  SLS             Get response for service 8B24B027-1DEE-BABB-9A95-3517DFB9C552 - forceExpire[False] asyncRefreshOnExpiry[False]
2020.07.13 16:41:30.4275608 3204  1428  SLS             path used for cache lookup: /SLS/{8B24B027-1DEE-BABB-9A95-3517DFB9C552}/x64/10.0.19041.329/0?CH=681&L=de-DE&P=&PT=0x30&WUA=10.0.19041.329&MK=To+Be+Filled+By+O.E.M.&MD=To+Be+Filled+By+O.E.M.
2020.07.13 16:41:30.4329252 3204  1428  SLS             Get response for service 8B24B027-1DEE-BABB-9A95-3517DFB9C552 - forceExpire[False] asyncRefreshOnExpiry[False]
2020.07.13 16:41:30.4329275 3204  1428  SLS             path used for cache lookup: /SLS/{8B24B027-1DEE-BABB-9A95-3517DFB9C552}/x64/10.0.19041.329/0?CH=681&L=de-DE&P=&PT=0x30&WUA=10.0.19041.329&MK=To+Be+Filled+By+O.E.M.&MD=To+Be+Filled+By+O.E.M.
2020.07.13 16:41:30.4508776 3204  1428  Driver          Skipping printer driver 8 due to incomplete info or mismatched environment - HWID[(null)] Provider[Adobe] MfgName[Adobe] Name[Adobe PDF Converter] pEnvironment[Windows x64] LocalPrintServerEnv[Windows x64]
2020.07.13 16:41:30.4508796 3204  1428  Driver          Skipping printer driver 9 due to incomplete info or mismatched environment - HWID[microsoftmicrosoft_musd] Provider[Microsoft] MfgName[Microsoft] Name[Microsoft enhanced Point and Print compatibility driver] pEnvironment[Windows NT x86] LocalPrintServerEnv[Windows x64]
2020.07.13 16:41:30.5668280 3204  1428  ProtocolTalker  ServiceId = {8B24B027-1DEE-BABB-9A95-3517DFB9C552}, Server URL = https://fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx
2020.07.13 16:41:30.5671740 3204  1428  ProtocolTalker  PT: Calling GetConfig on server
2020.07.13 16:41:30.5671787 3204  1428  IdleTimer       WU operation (CAgentProtocolTalker::GetConfig_WithRecovery) started; operation # 86; does use network; is at background priority
2020.07.13 16:41:30.5671897 3204  1428  WebServices     Auto proxy settings for this web service call.
2020.07.13 16:41:31.4497225 3204  1428  Misc            Cert chain length check failed, length=2
2020.07.13 16:41:31.4497235 3204  1428  WebServices     Certificate failed SSL intermediate CA check.
2020.07.13 16:41:31.4497413 3204  1428  WebServices     WS error: Fehler bei der Kommunikation mit dem Endpunkt bei https://fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx"."
2020.07.13 16:41:31.4497440 3204  1428  WebServices     *FAILED* [80240437] Web service call
2020.07.13 16:41:31.4497446 3204  1428  WebServices     Current service auth scheme=0.
2020.07.13 16:41:31.4497451 3204  1428  WebServices     Current Proxy auth scheme=0.
2020.07.13 16:41:33.4538682 3204  1428  WebServices     Auto proxy settings for this web service call.
2020.07.13 16:41:34.0438653 3204  1428  Misc            Cert chain length check failed, length=2
2020.07.13 16:41:34.0438663 3204  1428  WebServices     Certificate failed SSL intermediate CA check.
2020.07.13 16:41:34.0438814 3204  1428  WebServices     WS error: Fehler bei der Kommunikation mit dem Endpunkt bei https://fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx"."
2020.07.13 16:41:34.0438836 3204  1428  WebServices     *FAILED* [80240437] Web service call
2020.07.13 16:41:34.0438842 3204  1428  WebServices     Current service auth scheme=0.
2020.07.13 16:41:34.0438847 3204  1428  WebServices     Current Proxy auth scheme=0.
2020.07.13 16:41:36.0448758 3204  1428  WebServices     Auto proxy settings for this web service call.
2020.07.13 16:41:36.6347306 3204  1428  Misc            Cert chain length check failed, length=2
2020.07.13 16:41:36.6347316 3204  1428  WebServices     Certificate failed SSL intermediate CA check.
2020.07.13 16:41:36.6347482 3204  1428  WebServices     WS error: Fehler bei der Kommunikation mit dem Endpunkt bei https://fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx"."
2020.07.13 16:41:36.6347515 3204  1428  WebServices     *FAILED* [80240437] Web service call
2020.07.13 16:41:36.6347522 3204  1428  WebServices     Current service auth scheme=0.
2020.07.13 16:41:36.6347526 3204  1428  WebServices     Current Proxy auth scheme=0.
2020.07.13 16:41:36.6347562 3204  1428  IdleTimer       WU operation (CAgentProtocolTalker::GetConfig_WithRecovery, operation # 86) stopped; does use network; is at background priority
2020.07.13 16:41:36.6405764 3204  1428  SLS             Get response for service 8B24B027-1DEE-BABB-9A95-3517DFB9C552 - forceExpire[True] asyncRefreshOnExpiry[False]
2020.07.13 16:41:36.6405937 3204  1428  SLS             path used for cache lookup: /SLS/{8B24B027-1DEE-BABB-9A95-3517DFB9C552}/x64/10.0.19041.329/0?CH=681&L=de-DE&P=&PT=0x30&WUA=10.0.19041.329&MK=To+Be+Filled+By+O.E.M.&MD=To+Be+Filled+By+O.E.M.
2020.07.13 16:41:36.6409203 3204  1428  SLS             Revision Check is on with Environment ID [FlightingDCatProdRS5_VB] Revision [1]...
2020.07.13 16:41:36.6409214 3204  1428  SLS             Retrieving SLS response from server using ETAG LD1is+Zx0Ehzw838wQJWynKSuQgPVrC3GTlkPr4QQw4=_1440"..."
2020.07.13 16:41:36.6413143 3204  1428  SLS             Making request with URL HTTPS://slscr.update.microsoft.com/SLS/{8B24B027-1DEE-BABB-9A95-3517DFB9C552}/x64/10.0.19041.329/0?CH=681&L=de-DE&P=&PT=0x30&WUA=10.0.19041.329&MK=To+Be+Filled+By+O.E.M.&MD=To+Be+Filled+By+O.E.M. and send SLS events.
2020.07.13 16:41:37.4743562 3204  1428  Misc            StatusCode for transaction returned from WinHttpQueryHeaders is 304
2020.07.13 16:41:37.4745800 3204  1428  Misc            Cert chain length check failed, length=2
2020.07.13 16:41:37.4745813 3204  1428  WebServices     Certificate failed SSL intermediate CA check.
2020.07.13 16:41:37.6838039 3204  1428  Misc            Cert chain length check failed, length=2
2020.07.13 16:41:37.6838053 3204  1428  WebServices     Certificate failed SSL intermediate CA check.
2020.07.13 16:41:37.8914051 3204  1428  SLS             Complete the request URL HTTPS://slscr.update.microsoft.com/SLS/{8B24B027-1DEE-BABB-9A95-3517DFB9C552}/x64/10.0.19041.329/0?CH=681&L=de-DE&P=&PT=0x30&WUA=10.0.19041.329&MK=To+Be+Filled+By+O.E.M.&MD=To+Be+Filled+By+O.E.M. with [00000000] and http status code[304] and send SLS events.
2020.07.13 16:41:37.8914239 3204  1428  SLS             *** Potential Failover Scenario ***
2020.07.13 16:41:37.8924064 3204  1428  Misc            Validating signature for C:\WINDOWS\SoftwareDistribution\SLS\8B24B027-1DEE-BABB-9A95-3517DFB9C552\sls.cab with dwProvFlags 0x00000080:
2020.07.13 16:41:37.8942892 3204  1428  Misc            C:\WINDOWS\SoftwareDistribution\SLS\8B24B027-1DEE-BABB-9A95-3517DFB9C552\sls.cab has 1 secondary signatures.
2020.07.13 16:41:37.8986116 3204  1428  Misc             Infrastructure RSA signed: Yes (id=8), ECC signed: Yes (id=13), ECC required: Yes
2020.07.13 16:41:37.8999314 3204  1428  Misc            Validating signature for C:\WINDOWS\SoftwareDistribution\SLS\8B24B027-1DEE-BABB-9A95-3517DFB9C552\TMP3494.tmp with dwProvFlags 0x00000080:
2020.07.13 16:41:37.9014818 3204  1428  Misc            C:\WINDOWS\SoftwareDistribution\SLS\8B24B027-1DEE-BABB-9A95-3517DFB9C552\TMP3494.tmp has 1 secondary signatures.
2020.07.13 16:41:37.9055053 3204  1428  Misc             Infrastructure RSA signed: Yes (id=6), ECC signed: Yes (id=11), ECC required: Yes
2020.07.13 16:41:37.9061511 3204  1428  SLS             Send SLS Discovery Validation [0] event [00000000].
2020.07.13 16:41:37.9061567 3204  1428  SLS             SLS Response was invalid for service 8B24B027-1DEE-BABB-9A95-3517DFB9C552 - HTTPStatusCode[304]
2020.07.13 16:41:37.9061601 3204  1428  Misc            *FAILED* [80245006] Method failed [CSLSEndpointProvider::GetWUClientData:2275]
2020.07.13 16:41:37.9061611 3204  1428  Misc            *FAILED* [80245006] EP: get client data
2020.07.13 16:41:37.9061634 3204  1428  Misc            *FAILED* [80245006] Failed to obtain 8B24B027-1DEE-BABB-9A95-3517DFB9C552 redir Client/Server URL
2020.07.13 16:41:37.9061656 3204  1428  ProtocolTalker  *FAILED* [80245006] Method failed [CAgentProtocolTalkerContext::DetermineServiceEndpoint:347]
2020.07.13 16:41:37.9061668 3204  1428  ProtocolTalker  *FAILED* [80245006] Method failed [CAgentProtocolTalkerContext::RefreshUrlsFromServer:389]
2020.07.13 16:41:37.9061678 3204  1428  ProtocolTalker  *FAILED* [80245006] GetConfig_WithRecovery failed
2020.07.13 16:41:37.9061688 3204  1428  ProtocolTalker  *FAILED* [80245006] RefreshConfig failed
2020.07.13 16:41:37.9061697 3204  1428  ProtocolTalker  *FAILED* [80245006] RefreshPTState failed
2020.07.13 16:41:37.9061714 3204  1428  ProtocolTalker  SyncUpdates round trips: 0
2020.07.13 16:41:37.9061720 3204  1428  ProtocolTalker  *FAILED* [80245006] Sync of Updates
2020.07.13 16:41:37.9061748 3204  1428  ProtocolTalker  *FAILED* [80245006] SyncServerUpdatesInternal failed
2020.07.13 16:41:37.9063965 3204  1428  Agent           *FAILED* [80245006] Synchronize
2020.07.13 16:41:37.9076483 3204  1428  Agent           * END * Finding updates CallerId = MoUpdateOrchestrator, Id = 16, Exit code = 0x80245006 (cV = KDjPm/7pA0axewoF.0.1.1.0.2)

 

Edited July 14, 2020 by deepblue2000

[r1man 3]

Are you on Insider builds on Windows? Because the latest version of Windows is:

[Peter Randziak 1,130]

@deepblue2000 

so can you please provide us with the logs as requested:

  15 hours ago, Marcos said:

In case you're able to reproduce it, it'd be great if you could generate an advanced protocol filtering log (adv. setup -> tools -> diagnostics) prior to starting update that would fail. Microsoft's communication is excluded from filtering in case of HTTPS, maybe updates were downloaded via HTTP in your case and something went wrong. The issue would require further investigation to determine the root cause of the error.

Enable the logging, reproduce the issue, disable the logging and share with us the output so we can check it.

Peter

[deepblue2000 1]

@r1man

I was on 19041.329 .. cause of the windows update error I downloaded the cumlative update to .330
that didnt work too, so I did upgrade to 19042.330 (Microsoft published it)

@Peter Randziak
here is the advanced diagnotstics protocol filter log:

advanced_diag_logl.zip

Edited July 14, 2020 by deepblue2000

[Marcos 5,074]

Could you please check if temporarily disabling startup scan tasks and rebooting the machine make the issue go away?

[itman 1,659]

4 hours ago, deepblue2000 said:

WindowsUpdate.log with the error:

I really see nothing in the log pointing to failure of Win Updating due to a certificate error. Normally if there is a certificate problem there, it will be shown on the attempted connection to MS update servers as shown here: https://answers.microsoft.com/en-us/windows/forum/windows_10-update/windows-10-update-error-certificate-used-for-ssl/4c9e6867-fea3-422f-ae06-fd25d26ff5b4

Most of the certificate errors in the above posted log relate to WebServices. And those reference an issue with the intermediate root certificate. Win will defer to Win intermediate root CA store for the certificate or download it as needed. With Eset SSL/TLS protocol filtering enabled, use of intermediate certificate is N/A and Eset's root CA store certificate is used instead.

Is the network connection using a proxy or a VPN connection?

Edited July 14, 2020 by itman

[SlashRose 25]

I just played today's MS Patches, nothing was blocked by Eset!

[deepblue2000 1]

so back on PC today...

everything is working again.

[Peter Randziak 1,130]

On 7/15/2020 at 3:39 PM, deepblue2000 said:

so back on PC today...

everything is working again.

Glad the issue is resolved for you and thank you for keeping us posted.

Peter

[funzee 0]

Still have the issues when the filtering is enabled. Error (0x80245006).
I hope this time my logsa are correct:
https://drive.google.com/drive/u/0/folders/1qJ7-MfaQ76Le7FAynHBBNy9AQY3RRoh2

[Marcos 5,074]

On 8/15/2020 at 4:03 PM, funzee said:

Still have the issues when the filtering is enabled. Error (0x80245006).
I hope this time my logsa are correct:
https://drive.google.com/drive/u/0/folders/1qJ7-MfaQ76Le7FAynHBBNy9AQY3RRoh2

Access must be requested. Please drop me a personal message with a link to logs that I can download without requesting access.

[local 0]

On 7/12/2020 at 9:30 AM, Marcos said:

As for a bug-free software, there's nothing like that. We don't live in a perfect world and every software maker releases new versions and updates to address reported issues. Even Microsoft releases monthly updates with fixes.

We do not live in a perfect world , but the expectation from a new version it is not to fix 5 bugs from previous version and create 10 new on its own.

ESET is growing in complexity beyond the capability of a regular user to handle it, with over 120 possible settings altogether.

At the same time some other vendors (Avira for example) can manage with just several setting to get 100% on AV Comparatives.

[funzee 0]

11 hours ago, Marcos said:

Access must be requested. Please drop me a personal message with a link to logs that I can download without requesting access.

Ah, sorry for inconvenience. Direct message told me that you cannot receive messages. So here is the updated link:
https://drive.google.com/file/d/11v1nirNr2rr1UkAe0pxL70_3osqFHi6_/view?usp=sharing

[funzee 0]

On 8/16/2020 at 11:07 PM, Marcos said:

Access must be requested. Please drop me a personal message with a link to logs that I can download without requesting access.

@Marcos I cannot send you direct message because of error.
Any update on this? (look for previous message)

[Marcos 5,074]

On 8/19/2020 at 12:00 PM, funzee said:

@Marcos I cannot send you direct message because of error.
Any update on this? (look for previous message)

A ticket has been created for developers. Will keep you posted. What you could do is temporarily switch to interactive SSL scanner mode, run Windows update and choose to ignore the communication and remember the action for the certificate when prompted. Afterwards you can switch back to automatic mode.

[Marcos 5,074]

On 8/19/2020 at 12:00 PM, funzee said:

@Marcos I cannot send you direct message because of error.
Any update on this? (look for previous message)

Please provide ELC logs since we didn't get your configuration. It appears that TLC communication of svchost.exe is filtered which doesn't happen with default settings.  Also please enclose the output of running the following commands:

tasklist /svc

systeminfo

[funzee 0]

On 9/2/2020 at 3:58 PM, Marcos said:

Please provide ESET Log Collector logs since we didn't get your configuration. It appears that TLC communication of svchost.exe is filtered which doesn't happen with default settings.  Also please enclose the output of running the following commands:

tasklist /svc

systeminfo

sent you DM

[itman 1,659]

On 9/2/2020 at 8:58 AM, Marcos said:

It appears that TLC communication of svchost.exe is filtered which doesn't happen with default settings. 

It is on my EIS 13.2.18 build along with System and everything else running on PC it appears:

 

[Marcos 5,074]

Please change the scan action for svchost.exe from "Scan" to "Auto" and let us know if it resolves the issue:

[funzee 0]

10 minutes ago, Marcos said:

Please change the scan action for svchost.exe from "Scan" to "Auto" and let us know if it resolves the issue:

Yep, worked for me. Thank you. Was not aware of that the svchost was in scan "mode" not auto.

[Marcos 5,074]

Developers would like you to temporarily change the setting back to Scan for svchost.exe, reproduce the issue and then provide the output of running the commands

tasklist /svc

systeminfo