FRiC 10 Posted October 28, 2020 Share Posted October 28, 2020 I noticed today that some of our computers are showing no virus provider in Windows Security. EES is current 7.3.2041.0 and there's nothing obvious in ESMC or in the logs. It seems random since all of our computers are domain joined Windows 10, Version 2004 and there doesn't seem to be anything special about the ones that are showing this warning. Anyone seeing anything like this? Thanks. Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted October 28, 2020 ESET Staff Share Posted October 28, 2020 @FRiC Please make sure you have latest Security Center integration module 1026.1 present. Can you also post screenshot of Manage providers in WSC UI? Link to comment Share on other sites More sharing options...
FRiC 10 Posted October 28, 2020 Author Share Posted October 28, 2020 Hi, it appears integration module is at 1026.1. Security providers says ESET Security is turned off. I tried restarting some of the computers experiencing this issue and it seems to come and go randomly. I'll check on more computers. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted October 28, 2020 Administrators Share Posted October 28, 2020 There's something fishy going on. Last update on Oct 28, 2563? Please set a correct system date and reboot the machine. You may get a notification in gui about outdated modules then which should fix automatically after the next module update. Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted October 28, 2020 ESET Staff Share Posted October 28, 2020 @FRiC please provide ETL logs created by In case of default installation it should be present in C:\ProgramData\ESET\ESET Security\Diagnostics folder. Link to comment Share on other sites More sharing options...
FRiC 10 Posted October 28, 2020 Author Share Posted October 28, 2020 @Marcos Yeah, we're based in Southeast Asia and it's Buddhist year 2563 here. The date format is set by regional format and if I change the format to English (US) the date automatically changes from 28/10/2563 to 10/28/2020. Just to be sure I tried changing regional format but the problem persists. @JozefG ETL files attached. Thanks. ekrn.zip Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted October 28, 2020 ESET Staff Share Posted October 28, 2020 @FRiC according to the log we tried to update status for AV provider and we got this HRESULT 0x8000000a(E_PENDING). For us this means our request was queued by wscsvc and it will be handled. Firewall updates are working correctly. However in your case it looks like wscsvc has some issue with too many requests or something. IIRC this E_PENDING is usually seen around wscsvc start. Peter Randziak 1 Link to comment Share on other sites More sharing options...
FRiC 10 Posted October 28, 2020 Author Share Posted October 28, 2020 @JozefG Do you mean it's just a display issue in Windows Security Center? EES seems to be working fine otherwise. I would've never noticed the issue if I had not sat down at a user's computer on a completely unrelated issue and happened to see the red cross on the WSC tray icon. Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted October 28, 2020 ESET Staff Share Posted October 28, 2020 @FRiC it is either display issue or there is something happening with Windows Security Center service (wscsvc). It is the source of data for UI, hard to say what could be the cause of issue since Firewall and Manage providers seems to get the data. You can try if manual change of RTFS state in our GUI will update it. Also can I ask you for ELC log? I might want to take a deeper look into this issue Link to comment Share on other sites More sharing options...
FRiC 10 Posted October 28, 2020 Author Share Posted October 28, 2020 @JozefG Hi, the ESET Log Collector log is over 100 MB so I've uploaded here. If there's an alternate file transfer site I should use please let me know. Thanks. Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted October 28, 2020 ESET Staff Share Posted October 28, 2020 @FRiC Something is really weird going on here. There is just too many ETL logs. Also according to Application event log 10/28/2020 12:28:58 PM The Windows Security Center Service has started. ... 10/28/2020 12:31:30 PM The Windows Security Center Service has stopped. 10/28/2020 12:34:38 PM The Windows Security Center Service has started. 10/28/2020 12:34:38 PM Updated ESET Security status successfully to SECURITY_PRODUCT_STATE_ON. 10/28/2020 12:34:40 PM Updated ESET Firewall status successfully to SECURITY_PRODUCT_STATE_ON. 10/28/2020 12:43:23 PM The Windows Security Center Service has stopped. 10/28/2020 12:47:20 PM The Windows Security Center Service has started. 10/28/2020 12:47:21 PM Updated ESET Security status successfully to SECURITY_PRODUCT_STATE_ON. 10/28/2020 12:47:22 PM Updated ESET Security status successfully to SECURITY_PRODUCT_STATE_OFF. 10/28/2020 12:47:22 PM Updated ESET Firewall status successfully to SECURITY_PRODUCT_STATE_ON. 10/28/2020 1:26:24 PM The Windows Security Center Service has started. 10/28/2020 1:26:24 PM Updated ESET Firewall status successfully to SECURITY_PRODUCT_STATE_ON. 10/28/2020 1:26:24 PM Updated ESET Security status successfully to SECURITY_PRODUCT_STATE_ON. according to system event log there seems to be reboots triggered 10/28/2020 12:25:53 PM The process C:\Windows\System32\RuntimeBroker.exe (RMP01) has initiated the restart of computer RMP01 on behalf of user RMP01\itp for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: restart Comment: 10/28/2020 12:31:22 PM The process C:\Windows\System32\RuntimeBroker.exe (RMP01) has initiated the restart of computer RMP01 on behalf of user RMP01\itp for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: restart Comment: Is the machine rebooting by itself? Link to comment Share on other sites More sharing options...
FRiC 10 Posted October 28, 2020 Author Share Posted October 28, 2020 Sorry, the machine wasn't rebooting by itself. I was rebooting it manually to see if the problem would go away when I changed settings (regional format mentioned above). The computer also got shut down at the end of the work day. I could run the log collector on another computer if necessary. Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted October 29, 2020 ESET Staff Share Posted October 29, 2020 (edited) @FRiC Can you please put machine to normal state and create ETL log from boot until the issue manifests? Do you happen to have some ESMC policy sent to application that could disable RTFS? Also it seems that you have Defender disabled via GPO(not critical issue). Edit: send please ELC log so I can see event logs Edited October 29, 2020 by JozefG Link to comment Share on other sites More sharing options...
Solution FRiC 10 Posted December 15, 2020 Author Solution Share Posted December 15, 2020 In case anyone runs into this problem in the future. The reason was that Windows Defender Antivirus was disabled by GPO. It had always been disabled so maybe something in Windows 10 changed recently. Changing the policy to Not Configured fixed everything. Link to comment Share on other sites More sharing options...
Recommended Posts