Jump to content

Recommended Posts

Posted
1 hour ago, gustlik102 said:

Yes, but as far as I can see, Windows try to restore this file from WinSxS after delete from SysWOW64. When ESET try to replace this file after restore from Windows repository, you got access denied information, because TrustedInstaller is above SYSTEM user (SYSTEM have read only permission to this file). It is no problem when ESET didn't clean this file also in WinSxS. If ESET clean also this file in this folder, Windows will restore empty VBS file and ESET cannot replace it to correct file.

When I restore items from quarantine, restore item task has failed on every PC..

Posted
23 minutes ago, VlP said:

When I restore items from quarantine, restore item task has failed on every PC..

Same here, luckily only about 30 computers. But the files are fairly important, as they are used to add the Windows 7 extended ESU license each year.
C:\windows\system32\slmgr.vbs
C:\windows\sysWOW64\slmgr.vbs

Task failed error:  CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges.

Posted

What virus signature version was the culprit and which version fixes this issue?  You made a lot of folks in a healthcare setting very upset with the Ryuk nonsense going on.

Posted
21 minutes ago, GregA said:

Same here, luckily only about 30 computers. But the files are fairly important, as they are used to add the Windows 7 extended ESU license each year.
C:\windows\system32\slmgr.vbs
C:\windows\sysWOW64\slmgr.vbs

Task failed error:  CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges.

Why are the files on Windows 10 machines?

Posted

I have the same problem with 2 detections of: VBS / Trojan.Banload.fa
I am waiting for the update.

  • Administrators
Posted
3 minutes ago, bigdata said:

I have the same problem with 2 detections of: VBS / Trojan.Banload.fa
I am waiting for the update.

An automatic module update with a fix was released 3 hours ago.

Posted

there is a problem i'm on eset internet security and no update is available.
I just analyzed my system.
I'll send you a screen in 5 minutes.

Posted
3 minutes ago, Marcos said:

An automatic module update with a fix was released 3 hours ago.

How do you define fix? People are not able to restore these from quarantine. Will the restore work after the fix rolls out?

Posted
8 minutes ago, VlP said:

Why are the files on Windows 10 machines?

slmgr.vbs is part of the licensing subsystem for all Windows versions.  If you are in a KMS environment you are pretty familiar with executing that file.  I imagine MS leveraged that file for adding the license to extend your Windows 7 support.

Posted

When I restored my file that was affected it disappeared again from the folder after a while. I managed to then restore it using a restore point from windows. It's now back in the folder and I hope this means everything is okay now.

Posted
42 minutes ago, GregA said:

Same here, luckily only about 30 computers. But the files are fairly important, as they are used to add the Windows 7 extended ESU license each year.
C:\windows\system32\slmgr.vbs
C:\windows\sysWOW64\slmgr.vbs

Task failed error:  CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges.

The same here. Unable to restore.

Posted
1 minute ago, karlisi said:

The same here. Unable to restore.

Try running the following:

 

C:\> sfc /scannow

 

This is the Windows system file checker, should identify missing files and replace them.

Posted
8 minutes ago, Ravenia said:

I managed to then restore it using a restore point from windows. It's now back in the folder and I hope this means everything is okay now.

I also believe that running sfc /scannow from admin command prompt window will also restore the file/s.

Posted
1 minute ago, rsf71 said:

Try running the following:

 

C:\> sfc /scannow

 

This is the Windows system file checker, should identify missing files and replace them.

On 30+ computers in 20 remote locations? 

Posted
1 minute ago, karlisi said:

On 30+ computers in 20 remote locations? 

There is no whining in I/T.

Posted (edited)
13 minutes ago, karlisi said:

On 30+ computers in 20 remote locations? 

One thing I am wondering is if copying slmgr.vbs  from System32 directory to SysWOW32  directory will fix this issue? File sizes are identical and the .vbs script is plain text.

Also and most important, is the .vbs file missing from the SysWOW32 directory a major issue for anyone running Win 64 bit version? I assume Win will use the .vbs script in System32 directory for any license validations

Edited by itman
Posted

SFC /SCANNOW is not replacing the files. It's unable to repair the files because they're missing, and ESET is saying a restore from quarantine is failing from my ESMC server.

Posted (edited)

I no longer have detection with the scan (probably because they are in quarantine :))
See the screen (in french !)
 

I can't restore these files

image.thumb.png.72b54a2c266ece596da2e8a761d1e0d6.png

Edited by bigdata
Posted

ESET SMC is showing 500 detections and no actions taken. Will these detections be removed automatically or do I need to clear them manually?

Posted
11 minutes ago, bigdata said:

I no longer have detection with the scan (probably because they are in quarantine :))
See the screen (in french !)
 

I can't restore these files

image.thumb.png.72b54a2c266ece596da2e8a761d1e0d6.png

First, see if the files are aviablein the system32 or syswow64 location.

I have the same error, but the files are still there :-)

Best regards from switzerland

David

Posted

DISM /Online /Cleanup-Image /RestoreHealth 

This is what fixed the corrupt files.

Posted
3 hours ago, Marcos said:

Please collect logs with ESET Log Collector and upload the generated archive here. Basically whenever an operation is performed with files, the files are first quarantined (ie. a backup copy is created in encrypted form) and only then files are cleaned or deleted. The ESET Log Collector logs should shed more light.

Okay, I did that, and the file quar_info.txt indicates that the files are in quarantine in "C:\WINDOWS\system32\config\systemprofile\AppData\Local\ESET\ESET Security\Quarantine\".

How do I get them back?

  • Administrators
Posted

You should be able to restore the files unless they were detected in the c:\windows\winsxs folder where only TrustedInstaller has permissions to write.

Posted
44 minutes ago, Marcos said:

You should be able to restore the files unless they were detected in the c:\windows\winsxs folder where only TrustedInstaller has permissions to write.

That is not the case however.
Try restore this... file://C:\windows\system32\slmgr.vbs
And get this.... Task failed: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges.
Am I in the wrong forum? Should I be posting this in Remote Management section instead since it's multiple computers?

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...