VanBuran 2 Posted November 11, 2020 Share Posted November 11, 2020 Sometimes I get the above notifications after rebooting as shown in the attachment. I check ESET and it is on. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted November 11, 2020 Administrators Share Posted November 11, 2020 Are you getting warnings that registration to Windows Security Center failed in the event log? Link to comment Share on other sites More sharing options...
VanBuran 2 Posted November 11, 2020 Author Share Posted November 11, 2020 10 minutes ago, Marcos said: Are you getting warnings that registration to Windows Security Center failed in the event log? Thanks for the reply. Where and for what must I look? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted November 11, 2020 Administrators Share Posted November 11, 2020 Please carry on as follows: - enable advanced logging under Help and support -> Details for technical support - reboot the machine - disable logging If the issue occurred, collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
VanBuran 2 Posted November 11, 2020 Author Share Posted November 11, 2020 Thanks, I will wait for the next time it happens. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted November 11, 2020 Most Valued Members Share Posted November 11, 2020 Also what version are you using. I know some older versions had some issues in the past Link to comment Share on other sites More sharing options...
VanBuran 2 Posted November 11, 2020 Author Share Posted November 11, 2020 8 minutes ago, peteyt said: Also what version are you using. I know some older versions had some issues in the past Latest,Ver.14.0.22.0 Link to comment Share on other sites More sharing options...
jfksdt45245 0 Posted November 11, 2020 Share Posted November 11, 2020 I am encountering similar issues of conflict between Windows Defender and ESET lately, since a recent Windows update which I believe made Defender more intrusive/difficult to disable permanently... https://www.techradar.com/news/microsoft-explains-why-it-wont-let-you-disable-this-annoying-windows-10-feature-any-more Windows Security Center often showing Defender is enabled and ESET is disabled, even though ESET is properly active. VanBuran, you should run "msconfig" and see if Defender is launching at startup, then uncheck it. It seems to be the root of the problem. It seemed to have fixed the issues for me for the last few days, but today, it happened again even though Defender was disabled from startup. It's becoming very annoying, I hope the ESET will look into this. Link to comment Share on other sites More sharing options...
itman 1,749 Posted November 11, 2020 Share Posted November 11, 2020 34 minutes ago, jfksdt45245 said: Windows Security Center often showing Defender is enabled and ESET is disabled, even though ESET is properly active. Anyone having this issue. Open Win Task Manager or Process Explorer if you previously downloaded it. Verify that MsMpEng.exe is running. If it is not, then the issue is Windows Security Center is bogus showing WD is active when it is not. If MsMpEng.exe is running, then both WD and Eset real-time solutions are running concurrently. Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted November 11, 2020 ESET Staff Share Posted November 11, 2020 @jfksdt45245 Please if you are able to reproduce the issue continue according to @Marcos response. Those logs could tell us closely what is happening. Also that registry key should not be issue as we use dedicated private Windows API. Link to comment Share on other sites More sharing options...
VanBuran 2 Posted November 11, 2020 Author Share Posted November 11, 2020 jfksdt45245 It seemed to have fixed the issues for me for the last few days, but today, it happened again even though Defender was disabled from startup. It's becoming very annoying, I hope the ESET will look into this. Yes, Windows Defender and Defender Firewall are set to run in msconfig. Link to comment Share on other sites More sharing options...
VanBuran 2 Posted November 13, 2020 Author Share Posted November 13, 2020 eis_logs.zip Herewith the log. Hope it helps Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted November 13, 2020 ESET Staff Share Posted November 13, 2020 1 hour ago, VanBuran said: Herewith the log. Hope it helps According to logs last attempt was correct and we should be both on. Is it like that? There is visible one reporting of Off state from today morning. It seems you started logging after it happened. Off is usually tied with disabling of RTFS in advanced setup or if the license is expired and there is outdated detection engine. Please turn on this logging and try to reproduce it after it is reproduced turn it off and collect via LogCollector. Link to comment Share on other sites More sharing options...
VanBuran 2 Posted November 13, 2020 Author Share Posted November 13, 2020 Thanks for the reply. I have turned on Advanced Logging, but as I said in my original post, the notification comes infrequently. Link to comment Share on other sites More sharing options...
VanBuran 2 Posted November 13, 2020 Author Share Posted November 13, 2020 "According to logs last attempt was correct and we should be both on. Is it like that?" Sorry missed that. Eset is on Defender is off. Link to comment Share on other sites More sharing options...
VanBuran 2 Posted November 15, 2020 Author Share Posted November 15, 2020 Had this today,there were no warnings on ESET or Defender all working correctly. eis_logs.zip Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted November 16, 2020 ESET Staff Share Posted November 16, 2020 On 11/15/2020 at 5:32 AM, VanBuran said: Had this today,there were no warnings on ESET or Defender all working correctly. Not this again You say both working correctly I see Defender being the active one according to logs. Which means both realtime protections are running. From our logs I can see that once the wscsvc is running we try to update AV state to On we get E_PENDING results from AV API. After that we find out, through WSC public API, that we are unregistered(!!!) so we try to register and get E_PENDING again. Next we try to recover from that, but seems that there is some race condition which can be fixed rather easily. But again we get E_PENDING error for status update. Real question is why do we find ourselves unregistered after some reboots as we definitely do not unregister unless it is needed/requested e.g. full uninstall. Possible cause could be that WSC cannot get some data. Link to comment Share on other sites More sharing options...
itman 1,749 Posted November 16, 2020 Share Posted November 16, 2020 (edited) 4 hours ago, JozefG said: Not this again You say both working correctly I see Defender being the active one according to logs. Which means both realtime protections are running. I had something similiar to this happen yesterday morning. It is the first time this has happened when using Eset on Win 10; approx. 5 years. Out of the blue and doing nothing out of the ordinary on the PC, I received an alert from Windows Security Center that there was a problem with real-time protection. Note this was sometime after system startup. Since I monitor registry run keys modification with Eset HIPS rules, I started receiving alerts from Win 10 in regards to setting up Win Defender in WSC; Time;Application;Operation;Target;Action;Rule;Additional information 11/15/2020 11:17:49 AM;C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe;Modify registry;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsDefender;allowed;User rule: block modification of registry run keys; which I allowed. Note that EIS Eset 14.0.22 is still fully functional with no issues per GUI home screen display. However, WSC says Eset real-time protection is off. At this point, I rebooted the PC. Eset still shows it is fully functional with no issues. WSC still states Eset real-time protection is off and Windows Defender is active real-time solution. A few minutes later, I recheck WCS real-time status again. Magically, Eset now shows as real-time solution and WD is turned off. Stranger yet, I check above registry key and no entry for MsMpEng.exe there. No issue with this since or like strange reset behavior through multiple system restarts. My opinion - dump ver. 14 and revert back to latest ver. 13 release. Edited November 16, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Staff JozefG 10 Posted November 16, 2020 ESET Staff Share Posted November 16, 2020 @itman@VanBuran would you be interested in testing module that should hopefully fix this issue? Link to comment Share on other sites More sharing options...
itman 1,749 Posted November 16, 2020 Share Posted November 16, 2020 59 minutes ago, JozefG said: @itman@VanBuran would you be interested in testing module that should hopefully fix this issue? I will wait for a while and then get back to you on this. What I posted previously just happened again. This time I let WD update itself and its definitions. I then rebooted. Then when I checked WSC real-time AV status, it was hosed in that nothing showed as real-time protection. However, I then received another Eset HIPS alert: Time;Application;Operation;Target;Action;Rule;Additional information 11/16/2020 10:23:41 AM;C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MsMpEng.exe;Start new application;C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe;allowed;User rule: block C:\ProgramData executables; which I allowed to run. Appears this also was a registry modification. Note that I monitor C:\ProgramData\* program startup activity via Eset HIPS. "My gut is telling me" this MpCmdRun registry activity is the key to getting this straightened out. After this ran, WCS now is back to correct status with Eset real-time protection on and WD off. Link to comment Share on other sites More sharing options...
VanBuran 2 Posted November 17, 2020 Author Share Posted November 17, 2020 14 hours ago, JozefG said: @itman@VanBuran would you be interested in testing module that should hopefully fix this issue? As ESET is working,I think I will leave as is and monitor the software. Link to comment Share on other sites More sharing options...
Recommended Posts