Windows Security says ESET Security is switched off

[itman 1,659]

15 minutes ago, SeriousHoax said:

Though feeling a bit hesitant but maybe I should reinstall ESET now.

Let it rip! To quote FDR, "The only thing to fear, is fear itself."

[itman 1,659]

Here's my theory as to what is causing this issue.

Windows Security Center constantly monitors if third party AV real-time protection is enabled. If it detects that it is not so enabled, it will immediately enable Windows Defender.

In the past, the problem was this switch over was not always performed or performed in a timely manner, thereby leaving a device exposed to a malware infection. It appears in current versions of Win 10, this trigger detection "sensitivity" has been greatly increased.

My current theory is perhaps Eset internally will disable its real-time protection for a very brief period of time. This could be for a variety of reason such as product maintenance, security reconfiguration, etc.. Whatever is going on internally in Eset is enough for WSC to detect an issue with Eset real-time protection and trigger the startup of Windows Defender.

[SeriousHoax 83]

2 hours ago, itman said:

Let it rip! To quote FDR, "The only thing to fear, is fear itself."

I did, but it's downloading the initial update extremely slowly. 3 megabytes in 45 mins, so I had to uninstall again. Maybe something is wrong from my ISP's side. Everything else is running fine though. I don't know what's the problem. This is why I always wanted a full offline installer containing all modules. It would make the initial update smaller. ESET have such installer for business products but not for home.

[SeriousHoax 83]

Is there anything wrong with ESET or its servers in general? In virustotal all ESET scans are resulting in "Timeout"

https://www.virustotal.com/gui/file/b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2/detection

[Marcos 5,071]

12 minutes ago, SeriousHoax said:

Is there anything wrong with ESET or its servers in general? In virustotal all ESET scans are resulting in "Timeout"

https://www.virustotal.com/gui/file/b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2/detection

Nothing wrong. It's a NSIS installer with 3 big Themida-packed files inside. Scanning the whole installer takes almost a minute, hence the scan times out in VT. The malware is detected, however:

Log
Scanned disks, folders and files: C:\test\b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2
C:\test\b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2 » NSIS » Timber_25.exe - a variant of Win32/Packed.Themida.HHP trojan - retained
C:\test\b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2 » NSIS » Problem_92.exe - a variant of Win32/Packed.Themida.Gen.ER trojan - retained
C:\test\b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2 » NSIS » Pumpkin_41.exe - a variant of Win32/Packed.Themida.HMR trojan - retained

 

[SeriousHoax 83]

28 minutes ago, Marcos said:

Nothing wrong. It's a NSIS installer with 3 big Themida-packed files inside. Scanning the whole installer takes almost a minute, hence the scan times out in VT. The malware is detected, however:

Log
Scanned disks, folders and files: C:\test\b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2
C:\test\b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2 » NSIS » Timber_25.exe - a variant of Win32/Packed.Themida.HHP trojan - retained
C:\test\b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2 » NSIS » Problem_92.exe - a variant of Win32/Packed.Themida.Gen.ER trojan - retained
C:\test\b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2 » NSIS » Pumpkin_41.exe - a variant of Win32/Packed.Themida.HMR trojan - retained

 

I see. Alright then.

[itman 1,659]

2 hours ago, SeriousHoax said:

This is why I always wanted a full offline installer containing all modules. It would make the initial update smaller. ESET have such installer for business products but not for home.

Eset home products off-line installers are here: https://support.eset.com/en/kb2885-download-and-install-eset-offline-or-install-older-versions-of-eset-products

Only ver. 14.0.21 is listed. You would have to wait till it auto updated to ver. 14.0.22 or force and update via Eset GUI product updater.

 

[itman 1,659]

2 hours ago, SeriousHoax said:

Is there anything wrong with ESET or its servers in general? In virustotal all ESET scans are resulting in "Timeout"

https://www.virustotal.com/gui/file/b3f6fbb4f049d0a99d882495ebc6b0086936daffa4275f1d4e36927e6e8dc8c2/detection

I don't believe this bugger would even run since its signed with an expired SHA1 cert.. Win10 native SmartScreen would have alerted on this fact alone:

Edited December 16, 2020 by itman

[VanBuran 2]

On 12/7/2020 at 5:20 PM, AGH1965 said:

Every now and then I get messages from Windows Security telling me that there is something wrong. Windows Security > Settings > Manage Providers > Antivirus then shows that Windows Defender Antivirus is switched on and ESET Security is switched off, but Windows Security > Settings > Manage Providers > Firewall shows that ESET Firewall is switched on and Windows Firewall is switched off. The Start screen of ESET Internet Security says that I'm protected though, and I tend to believe that. It seems to me ESET Internet Security isn't telling Windows that it's antivirus part is active. Is this a common issue?

Temporarily switching off and back on of ESET's protection cures the problem, but only for once.

I tried to fix things more permanently by running the following commands that I found on the internet:

• dism /Online /Cleanup-Image /RestoreHealth
• sfc /scannow

This seemed to improve things for a while, but after some time the problem popped up again.

 

P.S. I'm using Windows 10 Home version 2004 and ESET Internet Security version 14.0.22.0.

I brought this up some time ago:-

https://forum.eset.com/topic/26245-eset-turned-off-notifications/?tab=comments#comment-124532

I have removed EST and reinstalled but is is still the same.

 

[SeriousHoax 83]

13 hours ago, itman said:

Eset home products off-line installers are here: https://support.eset.com/en/kb2885-download-and-install-eset-offline-or-install-older-versions-of-eset-products

Only ver. 14.0.21 is listed. You would have to wait till it auto updated to ver. 14.0.22 or force and update via Eset GUI product updater.

 

No not this one. I mean ESET Endpoint product has full offline installer (160mb+ in size) containing all the modules till the day the installer was released.

[Marcos 5,071]

Modules were removed from consumer product installers months ago in order to minimize the data downloaded by users. The modules included with the installer were basically all replaced during the initial update so users had to download update files twice.

[AGH1965 12]

On 12/9/2020 at 11:27 AM, JozefG said:

Yesterday new Security Center integration module: 1029 was released to pre-release channel.

Can you try this module and see if it fixes your issue?

After switching to pre-release updates as recommended, my problem didn't occur anymore. So Security Center Integration module 1029 seems to be the fix I needed. Today I switched back to regular updates, since Security Center Integration module 1029 is now part of that as well. Thanks ESET.