Jump to content

Antimalware Scan Interface (AMSI) integration has failed.


schuetzdentalCB
 Share

Recommended Posts

Aloha,

am installing endpoint secrutiy latest version on clients which were running 8.1 before without any issue but now i'm getting the error message: Antimalware Scan Interface (AMSI) integration has failed. 

For me i doesnt look like that theres something wrong with the client but maybe with the latest eset sec. version? can anyone confirm?

also tried latest version on a completely new installed win10 client, same error after a few minutes. sometimes restarting is fixing it but it error comes back a few hours later.

 

thanks your any ideas.

Link to comment
Share on other sites

  • Administrators
1 hour ago, Giedrius said:

We have the same error in some computers after upgrading to version 9.0.2032.6 from version 9.0.2032.2

If you are getting the error after a reboot, enable advanced logging under Help and support -> Technical support, reboot the machine and then disable logging. Raise a support ticket and provide the logs.

Link to comment
Share on other sites

  • 2 weeks later...
2 hours ago, Marcos said:

Could you please check if you have advanced scanning of scripts enabled in the Web access protection setup?

image.png

Yes, this settings ir enabled.

Link to comment
Share on other sites

On 12/31/2021 at 1:17 PM, Marcos said:

Could you please check if you have advanced scanning of scripts enabled in the Web access protection setup?

image.png

enabled or not, it is the same issue

Link to comment
Share on other sites

  • Administrators
6 hours ago, Olivy said:

enabled or not, it is the same issue

The root cause of the error is currently not known, the issue is being investigated.

Link to comment
Share on other sites

Have the same thing, one has cleared by uninstalling in safe mode and reinstalling. Initially it had the same error again but has gone now

Link to comment
Share on other sites

  • ESET Moderators

Hello guys,

It is a bug on our side and should be resolved in future releases.

We apologize for the inconvenience caused,

Peter

(P_EESW-8145)

Link to comment
Share on other sites

  • Administrators

It should help if you do not set the above setting via a policy. After a reboot or after disabling and re-enabling the above setting the warning should be gone.

Link to comment
Share on other sites

On 1/10/2022 at 1:28 PM, Peter Randziak said:

Hello guys,

It is a bug on our side and should be resolved in future releases.

We apologize for the inconvenience caused,

Peter

(P_EESW-8145)

 

Hi,

Can you give an ETA on when the bug is resolved or when the future release is here?

Link to comment
Share on other sites

  • Administrators

There is no ETA yet, however, there is a known workaround how to prevent the notification from being reported.

Link to comment
Share on other sites

  • 2 weeks later...

On fresh ESET 8.1 endpoint installs to a new computer we see the AMSI integration error message. But after a reboot it appears to go away even if the advanced browser script setting is still left enabled in the server policy. That is what I am seeing so far anyway. So if you want to keep the setting, a reboot would appear to be needed after a fresh install.

FYI, if it's of any help. The bug seems to be in the latest version of 8.1. I didn't see it in the previous version 8.1 we had installed. We just started seeing it with the new 8.1.2037.9 version.

Link to comment
Share on other sites

  • 2 weeks later...

We've see this with v9.0.2032.6 on like 5-10 of 185 machines after upgrades or fresh installs.

We have "Enable advanced scanning of browser scripts" enabled via policy.

2 or 3 of them required two reboots to make the error notification go away.

Any chance of an ETA for the next version yet? :)

Link to comment
Share on other sites

I have a workaround on this without having to reboot the device. I have tried the disabling and re-enabling of advanced scanning of browser scripts but its not successful.

What I did is to disable and re-enable the advanced scanning via AMSI by policy. And most of the workstations AMSI error disappeared. I don't know if this is ideal but it works,

Link to comment
Share on other sites

  • 2 weeks later...

In some cases, the machines may need a further full reboot (specifically selecting 'restart', or holding Shift as Shut down is selected) to clear the alert, some cases may however require a few commands to be executed as an Administrator:
 

"C:\Program Files\ESET\ESET Security\ecmd" /registerav
"C:\Program Files\ESET\ESET Security\ecmd" /registeravsoft
shutdown -t 0 -f -r

Whilst these can be executed via a Run Command task (https://help.eset.com/protect_admin/90/en-US/client_tasks_run_command.html), because the third command is an immediate restart, we'd perhaps recommend only running these locally

Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators
16 hours ago, SephisticatedTV said:

Just wondering if there has been a fix or if i am experiencing the same issue. 

What ESET product / version are you using?

Link to comment
Share on other sites

Same problem, disabling and re enabling policy didn't solve the error.

ESET Endpoint Antivirus 9.0.2032.6

Link to comment
Share on other sites

  • Administrators
1 hour ago, Sampy said:

Same problem, disabling and re enabling policy didn't solve the error.

ESET Endpoint Antivirus 9.0.2032.6

Have you also restarted the machine? Does disabling advanced scanning via AMSI and re-enabling the setting help?

image.png

Link to comment
Share on other sites

Disabling advanced scanning via AMSI and re-enabling through policy doesn't solve the error. For some PCs second reboot clears the error.  

Link to comment
Share on other sites

I have 17000 endpoints, dozens of people with this error who are not local administrators, and I am Security, not Domain Admin.  I'm going to have to mostly follow the two non-reboot commands from Feb 24th and let the end user do the reboot when they want, or wait for ESET to fix the issue.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...