Antimalware Scan Interface (AMSI) integration has failed.

[schuetzdentalCB 8]

Aloha,

am installing endpoint secrutiy latest version on clients which were running 8.1 before without any issue but now i'm getting the error message: Antimalware Scan Interface (AMSI) integration has failed. 

For me i doesnt look like that theres something wrong with the client but maybe with the latest eset sec. version? can anyone confirm?

also tried latest version on a completely new installed win10 client, same error after a few minutes. sometimes restarting is fixing it but it error comes back a few hours later.

 

thanks your any ideas.

[Marcos 5,074]

I'd recommend raising a support ticket since further investigation and logs will be needed.

[Giedrius 0]

We have the same error in some computers after upgrading to version 9.0.2032.6 from version 9.0.2032.2

[Marcos 5,074]

1 hour ago, Giedrius said:

We have the same error in some computers after upgrading to version 9.0.2032.6 from version 9.0.2032.2

If you are getting the error after a reboot, enable advanced logging under Help and support -> Technical support, reboot the machine and then disable logging. Raise a support ticket and provide the logs.

[Olivy 0]

Hi schuetzdentalCB and Giedrius

We have exactly the same problem with some computers.

Did you find the solution ?

Thanks !

[Marcos 5,074]

Since the issue is being investigated, I'd recommend opening a support ticket.

[Marcos 5,074]

Could you please check if you have advanced scanning of scripts enabled in the Web access protection setup?

[Giedrius 0]

2 hours ago, Marcos said:

Could you please check if you have advanced scanning of scripts enabled in the Web access protection setup?

Yes, this settings ir enabled.

[Olivy 0]

On 12/31/2021 at 1:17 PM, Marcos said:

Could you please check if you have advanced scanning of scripts enabled in the Web access protection setup?

enabled or not, it is the same issue

[Marcos 5,074]

6 hours ago, Olivy said:

enabled or not, it is the same issue

The root cause of the error is currently not known, the issue is being investigated.

[Guest]

Have the same thing, one has cleared by uninstalling in safe mode and reinstalling. Initially it had the same error again but has gone now

[Peter Randziak 1,130]

Hello guys,

It is a bug on our side and should be resolved in future releases.

We apologize for the inconvenience caused,

Peter

(P_EESW-8145)

[Marcos 5,074]

It should help if you do not set the above setting via a policy. After a reboot or after disabling and re-enabling the above setting the warning should be gone.

[lvanoel 0]

On 1/10/2022 at 1:28 PM, Peter Randziak said:

Hello guys,

It is a bug on our side and should be resolved in future releases.

We apologize for the inconvenience caused,

Peter

(P_EESW-8145)

 

Hi,

Can you give an ETA on when the bug is resolved or when the future release is here?

[Marcos 5,074]

There is no ETA yet, however, there is a known workaround how to prevent the notification from being reported.

[GregA 3]

On fresh ESET 8.1 endpoint installs to a new computer we see the AMSI integration error message. But after a reboot it appears to go away even if the advanced browser script setting is still left enabled in the server policy. That is what I am seeing so far anyway. So if you want to keep the setting, a reboot would appear to be needed after a fresh install.

FYI, if it's of any help. The bug seems to be in the latest version of 8.1. I didn't see it in the previous version 8.1 we had installed. We just started seeing it with the new 8.1.2037.9 version.

[techie007 0]

We've see this with v9.0.2032.6 on like 5-10 of 185 machines after upgrades or fresh installs.

We have "Enable advanced scanning of browser scripts" enabled via policy.

2 or 3 of them required two reboots to make the error notification go away.

Any chance of an ETA for the next version yet?

[razec06 1]

I have a workaround on this without having to reboot the device. I have tried the disabling and re-enabling of advanced scanning of browser scripts but its not successful.

What I did is to disable and re-enable the advanced scanning via AMSI by policy. And most of the workstations AMSI error disappeared. I don't know if this is ideal but it works,

[Heir 0]

In some cases, the machines may need a further full reboot (specifically selecting 'restart', or holding Shift as Shut down is selected) to clear the alert, some cases may however require a few commands to be executed as an Administrator:
 

"C:\Program Files\ESET\ESET Security\ecmd" /registerav
"C:\Program Files\ESET\ESET Security\ecmd" /registeravsoft
shutdown -t 0 -f -r

Whilst these can be executed via a Run Command task (https://help.eset.com/protect_admin/90/en-US/client_tasks_run_command.html), because the third command is an immediate restart, we'd perhaps recommend only running these locally

[SephisticatedTV 0]

Just wondering if there has been a fix or if i am experiencing the same issue. 

[Marcos 5,074]

16 hours ago, SephisticatedTV said:

Just wondering if there has been a fix or if i am experiencing the same issue. 

What ESET product / version are you using?

[Sampy 0]

Same problem, disabling and re enabling policy didn't solve the error.

ESET Endpoint Antivirus 9.0.2032.6

[Marcos 5,074]

1 hour ago, Sampy said:

Same problem, disabling and re enabling policy didn't solve the error.

ESET Endpoint Antivirus 9.0.2032.6

Have you also restarted the machine? Does disabling advanced scanning via AMSI and re-enabling the setting help?

[Sampy 0]

Disabling advanced scanning via AMSI and re-enabling through policy doesn't solve the error. For some PCs second reboot clears the error.  

[Troldahl 0]

I have 17000 endpoints, dozens of people with this error who are not local administrators, and I am Security, not Domain Admin.  I'm going to have to mostly follow the two non-reboot commands from Feb 24th and let the end user do the reboot when they want, or wait for ESET to fix the issue.