Jump to content

EELAM.SYS and Datto Screenshot failure


Recommended Posts

I am being told by Datto tech support that the eelam.sys driver is causing the screenshots to fail during the backups.

Quote

After further investigation of the agent, it appears a driver eelam.sys is on this machine. Certain drivers for hardware use or for antivirus programs will interfere with virtualizations, and this eelam.sys is one such driver. Can you confirm that this driver is either disabled or not running on this machine? If not, please disable the driver, then start a differential merge of the agent.

For obvious reasons, I cannot disable ESET, so my question is, can that driver be disabled and if not is there anyone having a similar issue and/or workaround?

 

Thank you 

Link to comment
Share on other sites

  • Administrators

Eelam.sys is not loaded all the time; it's needed on Windows start to load ESET's drivers. Also it is not clear what you mean by "screenshots to fail", please clarify. I'd recommend raising a support ticket for further investigation and narrowing it down to a particular feature or driver.

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, Marcos said:

Eelam.sys is not loaded all the time; it's needed on Windows start to load ESET's drivers. Also it is not clear what you mean by "screenshots to fail", please clarify. I'd recommend raising a support ticket for further investigation and narrowing it down to a particular feature or driver.

Datto seems to offer backup systems so I presume it is backup related. Not the best advise from the company to just disable stuff though 

Link to comment
Share on other sites

On 12/29/2021 at 2:30 PM, RandyS said:

After further investigation of the agent, it appears a driver eelam.sys is on this machine. Certain drivers for hardware use or for antivirus programs will interfere with virtualizations, and this eelam.sys is one such driver. Can you confirm that this driver is either disabled or not running on this machine? If not, please disable the driver, then start a differential merge of the agent.

It's obvious from this reply that the Datto tech support person doesn't know how Win 10 works.

Microsoft requires AV vendors to use their own ELAM driver to be able to register in the Windows Security Center. If they don't use this driver, Windows Defender real-time processing will be enabled and run concurrent with the AV real-time solution. Ditto for the Windows firewall.

As @Marcos posted, the AV ELAM driver is the first non-device driver loaded and is unloaded after all other non-device drivers are loaded.

If Datto's current driver has an issue with the above processing, they should be using a device driver.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...