Jump to content

EELAM.SYS and Datto Screenshot failure

RandyS
 Share

Recommended Posts

RandyS

RandyS 0

Posted
Posted

I am being told by Datto tech support that the eelam.sys driver is causing the screenshots to fail during the backups.

Quote

After further investigation of the agent, it appears a driver eelam.sys is on this machine. Certain drivers for hardware use or for antivirus programs will interfere with virtualizations, and this eelam.sys is one such driver. Can you confirm that this driver is either disabled or not running on this machine? If not, please disable the driver, then start a differential merge of the agent.

For obvious reasons, I cannot disable ESET, so my question is, can that driver be disabled and if not is there anyone having a similar issue and/or workaround?

 

Thank you 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,071

Posted
  • Administrators
Posted

Eelam.sys is not loaded all the time; it's needed on Windows start to load ESET's drivers. Also it is not clear what you mean by "screenshots to fail", please clarify. I'd recommend raising a support ticket for further investigation and narrowing it down to a particular feature or driver.

Link to comment
Share on other sites
  • Most Valued Members
peteyt

peteyt 393

Posted
  • Most Valued Members
Posted
1 hour ago, Marcos said:

Eelam.sys is not loaded all the time; it's needed on Windows start to load ESET's drivers. Also it is not clear what you mean by "screenshots to fail", please clarify. I'd recommend raising a support ticket for further investigation and narrowing it down to a particular feature or driver.

Datto seems to offer backup systems so I presume it is backup related. Not the best advise from the company to just disable stuff though 

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted
On 12/29/2021 at 2:30 PM, RandyS said:

After further investigation of the agent, it appears a driver eelam.sys is on this machine. Certain drivers for hardware use or for antivirus programs will interfere with virtualizations, and this eelam.sys is one such driver. Can you confirm that this driver is either disabled or not running on this machine? If not, please disable the driver, then start a differential merge of the agent.

It's obvious from this reply that the Datto tech support person doesn't know how Win 10 works.

Microsoft requires AV vendors to use their own ELAM driver to be able to register in the Windows Security Center. If they don't use this driver, Windows Defender real-time processing will be enabled and run concurrent with the AV real-time solution. Ditto for the Windows firewall.

As @Marcos posted, the AV ELAM driver is the first non-device driver loaded and is unloaded after all other non-device drivers are loaded.

If Datto's current driver has an issue with the above processing, they should be using a device driver.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...