Windows Security Center Service unable to load instances of AntiVirusProduct from datastore.

[Zardoc 4]

15 hours ago, Marcos said:

We are not aware of any negative effects of the errors on protection or ESET's features and functionalities.

Please remember that this is a forum, not a ticketing system that would show a reminder if a particular question was left unanswered for a longer time. While we do our best to answer everything in a timely manner, some posts may rarely escape our attention. Therefore we kindly ask you to re-post your question or drop me or another moderator a private message with a reminder if you chase a response.

I understand your answer and thank you for responding.

[Zardoc 4]

Hi,Is there an update on this issue ?

Seems to be really long to fix. 🙄

[Pete12 2]

Still no improvements , eventlogs full of errors !

Will stay at 16.2.15 untill its running out of support , then will look for other security-software , if ............still no solution !      🤨

[Marcos 5,105]

Still waiting for a response from Microsoft. We'll ping them again.

I would also stress once again that the errors have no negative effect on protection or the functionality of your ESET product.

[Pete12 2]

" Still waiting for a response from Microsoft. We'll ping them again. "..........still no fix for this annoying problem ??  ( 17 Januari .....!)

Why ( ??) do we have to wait soo long for a response from Microsoft ?

Eventviewer still full with errors , since latest ESET-update..........!!

Not in the mood for updating my 16.2.15...............😟

[Marcos 5,105]

The issue with annoying logging is being worked on. If you mind the error messages in the system log caused by a certificate change (expiring SHA2 -> ACS), you can temporarily use the older version signed with the SHA2 certificate while the issue is being investigated.

[Pete12 2]

" you can temporarily use the older version signed with the SHA2 certificate while the issue is being investigated. "...............how ( ?) to get this version , will try , untill finally fixed for latest also .

Im getting 17.0.16.0 , when looking for latest ..........

[Marcos 5,105]

V16 can be downloaded from https://support.eset.com/en/kb2885.

[Zardoc 4]

@Marcos,

Why is this taking so long? Even if this is not a serious issue it just makes Eset loose credibility on a lagging issue.

I have around 40 licences circulating and my customers don't like problems especially with their anti virus.

[Marcos 5,105]

Just now, Zardoc said:

Why is this taking so long? Even if this is not a serious issue it just makes Eset loose credibility on a lagging issue.

I have around 40 licences circulating and my customers don't like problems especially with their anti virus.

That's because it's somehow related to the recent certificate change (SHA2->ACS) and it requires cooperation with Microsoft to figure out the root cause.

[Pete12 2]

Cant find the v16 on your link ................!!

When selecting older version , nothing happens !

btw ; Im now on 16.2.15 version still , no problems with this version , untill I update to later version(s) .........

So, what version is the v16 ?

[Marcos 5,105]

 

Since you already have v16.2 as you say, you don't need to install it again.

[Pete12 2]

Ok , thank you .

So, still not any solution available ...........

Will wait , untill my version ( V16 ) is not supported anymore .

If no solution , have to search for other security software , without errors in my eventlogs !

[Pete12 2]

"  it requires cooperation with Microsoft to figure out the root cause. "...........latest februari-Microsoft updates just arrived/installed .

WHY (??) does it takes so long , before MS starts to cooperate for fixing this ( endless time taking !!) problem ??

You know this event-viewer problem will costs ESET lots of customers ( including myself !) if its not been fixed !

Not very nice seeing an eventviewer , every day, full with errors ...........!!!

WAKE UP, PLEASE !!!

[itman 1,676]

For those running ver. 16 of Eset, you are advised to upgrade to ver. 17 ASAP: https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed .

[Pete12 2]

So, this problem ( event viewer running full errors ) is finally fixed ..............??

[itman 1,676]

Just now, Pete12 said:

So, this problem ( event viewer running full errors ) is finally fixed ..............??

Not that I am aware of.

[Pete12 2]

" Not that I am aware of. "..............???

HOW (??) can you advice the ESET-customers to update from version 16 to 17 , while you did not tested it BEFORE (!!) 

Please , read the REASON (!) of this forum again !

So, still NO SOLUTION ...............!!

Test first , before advicing people to update !!!! 🤨

[itman 1,676]

12 minutes ago, Pete12 said:

HOW (??) can you advice the ESET-customers to update from version 16 to 17 , while you did not tested it BEFORE (!!) 

The worst type of vulnerability is one in an AV product due to the elevated privileges it runs under. Now that this vulnerability has been publicly released, expect attackers to start actively exploiting it.

Again, you have been advised. It's your decision if you chose to ignore it.    

[Pete12 2]

Will roll back to 16-version , without all these annoying event-errors !!

Costed me a lot of time !!

Thanks ( ??) for your ( untested ! ) "advice "

[itman 1,676]

5 minutes ago, Pete12 said:

Will roll back to 16-version , without all these annoying event-errors !!

This won't mitigate the vulnerability;

Quote

Affected programs and versions

• ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate 16.2.15.0 and earlier

 

Edited February 16 by itman

[Pete12 2]

Still these annoying event-errors , ITS STILL NOT FIXED !!

Will stop using ESET if its not fixed this year............!!!

Version 17 gives lots of event-log errors , PLEASE , FIX IT ........!!!

( id=18 and id=19 , dont want to see these errors anymore , HOW TO STOP THEM ARRIVE , AFTER EACH REBOOT !!)

[Marcos 5,105]

You can install v17 and then:

1. Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
2. Grant full control to you
3. Delete the key
4. Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516}
5. Grant full control to you
6. Delete the key

Please modify the registry with care since deleting incorrect keys or values may render the machine unbootable or cause other issues. Create a restore point first.

[Pete12 2]

56 minutes ago, Marcos said:

You can install v17 and then:

1. Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
2. Grant full control to you
3. Delete the key
4. Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516}
5. Grant full control to you
6. Delete the key

Please modify the registry with care since deleting incorrect keys or values may render the machine unbootable or cause other issues. Create a restore point first.

After these modifyings , still got errors ; id=16 ( SECURITY_PRODUCT_STATE_ON.) and id=18 ( not possible to load from Firewall-product from datastore ) 

[Marcos 5,105]

1 hour ago, Pete12 said:

After these modifyings , still got errors ; id=16 ( SECURITY_PRODUCT_STATE_ON.) and id=18 ( not possible to load from Firewall-product from datastore ) 

There's no reason for that if the above keys were actually deleted. I've also tested it with v16.2 upgraded to v17 and the errors were no more logged afterwards.