Windows Security Center Service unable to load instances of AntiVirusProduct from datastore.

[itman 1,676]

3 hours ago, Pete12 said:

After these modifyings , still got errors ; id=16 ( SECURITY_PRODUCT_STATE_ON.) and id=18 ( not possible to load from Firewall-product from datastore ) 

Worked of me. After deleting @Marcos specified reg keys and performing a system restart, new Win Event log Security Center errors are not generated.

I also checked WSC and everything is as it should be; Eset registered as active AV and firewall.

Edited February 16 by itman

[Pete12 2]

followed your solution , still no luck !

Strange in the AV-key , three keys noticed , two from ESET ( did not noticed difference between them ) and the other from Windows Defender.

In the Fw-key , two keys noticed , both from ESET ( again , no difference between them )

So, looks like a few keys too much , what to do .........?

Removed a Fw-key ( after copy ) ...

[Pete12 2]

Why (??) so many keys in AV and Fw , only ESET is anti-virus/firewall ......

Which one should I keep........??

[itman 1,676]

20 minutes ago, Pete12 said:

Why (??) so many keys in AV and Fw , only ESET is anti-virus/firewall ......

After running the recommended reg key deletions, the only keys remaining on my Win 10 x(64) Pro 22H2 build are those shown in the below screen shot. The only key related to Microsoft Defender is the one highlighted. The other two keys are for Eset;

Edited February 16 by itman

[Pete12 2]

[Pete12 2]

Just now, Pete12 said:

These keys are in the AV and Fw , while only ESET and Windows Firewall is present on my Win11 ( latest version ).

Which one to remove/keep ??

Copied them all , so restoring no problem.

After updating from 16 to latest 17 , and following your tips , got id=16 and 18 and 19 in the eventlogs still...........

[Marcos 5,105]

10 hours ago, Pete12 said:

After updating from 16 to latest 17 , and following your tips , got id=16 and 18 and 19 in the eventlogs still...........

Obviously HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D} and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516} keys are still there. They must be removed and the machine rebooted.

Those will be removed automatically during a product upgrade in the future. The name of the value is based on the hash of the certificate used to sign the binary so after a certificate change after the original one expired the redundant key caused the above mentioned errors to be logged.

[Pete12 2]

Well ,tried several times by following your instructions , though the eventview-errors still coming back , after each reboot .

Had to roll-back ,several times, to ESET16-version ( with no errors at all !) 

My machine is not getting better , thinking of waiting for a real working solution , untill the support of the 16-version will end ...........

Anyway , thanks for your help , and if you have other ( better ) solution(s), then ,please, let us know ........

[Marcos 5,105]

The error is not reported with v16 because it's an older version signed with the previous Entrust certificate and having only one entry in the above Provider registry keys for the AV and FW. Unlike the older versions, v17 is signed using an ACS certificate (the Entrust cert. expired last year in December) and therefore WSC created a new key under the Provider key. Since the original key related to ekrn signed by the expired Entrust certificate was not removed (it's undocumented by MS as far as I understood), WSC started reporting the errors. If v17 was installed on a vanilla system where v16 or older was never installed, the errors are not logged. Therefore the solution is to remove the redundant Provider keys related to the previous versions of ekrn.

[Pete12 2]

So, HOW(?) many keys should we have after update to 17 ( 2 in AV , 1 in Fw ?) 

Which one to remove , after installing 17 ?

Is there another way of not showing id=16 in eventviewer (  "Sec.center could not load database, etc " ) ?

[Marcos 5,105]

The strikethrough keys should be removed:

[Pete12 2]

Ok , 26E0861C ( AV) and 1EDB0739 (Fw) will be present after the update to17 , and the other keys will be removed ( or can I remove myself ?) , after the update .......??

And this will be the fix for id=16 , 18, 19  ?

[Pete12 2]

3 minutes ago, Pete12 said:

Ok , 26E0861C ( AV) and 1EDB0739 (Fw) will be present after the update to17 , and the other keys will be removed ( or can I remove myself ?) , after the update .......??

And this will be the fix for id=16 , 18, 19  ?

Should I take ownership before or after the update , and should I remove the keys for/after update ( and reboot )    ??

[Pete12 2]

4 hours ago, Marcos said:

The strikethrough keys should be removed:

Marcos , thank you very much , removing the wrong keys is the solution in my Win11 !! 😃

Did not seen any eventlog-errors anymore ( after some reboots also OK ! ) 

My ESET 17.0.16 works fine , no errors anymore !!!

Very good , while you should update your protection always !!

Again , thanks a lot , buy you a beer in Holland ...........🙋‍♂️

[idahosurge 0]

On 2/16/2024 at 10:35 AM, Marcos said:

You can install v17 and then:

1. Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
2. Grant full control to you
3. Delete the key
4. Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516}
5. Grant full control to you
6. Delete the key

Please modify the registry with care since deleting incorrect keys or values may render the machine unbootable or cause other issues. Create a restore point first.

Hello Marcos,

How do you take ownership of the key and grant full control?

 

 

[Pete12 2]

On 2/17/2024 at 5:00 PM, Pete12 said:

Marcos , thank you very much , removing the wrong keys is the solution in my Win11 !! 😃

Did not seen any eventlog-errors anymore ( after some reboots also OK ! )  This problem is solved , for me !!

My ESET 17.0.16 works fine , no errors anymore !!!

Very good , while you should update your protection always !!

Again , thanks a lot , buy you a beer in Holland ...........🙋‍♂️

 

[Zardoc 4]

Hi,

When is the next update with a permanent fix?

[Zardoc 4]

There is a new version 17.1.9.0 Is there a download link plz ?

[x7007 4]

which one I need to delete?

 

[Marcos 5,105]

Please remove:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}

[Marcos 5,105]

7 hours ago, Zardoc said:

There is a new version 17.1.9.0 Is there a download link plz ?

It has not been released yet but it's available on the pre-release update channel already.

[Zardoc 4]

4 hours ago, Marcos said:

It has not been released yet but it's available on the pre-release update channel already.

Thanks Marcos. don't have a link by any chance ?

[Marcos 5,105]

You can download it from https://forum.eset.com/files/file/132-eset-security-1719/ if you don't prefer switching to the pre-release update channel.

[Zardoc 4]

44 minutes ago, Marcos said:

You can download it from https://forum.eset.com/files/file/132-eset-security-1719/ if you don't prefer switching to the pre-release update channel.

Thanks Marcos. 🙂

[efi99 0]

Hi!

I updated today to 17.1.9.0, but the error code still appears in the event log.