itman 1,786 Posted February 16 Share Posted February 16 (edited) 3 hours ago, Pete12 said: After these modifyings , still got errors ; id=16 ( SECURITY_PRODUCT_STATE_ON.) and id=18 ( not possible to load from Firewall-product from datastore ) Worked of me. After deleting @Marcos specified reg keys and performing a system restart, new Win Event log Security Center errors are not generated. I also checked WSC and everything is as it should be; Eset registered as active AV and firewall. Edited February 16 by itman Link to comment Share on other sites More sharing options...
Pete12 2 Posted February 16 Share Posted February 16 followed your solution , still no luck ! Strange in the AV-key , three keys noticed , two from ESET ( did not noticed difference between them ) and the other from Windows Defender. In the Fw-key , two keys noticed , both from ESET ( again , no difference between them ) So, looks like a few keys too much , what to do .........? Removed a Fw-key ( after copy ) ... Link to comment Share on other sites More sharing options...
Pete12 2 Posted February 16 Share Posted February 16 Why (??) so many keys in AV and Fw , only ESET is anti-virus/firewall ...... Which one should I keep........?? Link to comment Share on other sites More sharing options...
itman 1,786 Posted February 16 Share Posted February 16 (edited) 20 minutes ago, Pete12 said: Why (??) so many keys in AV and Fw , only ESET is anti-virus/firewall ...... After running the recommended reg key deletions, the only keys remaining on my Win 10 x(64) Pro 22H2 build are those shown in the below screen shot. The only key related to Microsoft Defender is the one highlighted. The other two keys are for Eset; Edited February 16 by itman Link to comment Share on other sites More sharing options...
Pete12 2 Posted February 16 Share Posted February 16 Link to comment Share on other sites More sharing options...
Pete12 2 Posted February 16 Share Posted February 16 Just now, Pete12 said: These keys are in the AV and Fw , while only ESET and Windows Firewall is present on my Win11 ( latest version ). Which one to remove/keep ?? Copied them all , so restoring no problem. After updating from 16 to latest 17 , and following your tips , got id=16 and 18 and 19 in the eventlogs still........... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted February 17 Administrators Share Posted February 17 10 hours ago, Pete12 said: After updating from 16 to latest 17 , and following your tips , got id=16 and 18 and 19 in the eventlogs still........... Obviously HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D} and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516} keys are still there. They must be removed and the machine rebooted. Those will be removed automatically during a product upgrade in the future. The name of the value is based on the hash of the certificate used to sign the binary so after a certificate change after the original one expired the redundant key caused the above mentioned errors to be logged. Link to comment Share on other sites More sharing options...
Pete12 2 Posted February 17 Share Posted February 17 Well ,tried several times by following your instructions , though the eventview-errors still coming back , after each reboot . Had to roll-back ,several times, to ESET16-version ( with no errors at all !) My machine is not getting better , thinking of waiting for a real working solution , untill the support of the 16-version will end ........... Anyway , thanks for your help , and if you have other ( better ) solution(s), then ,please, let us know ........ Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted February 17 Administrators Share Posted February 17 The error is not reported with v16 because it's an older version signed with the previous Entrust certificate and having only one entry in the above Provider registry keys for the AV and FW. Unlike the older versions, v17 is signed using an ACS certificate (the Entrust cert. expired last year in December) and therefore WSC created a new key under the Provider key. Since the original key related to ekrn signed by the expired Entrust certificate was not removed (it's undocumented by MS as far as I understood), WSC started reporting the errors. If v17 was installed on a vanilla system where v16 or older was never installed, the errors are not logged. Therefore the solution is to remove the redundant Provider keys related to the previous versions of ekrn. Link to comment Share on other sites More sharing options...
Pete12 2 Posted February 17 Share Posted February 17 So, HOW(?) many keys should we have after update to 17 ( 2 in AV , 1 in Fw ?) Which one to remove , after installing 17 ? Is there another way of not showing id=16 in eventviewer ( "Sec.center could not load database, etc " ) ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted February 17 Administrators Share Posted February 17 The strikethrough keys should be removed: Link to comment Share on other sites More sharing options...
Pete12 2 Posted February 17 Share Posted February 17 Ok , 26E0861C ( AV) and 1EDB0739 (Fw) will be present after the update to17 , and the other keys will be removed ( or can I remove myself ?) , after the update .......?? And this will be the fix for id=16 , 18, 19 ? Link to comment Share on other sites More sharing options...
Pete12 2 Posted February 17 Share Posted February 17 3 minutes ago, Pete12 said: Ok , 26E0861C ( AV) and 1EDB0739 (Fw) will be present after the update to17 , and the other keys will be removed ( or can I remove myself ?) , after the update .......?? And this will be the fix for id=16 , 18, 19 ? Should I take ownership before or after the update , and should I remove the keys for/after update ( and reboot ) ?? Link to comment Share on other sites More sharing options...
Pete12 2 Posted February 17 Share Posted February 17 4 hours ago, Marcos said: The strikethrough keys should be removed: Marcos , thank you very much , removing the wrong keys is the solution in my Win11 !! 😃 Did not seen any eventlog-errors anymore ( after some reboots also OK ! ) My ESET 17.0.16 works fine , no errors anymore !!! Very good , while you should update your protection always !! Again , thanks a lot , buy you a beer in Holland ...........🙋♂️ Link to comment Share on other sites More sharing options...
idahosurge 0 Posted February 19 Share Posted February 19 On 2/16/2024 at 10:35 AM, Marcos said: You can install v17 and then: Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D} Grant full control to you Delete the key Take ownership of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516} Grant full control to you Delete the key Please modify the registry with care since deleting incorrect keys or values may render the machine unbootable or cause other issues. Create a restore point first. Hello Marcos, How do you take ownership of the key and grant full control? Link to comment Share on other sites More sharing options...
Pete12 2 Posted February 20 Share Posted February 20 On 2/17/2024 at 5:00 PM, Pete12 said: Marcos , thank you very much , removing the wrong keys is the solution in my Win11 !! 😃 Did not seen any eventlog-errors anymore ( after some reboots also OK ! ) This problem is solved , for me !! My ESET 17.0.16 works fine , no errors anymore !!! Very good , while you should update your protection always !! Again , thanks a lot , buy you a beer in Holland ...........🙋♂️ Link to comment Share on other sites More sharing options...
Zardoc 4 Posted March 6 Author Share Posted March 6 Hi, When is the next update with a permanent fix? Link to comment Share on other sites More sharing options...
Zardoc 4 Posted March 28 Author Share Posted March 28 There is a new version 17.1.9.0 Is there a download link plz ? Link to comment Share on other sites More sharing options...
x7007 4 Posted March 28 Share Posted March 28 which one I need to delete? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 28 Administrators Share Posted March 28 Please remove: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{DF8BEACB-94C9-218A-73AD-A78362A8C516} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D} Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 28 Administrators Share Posted March 28 7 hours ago, Zardoc said: There is a new version 17.1.9.0 Is there a download link plz ? It has not been released yet but it's available on the pre-release update channel already. Link to comment Share on other sites More sharing options...
Zardoc 4 Posted March 28 Author Share Posted March 28 4 hours ago, Marcos said: It has not been released yet but it's available on the pre-release update channel already. Thanks Marcos. don't have a link by any chance ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 29 Administrators Share Posted March 29 You can download it from https://forum.eset.com/files/file/132-eset-security-1719/ if you don't prefer switching to the pre-release update channel. Link to comment Share on other sites More sharing options...
Zardoc 4 Posted March 29 Author Share Posted March 29 44 minutes ago, Marcos said: You can download it from https://forum.eset.com/files/file/132-eset-security-1719/ if you don't prefer switching to the pre-release update channel. Thanks Marcos. 🙂 Link to comment Share on other sites More sharing options...
efi99 0 Posted April 5 Share Posted April 5 Hi! I updated today to 17.1.9.0, but the error code still appears in the event log. Link to comment Share on other sites More sharing options...
Recommended Posts