howardagoldberg 14 Posted November 26, 2023 Share Posted November 26, 2023 Upgraded to 17.0.15.0 in-app (Check for Updates) on Friday, November 24. Today (Sunday, November 26), booted up and received the above error message on the Overview screen of the app. Clicked the 'restart device' link. System took considerably longer to restart than usual, but upon reboot, the error message was gone and now have the expected greenish 'You are protected' banner, The system in question is a fully updated/patched Win 10 x64 system. The hardware is over 10 years old, but have never seen this message before on this or any of my Win 10 or 11 systems. What caused it and how can it be prevented in the future? Is there any risk to the system at this point? No logs to provide, since the error resolved upon reboot. Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted November 26, 2023 Share Posted November 26, 2023 1 hour ago, howardagoldberg said: Today (Sunday, November 26), booted up and received the above error message on the Overview screen of the app. Clicked the 'restart device' link. System took considerably longer to restart than usual, There are multiple recent malware that are performing AMSI bypasses. This might be related to one of those. I would perform a full admin level Eset scan and see if it detects anything. Quote Link to comment Share on other sites More sharing options...
howardagoldberg 14 Posted November 30, 2023 Author Share Posted November 30, 2023 (edited) On 11/26/2023 at 2:02 PM, itman said: There are multiple recent malware that are performing AMSI bypasses. This might be related to one of those. I would perform a full admin level Eset scan and see if it detects anything. I will perform a scan, however - after rebooting (and every reboot since) the message has not appeared. The system in question is over 10 years old, and I use it mostly for streaming music. The only software I have downloaded in recent months is app updates via MS Store or updating MS365, Acrobat, etc. I don't even check email on the system. So there are not many vectors for malware to sneak through (all browsers are updated, and I do almost nothing with browsers on this system except go to the National Weather Service radar page and similar known, safe sites). Seems to me like an ESET glitch. None of my other systems on the same network - which are used for online activities more heavily and across a greater variety of services - have ever displayed the warning, which further increases my confidence that it is not malware. Windows security center also shows ESET as the Security solution with no issues. Edited November 30, 2023 by howardagoldberg Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted November 30, 2023 Share Posted November 30, 2023 (edited) In Eset GUI Advanced setup setting, open Advanced options and perform the following. Verify that AMSI setting is enabled per below screen shot. If not, enable it. If AMSI setting is enabled, toggle the setting off and then on. Is the problem now resolved? Edited November 30, 2023 by itman Quote Link to comment Share on other sites More sharing options...
howardagoldberg 14 Posted November 30, 2023 Author Share Posted November 30, 2023 (edited) 2 hours ago, itman said: In Eset GUI Advanced setup setting, open Advanced options and perform the following. Verify that AMSI setting is enabled per below screen shot. If not, enable it. If AMSI setting is enabled, toggle the setting off and then on. Is the problem now resolved? As I have already stated, the problem was resolved after a reboot. This past Sunday (11/26) the error appeared after booting up. I rebooted, no error message. No error message for several cold starts and reboots since then. I had never seen the error before, and have not seen it since. Windows reports that ESET is the AV provider and no issues are indicated. (I have confirmed that AMSI is enabled as per the screenshot you shared.) Edited November 30, 2023 by howardagoldberg Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted November 30, 2023 Share Posted November 30, 2023 1 minute ago, howardagoldberg said: As I have already stated, the problem was resolved after a reboot. Great! Also, past postings on this issue stated a system restart did resolve the issue for most users. Quote Link to comment Share on other sites More sharing options...
hrgajek22 0 Posted December 6, 2023 Share Posted December 6, 2023 Had the same issue on a Windows 11 Insider Preview 22H2 23595.1001. Thought first, the Insider Preview could be the cause. A "friendly neighbour" had installed "Driver Booster" on this machine. I uninstalled it at once and rebooted the machine. Problem solved. May be this could be useful for some users. Quote Link to comment Share on other sites More sharing options...
ELOGA 0 Posted February 29 Share Posted February 29 Yesterday (2024-02-28), for the first time, I installed Malwarebytes on our laptop computer(OS = Microsoft Windows 10), and which already is running ESET NOD32. This AM I saw this same error message for the first time. As Mr. Goldberg states, I also clicked the 'restart device' link, and the laptop computer took much longer to restart, and the issue did not recur; also I checked the advanced setup, and AMSI is enabled. In our case, and possibly for others also, this seems like might be a possible conflict between Malwarebytes and ESET? However, note that we already have both ESET NOD32 and Malwarebytes running on our "tower" computer (OS = Microsoft Windows 10), for many years and this issue has never arisen on that computer. Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted February 29 Share Posted February 29 (edited) 3 hours ago, ELOGA said: In our case, and possibly for others also, this seems like might be a possible conflict between Malwarebytes and ESET? This was discussed in another forum thread which I currently can't find. MBAM is now a full fledged AV solution and as such now registers itself in Windows Security Center as Eset does. Windows 10/11 only allows one third party AV to register itself as the active real-time AV solution. This is where the conflict is and the source of the Eset AMSI error. Why this just recently started with devices having both MBAM - real-time mode and Eset installed only Microsoft knows. The only solution is to disable MBAM real-time mode and run it as an on-demand second opinion AV. Edited February 29 by itman Quote Link to comment Share on other sites More sharing options...
howardagoldberg 14 Posted February 29 Author Share Posted February 29 Just to clarify ... I do not have any other anti-malware solutions installed. So for my system, there is no conflict. I have two very similarly configured systems, and the issue only occurs on a 10+ year old system with a mechanical hard drive. My best guess is that the warning is triggered after a timeout period (the computer take quite awhile to boot up), even though it is likely functioning normally. There is no indication in the Windows Security Center than anything is amiss, and rebooting always resolve the issue. Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted February 29 Share Posted February 29 29 minutes ago, howardagoldberg said: the issue only occurs on a 10+ year old system with a mechanical hard drive. My best guess is that the warning is triggered after a timeout period (the computer take quite awhile to boot up), even though it is likely functioning normally. My system is 13 years old also using two HDDs. I have been using Win 10 since 2016 with Eset installed and have never seen this AMSI error. Quote Link to comment Share on other sites More sharing options...
howardagoldberg 14 Posted March 8 Author Share Posted March 8 Well I'm still seeing it on only 1 of several systems I have ESET installed on. It seemed to abate for a bit, but now it something I have to deal with on nearly every cold boot. It's very annoying, and there is no reason I can identify as to what would be the cause. It started with the latest build. Quote Link to comment Share on other sites More sharing options...
MrWrighty 6 Posted May 14 Share Posted May 14 Just had this very issue occur on a Server running Server 2016. Needed to reboot server as getting WindowsUpdateFailed3 in event viewer (tonnes of them). Reboot didn't fix this, but server took an absolute age to start up. Couldn't even RDP in, but the VM started OK and was running. Eventually got in to be presented with the AMSI not integrated message. Running Server Security 11.0.120008.0. Server has been running and stable for a long time. Recently upgraded to Endpoint Security with Cloud Protect. Quote Link to comment Share on other sites More sharing options...
MrWrighty 6 Posted May 14 Share Posted May 14 34 minutes ago, MrWrighty said: Just had this very issue occur on a Server running Server 2016. Needed to reboot server as getting WindowsUpdateFailed3 in event viewer (tonnes of them). Reboot didn't fix this, but server took an absolute age to start up. Couldn't even RDP in, but the VM started OK and was running. Eventually got in to be presented with the AMSI not integrated message. Running Server Security 11.0.120008.0. Server has been running and stable for a long time. Recently upgraded to Endpoint Security with Cloud Protect. A reboot has not fixed the issue. Quote Link to comment Share on other sites More sharing options...
povas 0 Posted May 20 Share Posted May 20 I am having the same exact issue with a Windows Server 2016, which worked like a charm before. This happened after the Windows updates, also tried rebooting, but to no avail. Quote Link to comment Share on other sites More sharing options...
MrWrighty 6 Posted May 20 Share Posted May 20 1 minute ago, povas said: I am having the same exact issue with a Windows Server 2016, which worked like a charm before. This happened after the Windows updates, also tried rebooting, but to no avail. In the end the advice was to disable AMSI in the Eset console then re-enable it. This gets rid of the error and appears to fix the issue after a reboot. Quote Link to comment Share on other sites More sharing options...
frapetti 2 Posted August 1 Share Posted August 1 I can confirm that i'm having this issues in some Endpoints and Servers, and restarting doesn't not fix the issue most of the time, but disabling and re-enabling AMSI on the advanced ESET configuration fixes it and is less disruptive than a restart. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.