Jump to content

Antimalware Scan Interface (AMSI) integration has failed.


howardagoldberg

Recommended Posts

Upgraded to 17.0.15.0 in-app (Check for Updates) on Friday, November 24.

Today (Sunday, November 26), booted up and received the above error message on the Overview screen of the app.

Clicked the 'restart device' link. System took considerably longer to restart than usual, but upon reboot, the error message was gone and now have the expected greenish 'You are protected' banner,

The system in question is a fully updated/patched Win 10 x64 system. The hardware is over 10 years old, but have never seen this message before on this or any of my Win 10 or 11 systems.

What caused it and how can it be prevented in the future? Is there any risk to the system at this point?

No logs to provide, since the error resolved upon reboot.

ESET 17 Error on Startup 112623.png

Link to comment
Share on other sites

1 hour ago, howardagoldberg said:

Today (Sunday, November 26), booted up and received the above error message on the Overview screen of the app.

Clicked the 'restart device' link. System took considerably longer to restart than usual,

There are multiple recent malware that are performing AMSI bypasses. This might be related to one of those.

I would perform a full admin level Eset scan and see if it detects anything.

Link to comment
Share on other sites

On 11/26/2023 at 2:02 PM, itman said:

There are multiple recent malware that are performing AMSI bypasses. This might be related to one of those.

I would perform a full admin level Eset scan and see if it detects anything.

I will perform a scan, however - after rebooting (and every reboot since) the message has not appeared. The system in question is over 10 years old, and I use it mostly for streaming music. The only software I have downloaded in recent months is app updates via MS Store or updating MS365, Acrobat, etc. I don't even check email on the system. So there are not many vectors for malware to sneak through (all browsers are updated, and I do almost nothing with browsers on this system except go to the National Weather Service radar page and similar known, safe sites). Seems to me like an ESET glitch. None of my other systems on the same network - which are used for online activities more heavily and across a greater variety of services -  have ever displayed the warning, which further increases my confidence that it is not malware.

Windows security center also shows ESET as the Security solution with no issues.

Edited by howardagoldberg
Link to comment
Share on other sites

In Eset GUI Advanced setup setting, open Advanced options and perform the following.

Verify that AMSI setting is enabled per below screen shot. If not, enable it.

If AMSI setting is enabled, toggle the setting off and then on.

Is the problem now resolved?

Eset_AMSI.thumb.png.95a055fdff4fb46849f8828cdd400ab6.png

 

 

Edited by itman
Link to comment
Share on other sites

2 hours ago, itman said:

In Eset GUI Advanced setup setting, open Advanced options and perform the following.

Verify that AMSI setting is enabled per below screen shot. If not, enable it.

If AMSI setting is enabled, toggle the setting off and then on.

Is the problem now resolved?

Eset_AMSI.thumb.png.95a055fdff4fb46849f8828cdd400ab6.png

 

 

As I have already stated, the problem was resolved after a reboot. This past Sunday (11/26) the error appeared after booting up. I rebooted, no error message. No error message for several cold starts and reboots since then. I had never seen the error before, and have not seen it since. Windows reports that ESET is the AV provider and no issues are indicated. (I have confirmed that AMSI is enabled as per the screenshot you shared.)

Edited by howardagoldberg
Link to comment
Share on other sites

1 minute ago, howardagoldberg said:

As I have already stated, the problem was resolved after a reboot.

Great!

Also, past postings on this issue stated a system restart did resolve the issue for most users.

Link to comment
Share on other sites

Had the same issue on a Windows 11 Insider Preview 22H2 23595.1001.

Thought first, the Insider Preview could be the cause.

A "friendly neighbour" had installed "Driver Booster" on this machine. I uninstalled it at once and rebooted the machine.

Problem solved.

May be this could be useful for some users.

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...