Antimalware Scan Interface (AMSI) integration has failed.

[howardagoldberg 14]

Upgraded to 17.0.15.0 in-app (Check for Updates) on Friday, November 24.

Today (Sunday, November 26), booted up and received the above error message on the Overview screen of the app.

Clicked the 'restart device' link. System took considerably longer to restart than usual, but upon reboot, the error message was gone and now have the expected greenish 'You are protected' banner,

The system in question is a fully updated/patched Win 10 x64 system. The hardware is over 10 years old, but have never seen this message before on this or any of my Win 10 or 11 systems.

What caused it and how can it be prevented in the future? Is there any risk to the system at this point?

No logs to provide, since the error resolved upon reboot.

[itman 1,716]

1 hour ago, howardagoldberg said:

Today (Sunday, November 26), booted up and received the above error message on the Overview screen of the app.

Clicked the 'restart device' link. System took considerably longer to restart than usual,

There are multiple recent malware that are performing AMSI bypasses. This might be related to one of those.

I would perform a full admin level Eset scan and see if it detects anything.

[howardagoldberg 14]

On 11/26/2023 at 2:02 PM, itman said:

There are multiple recent malware that are performing AMSI bypasses. This might be related to one of those.

I would perform a full admin level Eset scan and see if it detects anything.

I will perform a scan, however - after rebooting (and every reboot since) the message has not appeared. The system in question is over 10 years old, and I use it mostly for streaming music. The only software I have downloaded in recent months is app updates via MS Store or updating MS365, Acrobat, etc. I don't even check email on the system. So there are not many vectors for malware to sneak through (all browsers are updated, and I do almost nothing with browsers on this system except go to the National Weather Service radar page and similar known, safe sites). Seems to me like an ESET glitch. None of my other systems on the same network - which are used for online activities more heavily and across a greater variety of services -  have ever displayed the warning, which further increases my confidence that it is not malware.

Windows security center also shows ESET as the Security solution with no issues.

Edited November 30, 2023 by howardagoldberg

[itman 1,716]

In Eset GUI Advanced setup setting, open Advanced options and perform the following.

Verify that AMSI setting is enabled per below screen shot. If not, enable it.

If AMSI setting is enabled, toggle the setting off and then on.

Is the problem now resolved?

 

 

Edited November 30, 2023 by itman

[howardagoldberg 14]

2 hours ago, itman said:

In Eset GUI Advanced setup setting, open Advanced options and perform the following.

Verify that AMSI setting is enabled per below screen shot. If not, enable it.

If AMSI setting is enabled, toggle the setting off and then on.

Is the problem now resolved?

 

 

As I have already stated, the problem was resolved after a reboot. This past Sunday (11/26) the error appeared after booting up. I rebooted, no error message. No error message for several cold starts and reboots since then. I had never seen the error before, and have not seen it since. Windows reports that ESET is the AV provider and no issues are indicated. (I have confirmed that AMSI is enabled as per the screenshot you shared.)

Edited November 30, 2023 by howardagoldberg

[itman 1,716]

1 minute ago, howardagoldberg said:

As I have already stated, the problem was resolved after a reboot.

Great!

Also, past postings on this issue stated a system restart did resolve the issue for most users.

[hrgajek22 0]

Had the same issue on a Windows 11 Insider Preview 22H2 23595.1001.

Thought first, the Insider Preview could be the cause.

A "friendly neighbour" had installed "Driver Booster" on this machine. I uninstalled it at once and rebooted the machine.

Problem solved.

May be this could be useful for some users.

 

 

[ELOGA 0]

Yesterday (2024-02-28), for the first time, I installed Malwarebytes on our laptop computer(OS = Microsoft Windows 10), and which already is running ESET NOD32. This AM I saw this same error message for the first time.

As Mr. Goldberg states, I also clicked the 'restart device' link, and the laptop computer took much longer to restart, and the issue did not recur; also I checked the advanced setup, and AMSI is enabled.

In our case, and possibly for others also, this seems like might be a possible conflict between Malwarebytes and ESET?

However, note that we already have both ESET NOD32 and Malwarebytes running on our "tower" computer (OS = Microsoft Windows 10), for many years and this issue has never arisen on that computer.

 

[itman 1,716]

3 hours ago, ELOGA said:

In our case, and possibly for others also, this seems like might be a possible conflict between Malwarebytes and ESET?

This was discussed in another forum thread which I currently can't find.

MBAM is now a full fledged AV solution and as such now registers itself in Windows Security Center as Eset does. Windows 10/11 only allows one third party AV to register itself as  the active real-time AV solution. This is where the conflict is and the source of the Eset AMSI error. Why this just recently started with devices having both MBAM - real-time mode and Eset installed only Microsoft knows. The only solution is to disable MBAM real-time mode and run it as an on-demand second opinion AV.

Edited February 29 by itman

[howardagoldberg 14]

Just to clarify ... I do not have any other anti-malware solutions installed. So for my system, there is no conflict.

I have two very similarly configured systems, and the issue only occurs on a 10+ year old system with a mechanical hard drive. My best guess is that the warning is triggered after a timeout period (the computer take quite awhile to boot up), even though it is likely functioning normally. There is no indication in the Windows Security Center than anything is amiss, and rebooting always resolve the issue.

[itman 1,716]

29 minutes ago, howardagoldberg said:

the issue only occurs on a 10+ year old system with a mechanical hard drive. My best guess is that the warning is triggered after a timeout period (the computer take quite awhile to boot up), even though it is likely functioning normally.

My system is 13 years old also using two HDDs. I have been using Win 10 since 2016 with Eset installed and have never seen this AMSI error.

[howardagoldberg 14]

Well I'm still seeing it on only 1 of several systems I have ESET installed on. It seemed to abate for a bit, but now it something I have to deal with on nearly every cold boot. It's very annoying, and there is no reason I can identify as to what would be the cause. It started with the latest build.

[MrWrighty 6]

Just had this very issue occur on a Server running Server 2016. Needed to reboot server as getting WindowsUpdateFailed3 in event viewer (tonnes of them). Reboot didn't fix this, but server took an absolute age to start up. Couldn't even RDP in, but the VM started OK and was running. Eventually got in to be presented with the AMSI not integrated message. Running Server Security 11.0.120008.0. Server has been running and stable for a long time. Recently upgraded to Endpoint Security with Cloud Protect.

[MrWrighty 6]

34 minutes ago, MrWrighty said:

Just had this very issue occur on a Server running Server 2016. Needed to reboot server as getting WindowsUpdateFailed3 in event viewer (tonnes of them). Reboot didn't fix this, but server took an absolute age to start up. Couldn't even RDP in, but the VM started OK and was running. Eventually got in to be presented with the AMSI not integrated message. Running Server Security 11.0.120008.0. Server has been running and stable for a long time. Recently upgraded to Endpoint Security with Cloud Protect.

A reboot has not fixed the issue.

[povas 0]

I am having the same exact issue with a Windows Server 2016, which worked like a charm before.

This happened after the Windows updates, also tried rebooting, but to no avail.

[MrWrighty 6]

1 minute ago, povas said:

I am having the same exact issue with a Windows Server 2016, which worked like a charm before.

This happened after the Windows updates, also tried rebooting, but to no avail.

In the end the advice was to disable AMSI in the Eset console then re-enable it. This gets rid of the error and appears to fix the issue after a reboot.