Antimalware Scan Interface (AMSI) integration has failed alert, in latest version of ESET Endpoint Security.

[Felipe osorio 0]

Hi!

We have multiple computers with this issue.
 

We have already try to restart the ccomputers but the alert persist.

Any idea why this is hapenning? 

[itman 1,662]

Another recent posting on this issue here: https://forum.eset.com/topic/39433-antimalware-scan-interface-amsi-integration-has-failed-endpoint-11020320/?do=findComment&comment=178892

[AlanGB 0]

I have the "antimalware scan interface integration failed" error too, after installing 2024-02 Cumulative Update Preview for Windows 11 Version 23H2 for x64-based Systems (KB5034848).

[Marcos 5,082]

If the error occurs after a computer restart, please provide logs collected with ESET Log Collector and "All" selected in the ELC menu.

[AUTH IT Center 0]

Hello! We have been experiencing the same problem on both Servers and Workstations after a reboot and with the latest ESET product installed. We use WSUS for the Windows Update and haven't deployed 2024-01 or 2024-02 Cumulative updates yet.

 

Attached logs from 3 machines.

rdf01-server-era-diagnostic-logs_2024-03-12_08-54-40.zip artsd-60-116-wkstn-era-diagnostic-logs_2024-03-12_08-54-48.zip rds-ltsp01-server-era-diagnostic-logs_2024-03-12_08-57-01.zip

[Marcos 5,082]

For now I'd recommend temporarily disabling the appropriate application status so that the error is not reported in gui. We suspect the issue occurs on machines where the system start is slower and takes longer. We will improve the behavior of AMSI provider handling in the next versions of Endpoint to prevent the error on such systems.

[eornate 3]

On 3/12/2024 at 3:58 PM, Marcos said:

For now I'd recommend temporarily disabling the appropriate application status so that the error is not reported in gui. We suspect the issue occurs on machines where the system start is slower and takes longer. We will improve the behavior of AMSI provider handling in the next versions of Endpoint to prevent the error on such systems.

Hi Macos @Marcos ,

Could you please share the time to release  for next version ? 

[Marcos 5,082]

Just to make sure, did the problem persist after disabling this setting, clicking OK, re-enabling it and clicking OK?

[eornate 3]

1 hour ago, Marcos said:

Just to make sure, did the problem persist after disabling this setting, clicking OK, re-enabling it and clicking OK?

Hi @Marcos,

Is there the completely solution for this issue, customer can not double check manual on each client. They can confirm that when the alert appear on the Eset protect server, they've checked these clients, which are enabled the AMSI feature.This seems the false positive and sometime it's appear on many clients.The customer want to sure that is not false positive." re-enabling it and clicking OK" -> not resolve the issue, they have to reboot client ( although this feature was enabled) -> this alert not appear , but it reappear after many days.

[Marcos 5,082]

We don't know if disabling integration with AMSI and re-enabling it works. If it does but there's a problem after the next restart, this will be addressed in the next hotfix / service update of Endpoint v11 which will be available in approximately 2 months (we've released update 11.0.2044 just recently).

Administrators can temporarily disable the appropriate application status via a policy so that the error is not reported locally on endpoints.

[eornate 3]

2 hours ago, Marcos said:

We don't know if disabling integration with AMSI and re-enabling it works. If it does but there's a problem after the next restart, this will be addressed in the next hotfix / service update of Endpoint v11 which will be available in approximately 2 months (we've released update 11.0.2044 just recently).

Administrators can temporarily disable the appropriate application status via a policy so that the error is not reported locally on endpoints.

Thanks your reply. Hope the next hotfix will completely to fix this issue.