Felipe osorio 0 Posted January 18 Share Posted January 18 Hi! We have multiple computers with this issue. We have already try to restart the ccomputers but the alert persist. Any idea why this is hapenning? Link to comment Share on other sites More sharing options...
itman 1,746 Posted January 18 Share Posted January 18 Another recent posting on this issue here: https://forum.eset.com/topic/39433-antimalware-scan-interface-amsi-integration-has-failed-endpoint-11020320/?do=findComment&comment=178892 Link to comment Share on other sites More sharing options...
AlanGB 0 Posted March 4 Share Posted March 4 I have the "antimalware scan interface integration failed" error too, after installing 2024-02 Cumulative Update Preview for Windows 11 Version 23H2 for x64-based Systems (KB5034848). Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted March 4 Administrators Share Posted March 4 If the error occurs after a computer restart, please provide logs collected with ESET Log Collector and "All" selected in the ELC menu. Link to comment Share on other sites More sharing options...
AUTH IT Center 0 Posted March 12 Share Posted March 12 Hello! We have been experiencing the same problem on both Servers and Workstations after a reboot and with the latest ESET product installed. We use WSUS for the Windows Update and haven't deployed 2024-01 or 2024-02 Cumulative updates yet. Attached logs from 3 machines. rdf01-server-era-diagnostic-logs_2024-03-12_08-54-40.zip artsd-60-116-wkstn-era-diagnostic-logs_2024-03-12_08-54-48.zip rds-ltsp01-server-era-diagnostic-logs_2024-03-12_08-57-01.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted March 12 Administrators Share Posted March 12 For now I'd recommend temporarily disabling the appropriate application status so that the error is not reported in gui. We suspect the issue occurs on machines where the system start is slower and takes longer. We will improve the behavior of AMSI provider handling in the next versions of Endpoint to prevent the error on such systems. Link to comment Share on other sites More sharing options...
eornate 4 Posted March 18 Share Posted March 18 On 3/12/2024 at 3:58 PM, Marcos said: For now I'd recommend temporarily disabling the appropriate application status so that the error is not reported in gui. We suspect the issue occurs on machines where the system start is slower and takes longer. We will improve the behavior of AMSI provider handling in the next versions of Endpoint to prevent the error on such systems. Hi Macos @Marcos , Could you please share the time to release for next version ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted March 18 Administrators Share Posted March 18 Just to make sure, did the problem persist after disabling this setting, clicking OK, re-enabling it and clicking OK? Link to comment Share on other sites More sharing options...
eornate 4 Posted March 18 Share Posted March 18 1 hour ago, Marcos said: Just to make sure, did the problem persist after disabling this setting, clicking OK, re-enabling it and clicking OK? Hi @Marcos, Is there the completely solution for this issue, customer can not double check manual on each client. They can confirm that when the alert appear on the Eset protect server, they've checked these clients, which are enabled the AMSI feature.This seems the false positive and sometime it's appear on many clients.The customer want to sure that is not false positive." re-enabling it and clicking OK" -> not resolve the issue, they have to reboot client ( although this feature was enabled) -> this alert not appear , but it reappear after many days. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted March 18 Administrators Share Posted March 18 We don't know if disabling integration with AMSI and re-enabling it works. If it does but there's a problem after the next restart, this will be addressed in the next hotfix / service update of Endpoint v11 which will be available in approximately 2 months (we've released update 11.0.2044 just recently). Administrators can temporarily disable the appropriate application status via a policy so that the error is not reported locally on endpoints. Link to comment Share on other sites More sharing options...
eornate 4 Posted March 18 Share Posted March 18 2 hours ago, Marcos said: We don't know if disabling integration with AMSI and re-enabling it works. If it does but there's a problem after the next restart, this will be addressed in the next hotfix / service update of Endpoint v11 which will be available in approximately 2 months (we've released update 11.0.2044 just recently). Administrators can temporarily disable the appropriate application status via a policy so that the error is not reported locally on endpoints. Thanks your reply. Hope the next hotfix will completely to fix this issue. Link to comment Share on other sites More sharing options...
Recommended Posts