howardagoldberg 14 Posted January 28 Posted January 28 System: Dell XPS 15 L501X (10+ years old) OS: Windows 10 Pro 22H2 19045.3996 (Fully patched with latest updates, including recent preview update) Issue: On cold bootup (from a powered off state), approximately 50% of the time, ESET displays the following warning: Clicking "Restart device" resolves the issue 100% of the time. Before restarting, I checked Windows Security to see if it detects any issues, and it does not: Have performed a full scan and no threats have been detected. I have another newer system (Inspiron 7353 2-in-1) with the same OS and updates installed, running on the same network with nearly identical software (some additional apps compared to the system in question) installed. which has never experienced this glitch. The computer experiencing the error is used for very limited tasks (Amazon Music, Chrome for weather radar via the National Weather Service, etc.), and therefore is not exposed to suspect websites, etc. My hypothesis is this is a timing issue (old laptop, with a mechanical hard-drive which takes some time to boot, where the error is triggered prior to the integration taking place, but then the app is not refreshed to to display the actual status). Is there any way to resolve this? This began with v17 (I don't believe this error ever displayed with v16 and earlier). It is time consuming to reboot this laptop (because of its age). I am not going to replace the laptop, I understand it's beyond old - when it dies, it dies. But in the meantime, it works for what I use it for. Thank you for any thoughts/suggestions.
Administrators Marcos 5,468 Posted January 28 Administrators Posted January 28 If you can reproduce the error after a computer restart: Disable Protected service in the HIPS setup Restart the computer and make sure there is no problem with AMSI Create a Procmon boot log After the reboot, stop logging and make sure the problem with AMSI occurs Save the Procmon log unfiltered in the PML format, compress it and supply it for perusal.
howardagoldberg 14 Posted January 28 Author Posted January 28 (edited) 24 minutes ago, Marcos said: If you can reproduce the error after a computer restart: Disable Protected service in the HIPS setup Restart the computer and make sure there is no problem with AMSI Create a Procmon boot log After the reboot, stop logging and make sure the problem with AMSI occurs Save the Procmon log unfiltered in the PML format, compress it and supply it for perusal. Marcos, thank you for the quick response. I don't think this plan will work. The issue only occurs on first boot up from a powered down state (never an issue when 'restarting' from a powered on state), and it does not manifest every time. I don't want to run the computer for an indefinite amount of time with protected service disabled until the problem reoccurs (nor do I want to create an extremely large log). Any other paths forward? Edited January 28 by howardagoldberg
Recommended Posts