Jump to content

Recommended Posts

Posted

System: Dell XPS 15 L501X (10+ years old)

OS: Windows 10 Pro 22H2 19045.3996 (Fully patched with latest updates, including recent preview update)

Issue: On cold bootup (from a powered off state), approximately 50% of the time, ESET displays the following warning:

ESETAMSIWarning0128241030.png.1aa86ff85244db9a0c79a5ff13777b2b.png

Clicking "Restart device" resolves the issue 100% of the time.

Before restarting, I checked Windows Security to see if it detects any issues, and it does not:

ESETAMSIWarningWindowsSecurity0128241030.png.da29784f7edff2ce8715b1d4988b0afb.png

Have performed a full scan and no threats have been detected.

I have another newer system (Inspiron 7353 2-in-1) with the same OS and updates installed, running on the same network with nearly identical software (some additional apps compared to the system in question) installed. which has never experienced this glitch. The computer experiencing the error is used for very limited tasks (Amazon Music, Chrome for weather radar via the National Weather Service, etc.), and therefore is not exposed to suspect websites, etc.

My hypothesis is this is a timing issue (old laptop, with a mechanical hard-drive which takes some time to boot, where the error is triggered prior to the integration taking place, but then the app is not refreshed to to display the actual status).

Is there any way to resolve this? This began with v17 (I don't believe this error ever displayed with v16 and earlier). It is time consuming to reboot this laptop (because of its age).

I am not going to replace the laptop, I understand it's beyond old - when it dies, it dies. But in the meantime, it works for what I use it for.

Thank you for any thoughts/suggestions.

  • Administrators
Posted

If you can reproduce the error after a computer restart:

  1. Disable Protected service in the HIPS setup
  2. Restart the computer and make sure there is no problem with AMSI
  3. Create a Procmon boot log
  4. After the reboot, stop logging and make sure the problem with AMSI occurs
  5. Save the Procmon log unfiltered in the PML format, compress it and supply it for perusal.
Posted (edited)
24 minutes ago, Marcos said:

If you can reproduce the error after a computer restart:

  1. Disable Protected service in the HIPS setup
  2. Restart the computer and make sure there is no problem with AMSI
  3. Create a Procmon boot log
  4. After the reboot, stop logging and make sure the problem with AMSI occurs
  5. Save the Procmon log unfiltered in the PML format, compress it and supply it for perusal.

Marcos, thank you for the quick response.

I don't think this plan will work. The issue only occurs on first boot up from a powered down state (never an issue when 'restarting' from a powered on state), and it does not manifest every time. I don't want to run the computer for an indefinite amount of time with protected service disabled until the problem reoccurs (nor do I want to create an extremely large log). Any other paths forward?

Edited by howardagoldberg
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...