amber438 0 Posted February 2 Share Posted February 2 I have Internet Security version 17.016.0 and after last update I'm suddenly getting this error when machine boots up "Antimalware Scan Interface (AMSI) Integration has failed. Antimalware Scan Interface is not integrated into your system. This means that Powershell Scripts and Scripts executed by Windows Script Host will not be scanned for malicious content". It occurs shortly after boot and I have to reboot Windows to fix the issue each and every time. System is windows 10 pro 64 and totally updated. I's a real pain to have to reboot after the system starts up and I feel this is some ESET error. Is there a fix besides rebooting all the time? Thanks Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,088 Posted February 2 Administrators Share Posted February 2 Please provide logs collected with ESET Log Collector. Quote Link to comment Share on other sites More sharing options...
amber438 0 Posted February 3 Author Share Posted February 3 ok here it is eis_logs.zip Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,088 Posted February 4 Administrators Share Posted February 4 Are these logs from time when the error was reported? The thing is that C:\Program Files\ESET\ESET Security\eamsi.dll seems to be correctly registered as an AMSI provider in the registry. Quote Link to comment Share on other sites More sharing options...
itman 1,668 Posted February 4 Share Posted February 4 The following run from admin cmd prompt window will verify if Eset AMSI is running properly; Quote Link to comment Share on other sites More sharing options...
amber438 0 Posted February 4 Author Share Posted February 4 Sorry I didnt know I had to make logs when in the issue. I turned on my pc just now to get logs and the issue and weirdly the error did not appear for the first time since upgrading to v17. I made logs anyway. I will run those admin commands in cmd to see whats going on and keep a watch. If it happens again I will take logs and upload Ran the command pronpt items and this is what I got: Quote Link to comment Share on other sites More sharing options...
itman 1,668 Posted February 4 Share Posted February 4 6 minutes ago, amber438 said: Ran the command pronpt items and this is what I got If this output received when Eset showed the AMSI not functional alert, it appears the alert is a bogus one. Quote Link to comment Share on other sites More sharing options...
amber438 0 Posted February 4 Author Share Posted February 4 53 minutes ago, itman said: If this output received when Eset showed the AMSI not functional alert, it appears the alert is a bogus one. As I stated above, it was done this morning when the error did not show for the first time since program updated. I will keep a watch to see if it reappears and upload new info if it does. Thanks anyway Quote Link to comment Share on other sites More sharing options...
itman 1,668 Posted February 4 Share Posted February 4 6 hours ago, Marcos said: The thing is that C:\Program Files\ESET\ESET Security\eamsi.dll seems to be correctly registered as an AMSI provider in the registry. AMSI can be disabled via reg key hack: https://www.elastic.co/guide/en/security/current/modification-of-amsienable-registry-key.html Quote Link to comment Share on other sites More sharing options...
amber438 0 Posted February 6 Author Share Posted February 6 Ok guys. Just turned on PC and error is back. Here is a fresh log made while error is active. I have not rebooted yet eis_logs.zip Quote Link to comment Share on other sites More sharing options...
amber438 0 Posted February 6 Author Share Posted February 6 and this is what I get when running the cmd tasklist prompt. Somethis is definitely wrong Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,088 Posted February 6 Administrators Share Posted February 6 It appears that something prevented ESET from registering as an AMSI provider. It appears that you have MBAM installed with all its features and drivers. Please make sure to use it only as a second opinion on-demand scanner without any of its drivers loaded: Malwarebytes Anti-Exploit, c:\windows\system32\drivers\mbae64.sys, System, Running, , Malwarebytes Anti-Exploit, Malwarebytes MBAMChameleon, c:\windows\system32\drivers\mbamchameleon.sys, Automatic, Running, , Malwarebytes Chameleon, Malwarebytes MBAMFarflt, c:\windows\system32\drivers\farflt.sys, Manual, Running, , Malwarebytes Anti-Ransomware Protection, Malwarebytes MBAMProtection, c:\windows\system32\drivers\mbam.sys, Manual, Running, , Malwarebytes Real-Time Protection, Malwarebytes MBAMSwissArmy, c:\windows\system32\drivers\mbamswissarmy.sys, Manual, Running, , Malwarebytes SwissArmy, Malwarebytes MBAMWebProtection, c:\windows\system32\drivers\mwac.sys, Manual, Running, , Malwarebytes Web Protection, Malwarebytes Albeit these drivers are not loaded, I'd recommend removing the from the disk, if exist: epmntdrv, c:\windows\system32\epmntdrv.sys EuGdiDrv, c:\windows\system32\eugdidrv.sys Also try temporarily removing EaseUS software which appears to have installed drivers with an invalid signature. If you need to have it installed, replace it with the latest version from their website. Quote Link to comment Share on other sites More sharing options...
amber438 0 Posted February 6 Author Share Posted February 6 Thats strange because I've had mbam and eset together for years without issues. ok how do I configure mbam as a second opinion on-demand scanner without any of its drivers loaded? also, my firewall has some custom entries I do not want to loose. I made a backup thru eset. with this be sufficient to save all of my settings or are other other files I need to back up for a reinstall Thanks Quote Link to comment Share on other sites More sharing options...
amber438 0 Posted February 7 Author Share Posted February 7 21 hours ago, Marcos said: It appears that something prevented ESET from registering as an AMSI provider. It appears that you have MBAM installed with all its features and drivers. Please make sure to use it only as a second opinion on-demand scanner without any of its drivers loaded: Malwarebytes Anti-Exploit, c:\windows\system32\drivers\mbae64.sys, System, Running, , Malwarebytes Anti-Exploit, Malwarebytes MBAMChameleon, c:\windows\system32\drivers\mbamchameleon.sys, Automatic, Running, , Malwarebytes Chameleon, Malwarebytes MBAMFarflt, c:\windows\system32\drivers\farflt.sys, Manual, Running, , Malwarebytes Anti-Ransomware Protection, Malwarebytes MBAMProtection, c:\windows\system32\drivers\mbam.sys, Manual, Running, , Malwarebytes Real-Time Protection, Malwarebytes MBAMSwissArmy, c:\windows\system32\drivers\mbamswissarmy.sys, Manual, Running, , Malwarebytes SwissArmy, Malwarebytes MBAMWebProtection, c:\windows\system32\drivers\mwac.sys, Manual, Running, , Malwarebytes Web Protection, Malwarebytes Albeit these drivers are not loaded, I'd recommend removing the from the disk, if exist: epmntdrv, c:\windows\system32\epmntdrv.sys EuGdiDrv, c:\windows\system32\eugdidrv.sys Also try temporarily removing EaseUS software which appears to have installed drivers with an invalid signature. If you need to have it installed, replace it with the latest version from their website. Hi Marco Thought you would see my answer but I didnt quote you. Thats strange because I've had mbam and eset together for years without issues. I turned off mbam real time protection and will use it for a second scanner but I must say that in the past mbam got things that eset did not. also, my firewall has some custom entries I do not want to loose. I made a backup thru eset. with this be sufficient to save all of my settings or are other other files I need to back up for a reinstall BTW, error did not appear when i just turned on my pc with mbam real time off. Thanks Amber Thanks Quote Link to comment Share on other sites More sharing options...
itman 1,668 Posted February 7 Share Posted February 7 (edited) On 2/6/2024 at 4:06 PM, amber438 said: Thats strange because I've had mbam and eset together for years without issues. MBAM now registers itself in Microsoft Security Center as the active Win real-time solution just as Eset does. This is bound to lead to erratic and borked registration behavior as observed. This article: https://support.malwarebytes.com/hc/en-us/articles/360039024313-Register-Malwarebytes-for-Windows-v4-with-the-Windows-Security-Center shows how to disable MBAM Microsoft Security Center registration. This said, MBAM real-time scanning should be permanently disabled, which will do the same, as it's bound to conflict w/East real-time scanning in other ways. Edited February 7 by itman Quote Link to comment Share on other sites More sharing options...
Solution amber438 0 Posted February 9 Author Solution Share Posted February 9 On 2/7/2024 at 3:50 PM, itman said: MBAM now registers itself in Microsoft Security Center as the active Win real-time solution just as Eset does. This is bound to lead to erratic and borked registration behavior as observed. This article: https://support.malwarebytes.com/hc/en-us/articles/360039024313-Register-Malwarebytes-for-Windows-v4-with-the-Windows-Security-Center shows how to disable MBAM Microsoft Security Center registration. This said, MBAM real-time scanning should be permanently disabled, which will do the same, as it's bound to conflict w/East real-time scanning in other ways. Thanks. This seems to have worked. I have not gotten the error message since I disables real time scanning in mbam. Thanks! Quote Link to comment Share on other sites More sharing options...
howardagoldberg 14 Posted February 9 Share Posted February 9 I am having the same issue. It randomly manifests when booting up from a powered off state. (Does not happen on restarts.) I do not have any other third-party antimalware software installed. Cannot generate a log because there is no pattern as to when the integration fails. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.