Jump to content

Antimalware Scan Interface (AMSI) integration has failed

amber438
 Share
Go to solution Solved by amber438,

Recommended Posts

amber438

amber438 0

Posted
Posted

I have Internet Security version 17.016.0 and after last update I'm suddenly getting this error when machine boots up 

"Antimalware Scan Interface (AMSI) Integration has failed. Antimalware Scan Interface is not integrated into your system.  This means that Powershell Scripts and Scripts executed by Windows Script Host will not be scanned for malicious content".

It occurs shortly after boot and I have to reboot Windows to fix the issue each and every time.

System is windows 10 pro 64 and totally updated.  I's a real pain to have to reboot after the system starts up and I feel this is some ESET error.

Is there a fix besides rebooting all the time?

Thanks

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,088

Posted
  • Administrators
Posted

Are these logs from time when the error was reported?

The thing is that C:\Program Files\ESET\ESET Security\eamsi.dll seems to be correctly registered as an AMSI provider in the registry.

Link to comment
Share on other sites
amber438

amber438 0

Posted
  • Author
Posted

Sorry I didnt know I had to make logs when in the issue.  I turned on my pc just now to get logs and the issue and weirdly the error did not appear for the first time since upgrading to v17.  I made logs anyway. I will run those admin commands in cmd to see whats going on and keep a watch.  If it happens again I will take logs and upload

Ran the command pronpt items and this is what I got:

 

Screenshot_1.jpg

Link to comment
Share on other sites
itman

itman 1,668

Posted
Posted
6 minutes ago, amber438 said:

Ran the command pronpt items and this is what I got

If this output received when Eset showed the AMSI not functional alert, it appears the alert is a bogus one.

Link to comment
Share on other sites
amber438

amber438 0

Posted
  • Author
Posted
53 minutes ago, itman said:

If this output received when Eset showed the AMSI not functional alert, it appears the alert is a bogus one.

As I stated above, it was done this morning when the error did not show for the first time since program updated.  I will keep a watch to see if it reappears and upload new info if it does.  Thanks anyway

Link to comment
Share on other sites
itman

itman 1,668

Posted
Posted
6 hours ago, Marcos said:

The thing is that C:\Program Files\ESET\ESET Security\eamsi.dll seems to be correctly registered as an AMSI provider in the registry.

AMSI can be disabled via reg key hack: https://www.elastic.co/guide/en/security/current/modification-of-amsienable-registry-key.html

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,088

Posted
  • Administrators
Posted

It appears that something prevented ESET from registering as an AMSI provider. It appears that you have MBAM installed with all its features and drivers. Please make sure to use it only as a second opinion on-demand scanner without any of its drivers loaded:

Malwarebytes Anti-Exploit, c:\windows\system32\drivers\mbae64.sys, System, Running, , Malwarebytes Anti-Exploit, Malwarebytes
MBAMChameleon, c:\windows\system32\drivers\mbamchameleon.sys, Automatic, Running, , Malwarebytes Chameleon, Malwarebytes
MBAMFarflt, c:\windows\system32\drivers\farflt.sys, Manual, Running, , Malwarebytes Anti-Ransomware Protection, Malwarebytes
MBAMProtection, c:\windows\system32\drivers\mbam.sys, Manual, Running, , Malwarebytes Real-Time Protection, Malwarebytes
MBAMSwissArmy, c:\windows\system32\drivers\mbamswissarmy.sys, Manual, Running, , Malwarebytes SwissArmy, Malwarebytes
MBAMWebProtection, c:\windows\system32\drivers\mwac.sys, Manual, Running, , Malwarebytes Web Protection, Malwarebytes

Albeit these drivers are not loaded, I'd recommend removing the from the disk, if exist:

epmntdrv, c:\windows\system32\epmntdrv.sys
EuGdiDrv, c:\windows\system32\eugdidrv.sys

Also try temporarily removing EaseUS software which appears to have installed drivers with an invalid signature. If you need to have it installed, replace it with the latest version from their website.

Link to comment
Share on other sites
amber438

amber438 0

Posted
  • Author
Posted

Thats strange because I've had mbam and eset together for years without issues.

ok how do I configure mbam as a second opinion on-demand scanner without any of its drivers loaded?

also, my firewall has some custom entries I do not want to loose.  I made a backup thru eset.  with this be sufficient to save all of my settings or are other other files I need to back up for a reinstall

Thanks

Link to comment
Share on other sites
amber438

amber438 0

Posted
  • Author
Posted
21 hours ago, Marcos said:

It appears that something prevented ESET from registering as an AMSI provider. It appears that you have MBAM installed with all its features and drivers. Please make sure to use it only as a second opinion on-demand scanner without any of its drivers loaded:

Malwarebytes Anti-Exploit, c:\windows\system32\drivers\mbae64.sys, System, Running, , Malwarebytes Anti-Exploit, Malwarebytes
MBAMChameleon, c:\windows\system32\drivers\mbamchameleon.sys, Automatic, Running, , Malwarebytes Chameleon, Malwarebytes
MBAMFarflt, c:\windows\system32\drivers\farflt.sys, Manual, Running, , Malwarebytes Anti-Ransomware Protection, Malwarebytes
MBAMProtection, c:\windows\system32\drivers\mbam.sys, Manual, Running, , Malwarebytes Real-Time Protection, Malwarebytes
MBAMSwissArmy, c:\windows\system32\drivers\mbamswissarmy.sys, Manual, Running, , Malwarebytes SwissArmy, Malwarebytes
MBAMWebProtection, c:\windows\system32\drivers\mwac.sys, Manual, Running, , Malwarebytes Web Protection, Malwarebytes

Albeit these drivers are not loaded, I'd recommend removing the from the disk, if exist:

epmntdrv, c:\windows\system32\epmntdrv.sys
EuGdiDrv, c:\windows\system32\eugdidrv.sys

Also try temporarily removing EaseUS software which appears to have installed drivers with an invalid signature. If you need to have it installed, replace it with the latest version from their website.

Hi Marco

Thought you would see my answer but I didnt quote you.

Thats strange because I've had mbam and eset together for years without issues.

I turned off mbam real time protection and will use it for a second scanner but I must say that in the past mbam got things that eset did not. 

also, my firewall has some custom entries I do not want to loose.  I made a backup thru eset.  with this be sufficient to save all of my settings or are other other files I need to back up for a reinstall

BTW, error did not appear when i just turned on my pc with mbam real time off.

Thanks

Amber

Thanks

Link to comment
Share on other sites
itman

itman 1,668

Posted
Posted (edited)
On 2/6/2024 at 4:06 PM, amber438 said:

Thats strange because I've had mbam and eset together for years without issues.

MBAM now registers itself in Microsoft Security Center as the active Win real-time solution just as Eset does. This is bound to lead to erratic and borked registration behavior as observed.

This article: https://support.malwarebytes.com/hc/en-us/articles/360039024313-Register-Malwarebytes-for-Windows-v4-with-the-Windows-Security-Center shows how to disable MBAM Microsoft Security Center registration. This said, MBAM real-time scanning should be permanently disabled, which will do the same, as it's bound to conflict w/East real-time scanning in other ways.

Edited by itman
Link to comment
Share on other sites
  • Solution
amber438

amber438 0

Posted
  • Author
  • Solution
Posted
On 2/7/2024 at 3:50 PM, itman said:

MBAM now registers itself in Microsoft Security Center as the active Win real-time solution just as Eset does. This is bound to lead to erratic and borked registration behavior as observed.

This article: https://support.malwarebytes.com/hc/en-us/articles/360039024313-Register-Malwarebytes-for-Windows-v4-with-the-Windows-Security-Center shows how to disable MBAM Microsoft Security Center registration. This said, MBAM real-time scanning should be permanently disabled, which will do the same, as it's bound to conflict w/East real-time scanning in other ways.

Thanks.  This seems to have worked.  I have not gotten the error message since I disables real time scanning in mbam.  Thanks!

Link to comment
Share on other sites
howardagoldberg

howardagoldberg 14

Posted
Posted

I am having the same issue. It randomly manifests when booting up from a powered off state. (Does not happen on restarts.) I do not have any other third-party antimalware software installed. Cannot generate a log because there is no pattern as to when the integration fails.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...