rpremuz 6 Posted August 20, 2013 Share Posted August 20, 2013 Hi! On MS Windows 7 Pro. x64 with SP1 that have ESET Endpoint Antivirus v. 5.0.2214.4 installed the Action Center gives the following warning about virus protection:"Windows did not find antivirus software on this computer" (see the attached picture). This is a bit strange as one would expect that ESET Endpoint AV is compatible with Windows 7, which is not a new OS. Is there a way to make the Action Center recognize the ESET Endpoing AV as an antivirus software? -- rpr. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted August 20, 2013 ESET Moderators Share Posted August 20, 2013 Hello Rpremuz, could you please try to do steps described in this KB article: Windows Security Center is not detecting my Windows ESET security product Link to comment Share on other sites More sharing options...
rpremuz 6 Posted August 21, 2013 Author Share Posted August 21, 2013 Hello Peter, I've done what the KB article suggests - run the following commands in Command Prompt: NET STOP WINMGMT /Y REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY REP.OLD and restarted Windows three times but after each restart Windows 7 Action Center reported that "Windows did not find antivirus software on this computer". -- rpr. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted August 23, 2013 Share Posted August 23, 2013 This may or may not help, but its verifying the Security Center Service and its dependencies Check the following services and see if they are started [services.msc from Start > Search or Run] Security Center (wscsvc) Make sure the dll is in the right location : %SystemRoot%\System32\\wscsvc.dll Remote Procedure Call (RPC) Make sure the dll is in the right location : %SystemRoot%\System32\\oleres.dll DCOM Server Process Launcher Also oleres.dll Windows Management Instrumentation (WMI) Executable location : %Systemroot%\system32\wbem\wmiapsrv.exe Follow up in the Registry to make sure as well HKLM\System\CurrentControlSet\services Luck be with you Link to comment Share on other sites More sharing options...
rpremuz 6 Posted October 3, 2013 Author Share Posted October 3, 2013 Arkasi,the machines where I see this problem are all new HP laptops/desktops with OEM Windows 7 Pro. SP1 64-bit and with current MS updates installed. It's very unlikely that some services are not running or DLLs missing on them. But to satisfy you curiosity I checked the services and files with the following commands (in cmd.exe): sc query wscsvc sc query RpcSs sc query DcomLaunch sc query Winmgmt dir %SystemRoot%\System32\wscsvc.dll dir %SystemRoot%\System32\oleres.dll dir %Systemroot%\system32\wbem\wmiapsrv.exe and here are the results which show that everything's fine: C:\>sc query wscsvc SERVICE_NAME: wscsvc TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 C:\>sc query RpcSs SERVICE_NAME: RpcSs TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 C:\>sc query DcomLaunch SERVICE_NAME: DcomLaunch TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 C:\>sc query Winmgmt SERVICE_NAME: Winmgmt TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 C:\>dir %SystemRoot%\System32\wscsvc.dll Volume in drive C has no label. Volume Serial Number is 70B8-B314 Directory of C:\windows\System32 14.07.09. 03:41 97.280 wscsvc.dll 1 File(s) 97.280 bytes 0 Dir(s) 412.182.974.464 bytes free C:\>dir %SystemRoot%\System32\oleres.dll Volume in drive C has no label. Volume Serial Number is 70B8-B314 Directory of C:\windows\System32 14.07.09. 03:31 25.600 oleres.dll 1 File(s) 25.600 bytes 0 Dir(s) 412.182.974.464 bytes free C:\>dir %Systemroot%\system32\wbem\wmiapsrv.exe Volume in drive C has no label. Volume Serial Number is 70B8-B314 Directory of C:\windows\system32\wbem 14.07.09. 03:39 203.264 WmiApSrv.exe 1 File(s) 203.264 bytes 0 Dir(s) 412.182.974.464 bytes free C:\> -- rpr. Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,074 Posted October 3, 2013 Administrators Solution Share Posted October 3, 2013 In safe mode, try deleting the value HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WscState Link to comment Share on other sites More sharing options...
rpremuz 6 Posted October 14, 2013 Author Share Posted October 14, 2013 Marcos, your suggestion solves the issue. But it is quite inconvenient to restart many PCs in safe mode. It is strange that the registry value cannot be deleted in normal mode. -- rpr. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 14, 2013 Administrators Share Posted October 14, 2013 But it is quite inconvenient to restart many PCs in safe mode. It is strange that the registry value cannot be deleted in normal mode. This would be possible but only with Self-defense disabled (e.g. by applying an ERA policy). You could then apply a GPO which will remove the above mentioned registry key and eventually you'd enable Self-defense again. Link to comment Share on other sites More sharing options...
rpremuz 6 Posted October 18, 2013 Author Share Posted October 18, 2013 This would be possible but only with Self-defense disabled (e.g. by applying an ERA policy). You could then apply a GPO which will remove the above mentioned registry key and eventually you'd enable Self-defense again. I've tried to do this by an ERA policy which has the following settings set through ESET Configuration Editor: Windows desktop v5 → Kernel → Settings → Antivirus protection → Enable Self-defense: No Windows desktop v5 → HIPS → Settings → Enable ESET Endpoint Security Self-defense: No After the policy is applied a Windows restart is required to make it active. Then another Windows restart is required to successfully delete the WscState value in the Registry, e.g. via a startup script that runs the following command: reg delete "HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Info" /v WscState /f And then the third Windows restart is required to make ESET AV aware of the change in the Registry. After all that hassle some machines still report that there is no antivirus software installed. I'm attaching the screenshots. -- rpr. Link to comment Share on other sites More sharing options...
Recommended Posts