Jump to content

ESET Endpoint AV 5.0 not recognized by Windows 7 Action Center


rpremuz
 Share

Go to solution Solved by Marcos,

Recommended Posts

Hi!

 

On MS Windows 7 Pro. x64 with SP1 that have ESET Endpoint Antivirus v. 5.0.2214.4 installed the Action Center gives the following warning about virus protection:
"Windows did not find antivirus software on this computer" (see the attached picture).

 

This is a bit strange as one would expect that ESET Endpoint AV is compatible with Windows 7, which is not a new OS.

 

Is there a way to make the Action Center recognize the ESET Endpoing AV as an antivirus software?

 

-- rpr.

post-1494-0-97732300-1376994122_thumb.png

Link to comment
Share on other sites

Hello Peter,

 

I've done what the KB article suggests - run the following commands in Command Prompt:

NET STOP WINMGMT /Y

REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY REP.OLD

and restarted Windows three times but after each restart Windows 7 Action Center reported that "Windows did not find antivirus software on this computer". :(

 

-- rpr.

Link to comment
Share on other sites

This may or may not help, but its verifying the Security Center Service and its dependencies

 

Check the following services and see if they are started

[services.msc from Start > Search or Run]

 

Security Center (wscsvc)

Make sure the dll is in the right location : %SystemRoot%\System32\\wscsvc.dll

Remote Procedure Call (RPC)

Make sure the dll is in the right location : %SystemRoot%\System32\\oleres.dll

DCOM Server Process Launcher

Also oleres.dll

Windows Management Instrumentation (WMI)

Executable location : %Systemroot%\system32\wbem\wmiapsrv.exe

 

Follow up in the Registry to make sure as well

HKLM\System\CurrentControlSet\services

 

Luck be with you :)

Link to comment
Share on other sites

  • 1 month later...

Arkasi,

the machines where I see this problem are all new HP laptops/desktops with OEM Windows 7 Pro. SP1 64-bit and with current MS updates installed. It's very unlikely that some services are not running or DLLs missing on them. But to satisfy you curiosity I checked the services and files with the following commands (in cmd.exe):

sc query wscsvc
sc query RpcSs
sc query DcomLaunch
sc query Winmgmt
dir %SystemRoot%\System32\wscsvc.dll
dir %SystemRoot%\System32\oleres.dll
dir %Systemroot%\system32\wbem\wmiapsrv.exe

and here are the results which show that everything's fine:

C:\>sc query wscsvc

SERVICE_NAME: wscsvc
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

C:\>sc query RpcSs

SERVICE_NAME: RpcSs
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

C:\>sc query DcomLaunch

SERVICE_NAME: DcomLaunch
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

C:\>sc query Winmgmt

SERVICE_NAME: Winmgmt
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

C:\>dir %SystemRoot%\System32\wscsvc.dll
 Volume in drive C has no label.
 Volume Serial Number is 70B8-B314

 Directory of C:\windows\System32

14.07.09.  03:41            97.280 wscsvc.dll
               1 File(s)         97.280 bytes
               0 Dir(s)  412.182.974.464 bytes free

C:\>dir %SystemRoot%\System32\oleres.dll
 Volume in drive C has no label.
 Volume Serial Number is 70B8-B314

 Directory of C:\windows\System32

14.07.09.  03:31            25.600 oleres.dll
               1 File(s)         25.600 bytes
               0 Dir(s)  412.182.974.464 bytes free

C:\>dir %Systemroot%\system32\wbem\wmiapsrv.exe
 Volume in drive C has no label.
 Volume Serial Number is 70B8-B314

 Directory of C:\windows\system32\wbem

14.07.09.  03:39           203.264 WmiApSrv.exe
               1 File(s)        203.264 bytes
               0 Dir(s)  412.182.974.464 bytes free

C:\>

-- rpr.

Link to comment
Share on other sites

  • Administrators
  • Solution

In safe mode, try deleting the value HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WscState

Link to comment
Share on other sites

  • 2 weeks later...

Marcos, your suggestion solves the issue.

 

But it is quite inconvenient to restart many PCs in safe mode. It is strange that the registry value cannot be deleted in normal mode.

 

-- rpr.

Link to comment
Share on other sites

  • Administrators

But it is quite inconvenient to restart many PCs in safe mode. It is strange that the registry value cannot be deleted in normal mode.

 

This would be possible but only with Self-defense disabled (e.g. by applying an ERA policy). You could then apply a GPO which will remove the above mentioned registry key and eventually you'd enable Self-defense again.

Link to comment
Share on other sites

This would be possible but only with Self-defense disabled (e.g. by applying an ERA policy). You could then apply a GPO which will remove the above mentioned registry key and eventually you'd enable Self-defense again.

 

I've tried to do this by an ERA policy which has the following settings set through ESET Configuration Editor:

 

Windows desktop v5 → Kernel → Settings → Antivirus protection → Enable Self-defense: No

Windows desktop v5 → HIPS → Settings → Enable ESET Endpoint Security Self-defense: No

 

After the policy is applied a Windows restart is required to make it active.

Then another Windows restart is required to successfully delete the WscState value in the Registry, e.g. via a startup script that runs the following command:

reg delete "HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Info" /v WscState /f

And then the third Windows restart is required to make ESET AV aware of the change in the Registry.

 

After all that hassle some machines still report that there is no antivirus software installed. I'm attaching the screenshots.

 

-- rpr.

post-1494-0-85588200-1382096449_thumb.png

post-1494-0-35585900-1382096455_thumb.png

post-1494-0-72571600-1382096459_thumb.png

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...