Red Icon -- Firewall failed to load

ESET SS 4 has failed to load the firewall off and on for about 4 months. I blew a gasket a while back on another post because it appeared to me that the solution being recommended was to ask users why we were using the firewall, or why don't we just disable it and use the AV portion of the suite.

Post blown gasket--I got good response from tech support and in return I jumped through all the standard support hoops. I sent several sysinspector logs, used a special Norton uninstall cleanup utility, uninstalled ESET SS, used a special ESET uninstall cleaner utility, reinstalled ESET SS and ended up with a installation that seemed to be more stable.

That was until last week. This time the red icon would not go away no matter cold boot or warm boot. There was a time where a warm boot was more successful than the cold. But that was no longer the case.

I decided to follow all the former suggestions to see if I could solve the problem again without contacting technical support. No joy--even with the latest version of ESET SS .467

I then went into Vista's Event Viewer and I found an error message that said ESET Service was set to be interact enabled and Vista does not allow any program to be in this mode. I had no real clue what this meant but followed the MS Knowledgebase solution which was offered via a link in Event Viewer. It had me go into services find ESET Service, click properties, click the logon tab and uncheck the interact checkbox. I did it and tried to apply the change and was quickly told access denied.

I then started the computer in safe mode. Followed the above steps and this time when I clicked apply it took!

I have rebooted many times over the past two hours and ESET has loaded flawlessly. I have no idea why this is the case, nor how that check box was checked in the first place on an OS that apparently does not permit such a feature to be enabled. I don't know if this will help anyone else out there, nor do I know if this is only a temporary fix, and that the ESET firewall will eventually fail again.

I will also say if not for my two year multiple license subscription I would have moved on already. In fact, I had decided this morning that if I could not solve the problem by day's end I was buying a different product for my one computer.

 

Did you notice and/or try this solution?? I am wondering if it works for this Firewall problem as I have this on/off problem also at times.

https://www.wilderssecurity.com/showthread.php?t=253847

Please let us know.

 

Thanks but my problem is different. Although I have experienced where Windows Security and ESET disagree about the level of protection. I usually go with ESET, blue icon I am good to go, red icon with message firewall failed to load and system is exposed to attack and I'm not so good.

I am sorry to say that my celebration re: the above post was short lived. The red icon of death came back after a few more boots.

Further research using the event viewer seems to indicate that there is a battle going on over control and release of the registry (see below). I am wondering who is fighting over its use and if ESET is involved. No control, No firewall? Not sure. But this makes me think that there might be a registry problem, corruption of some sort, perhaps related to the user profile. Everything else seems to run just fine, it is only ESET that seems to get so UPSET (get it). A bit punchy, I have been after this for the past 10 hours and at this point, I have turned Windows Firewall back on. It apparently has no problem loading.

I am wondering if there is a way to eliminate the corruptiong in the registry without destroying my daughter's profile (I simply don't want to reinstall all her software). My other thought is simply to load NOD32 and use Windows Firewall or other thirdparty as suggested elsewhere in this forum.

I'll sleep on it and see what tomorrow brings. Thanks for your suggestion.
**********
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 9/24/2009 4:12:11 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Heather-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-1067899391-4183899201-182721042-1000:
Process 1344 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1067899391-4183899201-182721042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1344 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1067899391-4183899201-182721042-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="32768">1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-09-24T20:12:11.000Z" />
<EventRecordID>34986</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Heather-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">2 user registry handles leaked from \Registry\User\S-1-5-21-1067899391-4183899201-182721042-1000:
Process 1344 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1067899391-4183899201-182721042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1344 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1067899391-4183899201-182721042-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
</Data>
</EventData>
</Event>
*****************************************

 

Well what I thought fixed the problem did not. After investing so many hours trying to get ESET SS 4 to be stable I decided to forget SS, and to use NOD32 and Windows Firewall until I could decide on a firewall product.

Laugh out loud, or cry out loud I could not believe it when the NOD32 icon came up red and told me there was a problem loading. I immediately switched to Comodo on Friday the 26th, and I am happy to report there has not been a single problem in four days of use with the Comodo products.

I believe ESET SS and NOD32 do not handle computers that are a bit older and have a little so called rust in their joints where they take a little longer booting. Whatever the underlying problem, Comodo seems to take it in stride.

I will continue to use ESET on my other two computers until the subscription runs out. I don't think I will ever purchase a multi-year license from anyone. Yeah the savings look great at first, but then if you have a problem with the product you feel you can't walk away. If not for the subscription I would have dumped ESET back in May/June time frame when my problems first appeared.

Windows Firewall and Comodo Firewall have no problem loading on this older computer to whatever the argument on ESET's side, the point is other firewall products load just fine. As for why the NOD32 had problems loading I have no idea. My only thought is that whatever the problem it is code related to both NOD32 and SS.

Lesson learned.

 

well, usually when something like this happens, there is a stuck corrupted registry key involved.Most of the time they are too deep to find, even for a windows registry expert like myself.Only a clean install of windows will fix an issue like this.Your not having a problem with comodo, because it was probably never installed before, but if there is in fact something corrupted on your system, the same thing will eventually happen even to comodo.You might think the code is weak or some other flaws allways cause these problems for eset, but when you start looking at comodo, symantec or other security software companies forums, you will see it was not so much eset.Symantec regularly has program updates to fix their bugs and issues, I don't know about the others, but can tell you it's not only eset once you go sniffing around a little on other security software forums. usually similar things happen with them also, for the same reasons.