Start-up problems again...

Just out of curiosity, what version of Setpoint are you running? I'm running 6.20.50 (Driver version 5.20.51) without any issues on Win7 x64 (For my Logitech Illuminated Keyboard). Do you have setpoint configured to do something with the settings?

Just to comment somewhat offtopic, imo setpoint is horrible software, everytime I open the control center it changes my mouse speed (Even though it's not a logitech mouse) so I imagine it does some other nasty startup stuff .

 

Hi,

Yes, same version. I'm the 'reverse' to you, in that I'm using Setpoint for the MX Revolution mouse and not the illuminated keyboard, so it may be something to do with the 'intrusive' mouse driver / settings that NOD32 doesn't like. I was using a third party add-on to Setpoint called 'uberoptions' which extends Setpoint's functionality, but after removing that first I still saw the same warnings appear in the HIPS log. I've now removed Setpoint completely and of course the log is empty apart from those below. So I dare say I'll find out over the next day of two if the start-up problems all stem from this one piece of software.

On your 'off-topic' point - I completely agree with you. I had been using Setpoint as a 'necessary evil' despite my view that Logitech driver software is astonishingly intrusive and generally seems to attempt taking over your PC! I never used the Illuminated Keyboard driver for example as I discovered while Beta testing Win 7 that it interferes with Win 7 Aero settings (I also run Win 7 Pro x64). I recommend you remove Setpoint and try using the native Win 7 driver for the keyboard - I appear to have all the orange 'FN' functions available to me without Setpoint! And now I've decided I don't need it for the mouse either. In many ways I'm actually grateful that this problem occurred as it's given me the reason I needed to finally dump Setpoint!

Not that any of this is a reason why ESET shouldn't see if they can overcome the problem within HIPS - there are bound to be Logitech users out there who want to continue using Logitech's clunky, bloated, interfering software!

As mentioned above, what I'm left with in the HIPS log:

05/07/2011 10:29:38 C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
05/07/2011 10:29:38 C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
05/07/2011 10:27:48 C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Modify state of another application
05/07/2011 10:26:39 C:\Windows\System32\winlogon.exe Get access to another application C:\Windows\System32\csrss.exe some access blocked SelfDefense: Don't allow modification of system processes Terminate/suspend another application,Modify state of another application
05/07/2011 10:26:39 C:\Windows\System32\winlogon.exe Get access to another application C:\Windows\System32\csrss.exe some access blocked SelfDefense: Don't allow modification of system processes Terminate/suspend another application,Modify state of another application

 

Hmmm...one reason to keep Setpoint for the mouse it seems is that the 'side wheel' on the MX Revolution doesn't work with the MS driver. Maybe I do want ESET to resolve the 'Self-defense' issue...

 

Yes, Setpoint seems a bit intrusive. I'm currently trialling KIS 2012 and turned on more notifications in the configuration including self-defense and I regularly get a pop-up about self-defense concerning Setpoint. I also have the MX Revolution and the scroll wheel doesn't switch between normal and free mode automatically without setpoint either.

 

Hi JeremyW.

Those log entries that you mention about blocked access to ekrn.exe, egui.exe and csrss.exe also occur on systems after clean install, so I don't think the culprit will be there. Also my bet is that it has nothing to do with cold boot/reboot, I'm thinking the problem is purely random.

I would like to replicate the issue. Could you please clarify what exactly do you mean by task-bar app? Is it the little icon in notification area (like volume control), some side-bar gadget (like here on the right side) or something entirely else?

Thanks.

 

Hi,

First of all don't be confused by the log entry above (on this page). Those are not the entries I'm complaining about. You need to look back a page where my posted log contains all the SetPoint entries. Those SetPoint v. HIPS / Self -Defense issues are no longer happening as I've uninstalled SetPoint, and I realise that the rest (on this page) are probably normal.

So, first of all, by task bar I do mean the notification area @ bottom right (sorry my incorrect terminology), and those are the apps that were randomly failing to load but are now all loading correctly (so far). By randomly, I mean that which app failed to load seemed to be random. As to when it occurred, I could normally only reproduce it after a cold boot rather than a simple re-start.

I'm not sure why SetPoint should be the root cause of all of this, but I do know - after some years of using Logitech drivers - that SetPoint is very intrusive and causes all kinds of problems with other security software. If ESET manage to come up with a solution then that's all well and good, but I certainly won't be re-installing SetPoint either way (other than testing for you perhaps).

 

I am rather annoyed due to this issue, partly with myself too because twice I have had to rebuild what was a mature stable computer this week, specifically because of this.

The details are I have been running v5 comfortably since beta release.

I updated windows 7x64 with SP1. When it restarted, it hung at the welcome screen.

I could only get to safe mode and messed around for quite a while trying things, sometimes it would get past the welcome screen to just a black screen with an active mouse. Googled this black screen and sp1 problems all with almost no success. From safe mode, rollback on patches, which sometimes reported failed but then success after restart, reinstalled nvidia drivers as I thought it may be a card thing, and few other things, which sometime met with some success, but after a 2nd restart left me in the same boat. Therefore I tried it again (definition of stupidity I know)

Finally fed up, wiped windows, rebuilt, first step was to install sp1 patch clean which worked, then install v5, no problems, then all the other patches and programs. Somewhere along the way it ended up back at the welcome screen/black screen problem. Retried all the same from before and still no luck.

Accept fail and rebuild again, restarting after every patch (know how long that takes) after full patched Win 7 (including logitect Setpoint v8 installed) installed v5 and it hung at welcome screen. Which bought me to this thread

Trying renaming the driver ehdrv.sys as mention, no luck. Unistalled v5 (which I had to do via Eset menu in Safe mode), problem gone, perfect start. Removed Logitech setpoint v8, restarted no problems, reinstalled ESSv5, no problems.

So the point to the long post is that somewhere between Win 7x64 SP1, Logitech and ESSv5 there is a definate issue to correct before release and I wish I had of looked at this thread about 80 odd hours ago.

Edit

Here is another incompatibility, reinstalling DVDFab, which installs a driver pcouffin.sys, causes explorer to fail on startup.

I have uninstalled v5 and gone back to 4.2, good luck with the bug hunting, hopefully there is some comments here to help identify where to look.

 

I;ve just found this thread.

Installed v5 yesterday on Win 7 x64. Started the PC today, I've got missing icons in the tray and Smart Security hasn't loaded. I tried running egui.exe myself, but now in the resource monitor window it shows egui.exe status as suspended.

I also have Logitech setpoint installed. Most annoying.

 

Can you try removing Setpoint and try again?

 

I shall try that now

 

That didn't work.

I shall have to uninstall v5 and go back to v4.

 

I've disabled SS from safe mode and re-started. Programs now start up as normal and all icons back in the tray.

Not sure that setpoint was the problem as removing that didn't make any difference. Now going back to v4.

 

Start-up problems - Attn: Marcos

Marcos,

Have you had any feedback from the developers following my posting of the HIPS log containing the Setpoint entries? I can confirm that since removing Setpoint I have had no start-up issues whatsoever.

 

Re: Start-up problems - Attn: Marcos

MMx who posted above is responsible for developing HIPS.

 

Re: Start-up problems - Attn: Marcos

OK, thanks...