Endpoint Antivirus & Windows 8. ESET will not load on reboot.

Hey All,

I figured I should document this here just incase anyone else is noticing this problem. There is currently an issue that is affecting ESET Endpoint Antivirus and Windows 8. But note: this issue is not affected by all computers and may be difficult to replicate on other equipment, such as virtual machines.

The following conditions can be noticed:

• Upon installation, ESET is successfully installed and the egui.exe process is able to load as normal. You are able to access the client, and can make changes.
• By default, HIPS and Self-Defense is enabled by the installation. You do not manually make any changes to this part of the configuration.
• Upon rebooting the computer, you find the following:
  • You can successfully login and access the desktop
  • You do not see the ESET Logo, nor do you see the ESET application load into the system tray
  • In task manager -> more details, you see ESET Main GUI loaded in the processes tab. But, when you goto the Details tab, you see egui.exe is listed as Suspended
• Subsequently due to this issue, the following may or may not be observed
  • Automatic start-up items are not starting. Such as Skype, Lync, etc.
  • Occasionally you may not be able to load any processes or applications on the computer.

Workaround:

The problem is currently an issue with the ESET Self-Defense module. You can prevent this issue from occuring by installing the ESET client and immediately perform the following. Access the ESET client and goto Advanced Setup... -> Computer -> HIPS -> Remove checkmark beside Enable Self-defense.

If you need correct/repair a computer that is currently exhibiting this behaviour, I have found that installing an application called Process Hacker helps. Process Hacker is an open source application that is similar to Microsoft's Process Explorer. Download and install the application on the computer. Launch the application and you'll notice it's similar to Task Manager, but a lot more features. Locate egui.exe in the processes tab, right click on it and select resume. You will be able to access the ESET client after completing this task. Be sure to go into the configuration and disable Self-defense as you will still have issues with the ESET client loading on subsequent reboots.

If you are affected by this behaviour, can you please leave a comment in the post below?

Known to be affected by ESET Endpoint Antivirus 5.0.2126, HIPS support module: 1063 (20130107) and HIPS support module: 1065 (20130117) [Currently on Pre-release updates]

 

Hello,

Can you tell us a little more about which edition of Microsoft Windows 8 you are testing with (e.g., Windows 8, Windows 8 Pro, Windows 8 Enterprise, 32-bit, 64-bit)? That information will be helpful in further investigation by ESET's QA engineers.

Regards,

Aryeh Goretsky

 

Hi Aryeh,

I'm already in contact with ESET engineers with a possible fix for the HIPS module. I'm just putting this out there just incase someone else is noticing this issue.

 

Has this problem been resolved? For now, I have Self-Defense turned off, and things are working properly. How much additional security is provided through the Self-Defense feature?

Is there an ESET KB article with further details?

 

I haven't tested this myself, but as far as I know it was suppose to be fixed with the 1067 HIPS module. The only candidate computer that I have to test this is my home computer.

 

Could you confirm or deny that Roboform is installed on the machines?

 

The systems we had with this problem did not have Roboform installed.

 

I was having problems with Eset loading on a windows 8 x64 with roboform. I found that it had to do with the user not being an administrator. I went into the properties of esetgui - the startup exe and told to run as administrator and it still would not work. I had to make the user an administrator for the program to load properly. And then it would block the internet after a while.

My solution was to uninstall Eset, reboot, make the user an administrator, reboot and reinstall Eset. It has been working for a couple of days now. Oh and I have HIPS disabled as well.