HIPS Communication with the driver failed. HIPS does not work.

Discussion in 'ESET NOD32 Antivirus' started by chrizio, Feb 9, 2013.

Thread Status:
Not open for further replies.
  1. chrizio

    chrizio Guest

    It is about EAV 6.0.308.0 operating on Win XP SP3.

    HIPS module is enabled.
    Each and every closing of EAV configuration module by pushing the OK button
    results in pop up message with error message as in title line of this discussion.
    According to "Access setup" setting the EAV installation is forced to query for administrator rights (OS without UAC). To be observed while working as Win user without administrative rights. Still not checked how it works when to log on onto Win as administrator.

    Where does it come from?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What's the output of running "sc query ehdrv" with administrator rights? Also please post the list of installed modules here.
     
  3. chrizio

    chrizio Guest

    <command prompt>sc query ehdrv

    SERVICE_NAME: ehdrv
    TYPE : 1 KERNEL_DRIVER
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0


    Virus signature database: 7989 (20130209)
    Update module: 1041 (20120430)
    Antivirus and antispyware scanner module: 1381 (20130207)
    Advanced heuristics module: 1138 (20121210)
    Archive support module: 1158 (20121203)
    Cleaner module: 1059 (20121212)
    Anti-Stealth support module: 1038 (20130110)
    ESET SysInspector module: 1231 (20130121)
    Real-time file system protection module: 1007 (20111129)
    Translation support module: 1100 (20121205)
    HIPS support module: 1065 (20130117)
    Internet protection module: 1051 (20121203)
    Database module: 1027 (20130129)
     
  4. black_harry

    black_harry Registered Member

    Joined:
    Feb 9, 2013
    Posts:
    17
    Check for two things:
    1. if hips is really working - try to kill ekrn.exe from taskman
    2. check if issue still exists when you are logged in as admin
     
  5. chrizio

    chrizio Guest

    Thanks for help. No success on killing the named process. Nor on killing the process tree. Problem not reproducible if to do the test while being logged on as admin.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you uninstall EAV, restart the computer and install v6 from scratch (without importing settings from an xml file in case you did that), does it make a difference?
     
  7. chrizio

    chrizio Guest

    Uninstall, then installation again with config backup and restore were conducted. Problem is no more reproducible. Some other measures in area of whole station were made additionally. No idea which one helped. The goal was to have fully operating machine as soon as possible, knowledge of the real reason had second prio. I will report as soon as more knowledge regarding reason is available.
     
Thread Status:
Not open for further replies.