Start-up problems again...

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by JeremyW, Jun 26, 2011.

Thread Status:
Not open for further replies.
  1. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    My original post (which I now can't 'reply' to):

    I have a start-up problem with EAV 5: On cold start some of my task-bar apps don't load. All load on subsequent reboots. Disabling EAV corrects this. As this never happened with EAV 4, I'm wondering why / what I can do to prevent this without disabling the start-up scan completely. Or could the new 'Log Maintenance' task be holding things up...??

    (Win 7 Pro x64)

    Update:

    Suddenly this issue has returned. Unfortunately I have not been successful in isolating any one element of v5 which may / may not be causing the problem this time. Uninstalling and reinstalling v4 though does resolve it.
     
  2. wujxin

    wujxin Registered Member

    Joined:
    May 19, 2006
    Posts:
    28
    Location:
    China
    same problem here,I don't know why.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Unlike v4, in v5 startup scans are run with a delay at the time all programs are already loaded.
    Can you confirm that the problem actually disappears after disabling startup scan tasks and restarting the computer?
     
  4. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    This problem not Not detected here...
     
  5. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    Marcos, I've just re-installed v5 (clean install) with default settings. I'll test this out over the next few days and get back to you.
     
  6. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    OK, I have something to report - I can't understand some of it (up to you / devs to decipher)

    When I last had v5 installed (a few days ago) and started to experience this start up issue, i.e. not all task-bar apps loading / icons missing, I also experienced a Windows 'crash error' relating to csc.exe (C# Compiler I believe) but didn't think it was related in any way. I did not disable the start-up scan completely, but changed it to 'first time the computer starts each day'. That didn't make any difference. In a desperate attempt to try to isolate the problem, I un-installed v5 and re-installed v4 - both problems vanished. For the hell of it I also tried Avast Free and didn't experience any start-up issues or other errors / crashes.

    That's about when you asked me the question above, and I did a clean installation of v5 yesterday. During the day, even after a few reboots, I had no issue. Then on cold start this morning one app (CoreTemp - which loads as a service incidentally, not a registry start-up or in the Start-up folder) failed to load properly. I disabled the start-up scan in v5 completely, rebooted (whereupon the 'csc.exe error' returned) but this time even less of the task-bar apps loaded! Rebooted again, and tried a cold start, and on both occasions all task-bar apps loaded with no problem.

    There is something odd going on here with the way v5 is interfering or interrupting the start-up sequence, but for the life of me I cannot understand the odd behaviour I've described. There is no doubt (in my mind) that v5 is the culprit (somehow) as in 3 days of using v4 again I had no issue as I haven't for the last few months. Shame something as 'basic' as a start-up scan is broken in this new version when it worked fine before.

    Hope you (or someone) can work out what's going on.

    EDIT: Well, all known theories are blown out of the water. Even with the start-up scan disabled, the CoreTemp service was not loading. Could this be something else? HIPS? (I have it set to Automatic). Clutching at straws here but have decided v5 is not for me. I'm beginning to agree with the hardened critics that say it's too early to call this an RC. I would certainly view it as a Beta - there seem to be some issues with v5 that need work.

    UPDATE: By way of confirmation, and for what it's worth, I've run v4 since my posts yesterday. I've cold started the PC half a dozen times, together with a number of reboots. No issues with start-up whatsoever.
     
    Last edited: Jun 30, 2011
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Have you tried disabling the HIPS module? If so, did that make any difference?

    Regards,

    Aryeh Goretsky
     
  8. wujxin

    wujxin Registered Member

    Joined:
    May 19, 2006
    Posts:
    28
    Location:
    China
    ,Because I have Comodo,so I disabled the HIPS of NOD32 5 RC , but I had the same problem .
     
  9. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    I'll install v5 again and try that for a day or two.
     
  10. anuraag

    anuraag Registered Member

    Joined:
    Nov 11, 2009
    Posts:
    34
    I am getting lags after installing ESS
     
  11. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    Aryeh, I have re-installed v5 with HIPS completely disabled. On first reboot there was no start-up issue but, as before, this will need testing over a couple of days. I'll report back.
     
  12. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    I'm trying this now with HIPS enabled in 'Learning Mode', the theory being I can see what's going on / what's being allowed (or not). Interactive mode, IMO, is completely unusable - one meaningless 'mumbo-jumbo' pop-up after another. I'd be sitting here all morning clicking 'Allow' (without knowing why) just to get the basic functions of the PC working. No-one (unless you're a pure techy) should use Interactive. I'll see what happens...
     
  13. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    ...pointless. Just done a cold boot after the machine had been off for a couple of hours. Now a different app has failed to load on start-up, and nothing in HIPS Advanced Setup to give me a clue why. Sigh...disabling HIPS now.
     
  14. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    Hopefully I can get some help / guidance at this stage Aryeh? I have had to remove v5 again as, even with HIPS disabled (but startup scans enabled) one or two start-up apps are still failing to load. Remove v5 and all is well. I have tried automatic, interactive (impossible to deal with) and learning to no avail. For me v5 is unusable which is massively disappointing. Yes I can use v4 until my licence expires but I want (and thought I had) confidence in NOD32 going forward. v5 is out as an RC which worries me - if it gets released in anything like it's current form I'll have no option but to find another AV, which I do NOT want to do.
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Unfortunately (or luckily) you're the only one person in the world having reported this kind of issue. I'd suggest renaming each of the ESET's drivers in the windows/system32/drivers folder in safe mode, one at a time, to narrow it down to the particular driver.
     
  16. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    Clearly that's not the case Marcos. There is (at least) one other in this thread.
     
  17. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    Also, how would I have clue which drivers to 'disable' and how would I do that? Randomly disabling drivers which may well break NOD32 anyway isn't going to prove anything is it?
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try renaming the following ones, one at a time:
    C:\WINDOWS\system32\drivers\ehdrv.sys
    C:\WINDOWS\system32\drivers\eamonm.sys
    C:\WINDOWS\system32\drivers\epfwlfw.sys
    C:\WINDOWS\system32\drivers\epfwfpr.sys
     
  19. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    OK, I'll give it one last go.
     
  20. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    I disabled ehdrv.sys by renaming it in safe mode. I can see that's disabled HIPS. I've done two cold starts (Normal shut-down, power off, wait an hour or so, and power on) - so far all start-up apps have loaded. So far then, this looks like HIPS, but I have no idea how to overcome that, if indeed I can.
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Do the following:
    - rename the ehdrv driver to its original name
    - start Windows in normal mode
    - enable "Log all blocked operations" in the advanced HIPS setup
    - clear the HIPS log
    - restart the computer to reproduce the issue
    - copy & paste the HIPS log records here
     
  22. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    04/07/2011 16:49:13 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:49:13 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:49:13 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:48:55 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:48:55 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:48:39 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:48:39 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:48:39 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:48:17 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:48:17 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:47:46 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:47:46 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:47:46 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:47:44 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:47:44 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:47:43 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:47:43 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:47:43 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:47:43 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:44:48 C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:44:48 C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:42:04 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:42:04 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:42:04 C:\Program Files\Logitech\SetPointP\SetPoint.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe some access blocked SelfDefense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:42:03 C:\Windows\System32\winlogon.exe Get access to another application C:\Windows\System32\csrss.exe some access blocked SelfDefense: Don't allow modification of system processes Terminate/suspend another application,Modify state of another application
    04/07/2011 16:42:03 C:\Windows\System32\winlogon.exe Get access to another application C:\Windows\System32\csrss.exe some access blocked SelfDefense: Don't allow modification of system processes Terminate/suspend another application,Modify state of another application
     
  23. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    So what do I do? Is this giving you a clue Marcos?
     
  24. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'll need to discuss this with our developers first which will take a while as it's a national holiday today.
     
  25. JeremyW

    JeremyW Registered Member

    Joined:
    Jan 29, 2007
    Posts:
    86
    Location:
    Swindon, Wiltshire, UK
    OK..but your first thoughts? Clearly NOD32 is intolerant of the Logitech Setpoint app... (used for mouse control only)

    I can't get to that machine atm, but when I do I'll check the HIPS log for anything new. EDIT: I may disable Setpoint at start-up (not remove it) and see if that in fact clears up all start-up issues in one hit...
     
Thread Status:
Not open for further replies.