itman

Strange Update Behavior

Recommended Posts

Win 7 x64, EAM 11.6.0.6267, Eset Smart Security ver. 8

 

This is the second time this has recently happened. Both times it appears it was associated with EAM updating activity.

 

I monitor my service reg. keys with Eset so this is now I was able to trace this back to update activity. What has been happening is some type of failure is being registered by EAM as evidenced by its wanting to write to the following registry key in my Eset HIPS log file:

 

3/31/2016 1:29:27 PM C:\Windows\System32\services.exe Modify registry HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\a2AntiMalware\FailureActions - allowed 

User rule: block changes to registry service keys 

 

The first time this occurred was a bit disturbing in that EAM's process hooks reverted to a2hooks64.ddl.old. I straightened that out by rebooting.

 

Today's incident was a bit worse. EAM's initial GUI screen opened up in full screen mode with only the header for the screen displayed. The rest of the screen was blank with a grey background. Using Process Explorer I noted that A2Start was running as a spawned process from A2Guard. Could not get rid of the EAM main GUI screen and was about to reboot when the screen disappeared on its own. Shortly thereafter, I received another EAM update and was alerted by Eset, as normal, that a change had occurred to Emsisoft Protection Service which I allow since it was immediately after an EAM update had occurred. Currently Process Explorer shows a2Start running under explorer.exe and a2guard.exe running independently. None of this is normal, since a2guard.exe is always running under explorer.exe and I never see a2start.exe running.

 

-EDIT-

 

I just rebooted and the blank screen I described previously appeared on the desktop. I was able to minimize it and took a screen shot I am posting below. Got rid of it by opening the main Eset GUI from the EAM desktop toolbar icon. Appears my EAM install is corrupted perhaps? 

 

Before I reinstall, a question. Is EAM now writing anything to any of the following files at boot time?

 

C:\Users\Don\Downloads\*.*
C:\Users\Don\Documents\*.*
C:\Users\Don\Pictures\*.*

 

I created an Eset HIPS rule a while back to monitor any write activity to those files.

 

post-28635-0-19463900-1459467253_thumb.png
Download Image

 

Share this post


Link to post
Share on other sites

Same thing just happened to me, at first I thought Emsisoft was forcing an ugly splash screen on me.  Appears every time I reboot.

Acadia

 

EDIT:  Oops, I just noticed that this is the anti-Malware forum.  I have the Internet Security, but I am also getting that same strange screen.  Also now happening to my wife's pc, also with Internet Security.

Share this post


Link to post
Share on other sites

The first time this occurred was a bit disturbing in that EAM's process hooks reverted to a2hooks64.ddl.old. I straightened that out by rebooting.

This is more than likely due to the file being updated. Hooks can't be entirely unloaded while the system is still running (you can only close an open hook to a program once that program has stopped running, so a restart is necessary for all hooks to be closed). The file was probably renamed as part of the update process.

 

Today's incident was a bit worse. EAM's initial GUI screen opened up in full screen mode with only the header for the screen displayed. The rest of the screen was blank with a grey background. Using Process Explorer I noted that A2Start was running as a spawned process from A2Guard. Could not get rid of the EAM main GUI screen and was about to reboot when the screen disappeared on its own. Shortly thereafter, I received another EAM update and was alerted by Eset, as normal, that a change had occurred to Emsisoft Protection Service which I allow since it was immediately after an EAM update had occurred. Currently Process Explorer shows a2Start running under explorer.exe and a2guard.exe running independently. None of this is normal, since a2guard.exe is always running under explorer.exe and I never see a2start.exe running.

We now pre-load a2start.exe on system startup so that when you attempt to open it, there will be little or no delay in the window appearing (it usually seems to open instantly now).

Some users have experienced an issue where the copy of a2start.exe that runs at startup is displaying a blank window, even though it isn't supposed to. From what I've been told, a complete reinstall (with 2 reboots in between the uninstall and the reinstall) should resolve the problem. I have yet to receive confirmation from an users as to whether or not it does help. Here are the canned instructions, in case you need the download link:

  • Uninstall Emsisoft Anti-Malware.
  • Restart your computer twice.
  • Download and reinstall Emsisoft Anti-Malware from this link.

Before I reinstall, a question. Is EAM now writing anything to any of the following files at boot time?

 

C:\Users\Don\Downloads\*.*

C:\Users\Don\Documents\*.*

C:\Users\Don\Pictures\*.*

 

I created an Eset HIPS rule a while back to monitor any write activity to those files.

I am not aware of any reading to or writing to those folders, outside of what would normally occur during scans or monitoring of files written to and programs executed from those folders.

 

Same thing just happened to me, at first I thought Emsisoft was forcing an ugly splash screen on me.  Appears every time I reboot.

Acadia

 

EDIT:  Oops, I just noticed that this is the anti-Malware forum.  I have the Internet Security, but I am also getting that same strange screen.  Also now happening to my wife's pc, also with Internet Security.

Here's the instructions for a reinstall of EIS, since the download link is different:

  • Uninstall Emsisoft Internet Security.
  • Restart your computer twice.
  • Download and reinstall Emsisoft Internet Security from this link.

Share this post


Link to post
Share on other sites

Here's the instructions for a reinstall of EIS, since the download link is different:

  • Uninstall Emsisoft Internet Security.
  • Restart your computer twice.
  • Download and reinstall Emsisoft Internet Security from this link.

 

Good grief, rather than do all of that I think I'll just live with this blank screen, it is easy enough to kill.  I'll teach my wife also how to kill it.  Internet Security is otherwise still protecting us just fine, correct?

Thanks, Acadia

Share this post


Link to post
Share on other sites

Some users have experienced an issue where the copy of a2start.exe that runs at startup is displaying a blank window, even though it isn't supposed to. From what I've been told, a complete reinstall (with 2 reboots in between the uninstall and the reinstall) should resolve the problem. I have yet to receive confirmation from an users as to whether or not it does help. Here are the canned instructions, in case you need the download link:

  • Uninstall Emsisoft Anti-Malware.
  • Restart your computer twice.
  • Download and reinstall Emsisoft Anti-Malware from this link.

 

 

Not a "happy camper" here!

 

Did as requested and blank EAM GUI screen appearing at boot time persists. Now I did import previously saved EAM settings that were exported prior to the uninstall of EAM after the reinstall of EAM was completed. However, I don't believe that has anything to do with this issue?

 

Note, that the blank EAM GUI screen takes a few seconds to appear after the Win desktop is fully initialized. Appears to me Emsisoft is attempting some "splash" screen behavior here similar to that employed by Eset and other AV vendors do at boot time?

 

Please find a fix for this since it is a bit annoying.

Share this post


Link to post
Share on other sites
 

Same issue here, as of this morning... on both my Windows 10 Professional laptop and on my wife's Windows 7 Premium laptop (both are running a licensed copy of EMSISOFT Anti-malware). Here's what I did, on my Windows 10 Pro laptop, to resolve this annoyance:

 

- with no other software "running" (except what Microsoft demands from Windows 10 Pro users)

- downloaded & saved-to-disk the newest version of EMSISOFT Anti-malware (from link cited by GT500 in their reply above)

- used Windows Control Panel to remove/uninstall the problematic software

 

- restarted windows

 

- ran latest licensed version of "CCleaner" to clean-up software files & windows registry

 

... that removed registry entries pointing to disk files which no longer existed:

 

...... HKCU -> EmsisoftAntiMalwareSetup.exe

 

...... HKCU -> a2start.exe

 

...... HKCU -> unins000.exe

 

- restarted windows

 

- installed the newly downloaded EMSISOFT Anti-malware software

 

... re-entered LICENSE key

... performed UPDATE

... performed QUICK scan

 

- restarted windows

 

- it's all good now (on my Windows 10 laptop... haven't done the Windows 7 laptop yet)

 

hth

Share this post


Link to post
Share on other sites

I just used CCleaner and no unused EAM reg entries exist on my Win 7 build. So that is a no go.

 

This appears to be an internal issue with A2start.exe. Emsisoft should just rollback the mods they made to A2guard.exe that starts A2starts.exe until this issue is resolved. I could care less about the GUI starting up faster which was never an issue for me. This current issue is a major irritant.

Share this post


Link to post
Share on other sites

I tried, partially for fun and partially for serious, to "go back in time" using one of my excellent recovery programs before any of this happened.  It worked, I recovered to before the update, but the Emsisoft automatic update kicked in instantly and did the new update before I could turn it off.  End result = same problem.  Once this bug is fixed I am turning off Automatic Updates in Emsisoft just like I did with Microsoft Windows Updates.

Acadia

Share this post


Link to post
Share on other sites

You can disable your internet connection first. ;)

That way Emsi will not be able to make program update...but you will have no signatures updates too.

Share this post


Link to post
Share on other sites

You can disable your internet connection first. ;)

That way Emsi will not be able to make program update...but you will have no signatures updates too.

Actually that would be no problem, I have always done my security programs updates AND signatures manually until I discovered Emsisoft.  Back to manually updating.

Acadia

Share this post


Link to post
Share on other sites

to: itman

 

Testing it, on my wife's Windows 7 Home Premium laptop... I just repeated the same method (step-by-step) which I used on my Windows 10 Pro laptop .... with one exception as follows:

 

When I used "CCleaner" it was not the PRO version (I haven't bought that for her laptop yet)... so, CCleaner's results did NOT indicated the removal of the REGISTRY entries (as I indicated it did on my Windows 10 Pro laptop).

 

Since it did not indicate that those REGISTRY entries had been removed, I took the time to run Microsoft's "REGEDIT" and search the entire registry for any occurrence of "a2Start" ... and none was found.  So, now satisfied THAT suspected problem entry/file had been nullified... I continued with the method (step-by-step) as I had previously used.  Result?  PROBLEM SOLVED.

 

I don't know why it didn't work for you... perhaps you have other software "running"?

Share this post


Link to post
Share on other sites

We have discovered that the issue is caused by having the Emsisoft Anti-Malware or Emsisoft Internet Security window maximized, and then closing it without restoring it to its normal size. If you continue to experience the issue, then the easiest way to get rid of the gray screen is to double-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock), and then closing the window that opens. Please note that we do not recommend leaving the window maximized when you close it.

If you're not familiar with these terms, then ComputerHope.com has an article at this link that should explain it.

We hope to have this issue fixed in a program update soon.

Share this post


Link to post
Share on other sites

We have discovered that the issue is caused by having the Emsisoft Anti-Malware or Emsisoft Internet Security window maximized, and then closing it without restoring it to its normal size. If you continue to experience the issue, then the easiest way to get rid of the gray screen is to double-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock), and then closing the window that opens. Please note that we do not recommend leaving the window maximized when you close it.

If you're not familiar with these terms, then ComputerHope.com has an article at this link that should explain it.

We hope to have this issue fixed in a program update soon.

This does not fix the problem. Full blank screen appears approx. 30 sec. or so after the desktop screen appears after a boot.

 

My opinion is there is a timing/conflict issue with the execution of a2start by a2guard after a boot. Again, I could care less about this new "enhanced GUI startup" that is causing this issue. Please rollback to the prior ver. of EAM until Emsisoft can finally fix the issue! 

Share this post


Link to post
Share on other sites

I found the problem, at least in my case, and I am not one bit happy about it.

 

I uninstalled this current release ........again .......... using Revo UninstallerPro and scrubbed all traces of EAM from my HDD and registry. I then reinstalled EAM and rebooted. Whalla ..... no blank EAM GUI screen after the reboot. I then imported my previously exported EAM settings that were taken prior to this current garbage release. I then rebooted and guess what happened? The stinking blank GUI screen appeared again! 

 

So the problem is in the prior release export settings. I think I know where the problem lies in those settings. In a2settings.ini is the following:

 

[Position]
Revision=1
Length=44
Flags=2
ShowCmd=3
ptMinX=-1
ptMinY=-1
ptMaxX=-1
ptMaxY=-1
rcNormalLeft=448
rcNormalTop=171
rcNormalRight=1472
rcNormalBottom=861
rcNormalTopLeftX=448
rcNormalTopLeftY=171
rcNormalBottomRightX=1472
rcNormalBottomRightY=861

 

So Emsisoft, please come up with the correct settings for the above and save me some work in having to reenter all my exceptions and the like from scratch if I have to reinstall again!
 

Share this post


Link to post
Share on other sites

I gave up on waiting for a solution for this. I just reinstalled one more time ............. and entered all my custom settings and rules manually.

 

BTW - by default the EAM GUI opens minimized in this latest release and I have kept it that way. As such, no issue upon reboot with the blank EAM GUI appearing as was happening previously.

 

Emsisoft needs to tighten up its QC on these updates. I don't want to and will not keep entering all my custom settings manually for each update to EAM.

Share this post


Link to post
Share on other sites

Hi Itman

 

I think they have identified the problem and I suspect a new beta will be out shortly.  If you now have it working, then export your settings and you should be okay.  It's a hard thing to test for because it was related to maximizing the gui, and I know I never do that so I would never catch it in a beta.

 

Pete

Share this post


Link to post
Share on other sites

Hi Itman

 

I think they have identified the problem and I suspect a new beta will be out shortly.  If you now have it working, then export your settings and you should be okay.  It's a hard thing to test for because it was related to maximizing the gui, and I know I never do that so I would never catch it in a beta.

 

Pete

Hi Pete,

 

Well, the effort wasn't all futile activity. It gave me the opportunity to clear out all the a2square remnants that have been in my registry for years. Also, in my "scouting expedition" there, noticed that this update does more than change just the EAM GUI. Appears Emsisoft has tightened up its protections for malware taking out EAM/EIS, so I feel the aggravation inflected was worth it.   

Share this post


Link to post
Share on other sites

Hi Itman

 

I think they have identified the problem and I suspect a new beta will be out shortly.  If you now have it working, then export your settings and you should be okay.  It's a hard thing to test for because it was related to maximizing the gui, and I know I never do that so I would never catch it in a beta.

 

Pete

 

I've never maximized my GUI. Is there a reason it has begun to open with a maximized blank GUI while booting Windows? Is this related to a recent Emsisoft or Windows update?

Share this post


Link to post
Share on other sites

... Please rollback to the prior ver. of EAM until Emsisoft can finally fix the issue!

You can do this at any time by switching to the Delayed update feed:

  • Open Emsisoft Anti-Malware.
  • Click on Settings in the menu at the top.
  • Click on Updates in the menu at the top.
  • On the left, under Update Settings, click on the box to the right of Update feed and select Delayed from the list.
  • Click on the Update now button on the right side.
That being said, our QA Manager did some more testing, and he says that the following will fix the problem without needing to uninstall or roll back to a previous version:
  • Double-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock), aka. the "System Tray icon".
  • Restore the Emsisoft Anti-Malware window to its original size.
  • Close the Emsisoft Anti-Malware window.
  • Right-click on the Emsisoft System Tray icon.
  • Select Shut down protection and fill in the number it shows you to continue.
  • Restart your computer (on Windows 8.1 and Windows 10 please right-click on the Start button and use the shutdown/restart options in the menu that appears to restart your computer).
Please note that this will only work so long as you don't try to maximize the Emsisoft Anti-Malware window again, at least until the update that fixes the issue.

Share this post


Link to post
Share on other sites

I'm glad to hear that those instructions helped.

Please note that we have published a beta update to resolve the issue with the gray screen on startup.

You can install the beta update by doing the following:

  • Open Emsisoft Anti-Malware.
  • Click on Settings in the menu at the top.
  • Click on Updates in the menu at the top.
  • On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list.
  • Click on the Update now button on the right side.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.