Hi,
I have an issue with one system:
"Error communicating with quarantine manager" and no AMcore info in about
Right click scan for threat: "Cannot communicatre with the scan service"
Upgraded from VSE/HIPS to ENS 10.7 November update
Removal tool ENS selected
Reinstall of ENS 10.7 November update same issue:
No AMcorce info
Solved! Go to Solution.
I found 2 dll's via sysprep tool, LG and Filezilla:
01/14/21 11:48:13 [I] [0x4944] Unsigned injector discovered
01/14/21 11:48:13 [I] [0x4944] File [C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\ScreenSplitterHook2.dll] sha2[032F727A92282E5602DDF1B0070B69812E497BF8A14CB103CEF24123168E6090] sha1[F4D19762CECAE4C9362F188670DCC5A9B7B59E8E] md5[DDE251C85CDD407EBE04C9CD53E1B3CC]
01/14/21 11:48:14 [W] [0x4944] Failed to create MA event [17]
01/14/21 11:48:14 [E] [0x4944] Unable to grant trust to module [C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\ScreenSplitterHook2.dll]
01/14/21 12:16:44 [I] [0x4988] File [C:\Program Files\FileZilla FTP Client\fzshellext.dll] sha2[6805B5F8EC15E1B96D21CFB91928F41A86E4C16BAD2940FA657DBCA1831FC5AF] sha1[1B6760F4BF84C64ED9050A5E2AA4B81C0EE4A1F7] md5[C17950C177286B36F492D87C9940B350]
01/14/21 12:16:45 [W] [0x4988] Failed to create MA event [17]
01/14/21 12:16:45 [E] [0x4988] Unable to grant trust to module [C:\Program Files\FileZilla FTP Client\fzshellext.dll]
LG and Filezille application removed, ENS reinstall and same issue
and again the removal tool and bruteforce parameter:
again the removal tool and ENS/Agent selected + reinstall of ENS november update same issue
Hi @Nielsb,
Thank you for your post. Firstly, It is much appreciated that you already tried the latest version before we investigated further! The issue seems a bit familiar in my experience and this could possibly e due to dll injection going on in the machine.
May I know if you already have a support request created for this? It would be helpful in investigating this with logs.
Also, to confirm if any third party untrusted dlls are getting injected to the UI, we can check the below log file:
Self protection activity located under %^programdata%\McAfee\Endpoint Security\Logs\
You can also request support for the McAfee Sysprep tool that should help you check of injectors as well!
I sincerely hope this helps!
I found 2 dll's via sysprep tool, LG and Filezilla:
01/14/21 11:48:13 [I] [0x4944] Unsigned injector discovered
01/14/21 11:48:13 [I] [0x4944] File [C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\ScreenSplitterHook2.dll] sha2[032F727A92282E5602DDF1B0070B69812E497BF8A14CB103CEF24123168E6090] sha1[F4D19762CECAE4C9362F188670DCC5A9B7B59E8E] md5[DDE251C85CDD407EBE04C9CD53E1B3CC]
01/14/21 11:48:14 [W] [0x4944] Failed to create MA event [17]
01/14/21 11:48:14 [E] [0x4944] Unable to grant trust to module [C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\ScreenSplitterHook2.dll]
01/14/21 12:16:44 [I] [0x4988] File [C:\Program Files\FileZilla FTP Client\fzshellext.dll] sha2[6805B5F8EC15E1B96D21CFB91928F41A86E4C16BAD2940FA657DBCA1831FC5AF] sha1[1B6760F4BF84C64ED9050A5E2AA4B81C0EE4A1F7] md5[C17950C177286B36F492D87C9940B350]
01/14/21 12:16:45 [W] [0x4988] Failed to create MA event [17]
01/14/21 12:16:45 [E] [0x4988] Unable to grant trust to module [C:\Program Files\FileZilla FTP Client\fzshellext.dll]
LG and Filezille application removed, ENS reinstall and same issue
and again the removal tool and bruteforce parameter:
Hi @Nielsb,
Brilliant! Thank you for keeping us informed on what resolved the issue!
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA