Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

'Virus scan failed' for all downloads in Chrome, Opera, IE on Windows 8.1

Posted on 2015-02-12
8
Medium Priority
?
1,042 Views
Last Modified: 2015-04-16
Just yesterday, I began having an issue on my work machine running Windows 8.1 x64 along with Chrome 41 BETA x64, Opera 27, IE 11.0.9600.17631. All download attempts fail with a virus detected warning (varies from browser to browser). The only browser that seems unaffected is Firefox 35.0.1 - the others listed above do not work.

I found a co-worker who has an eerily similar setup to mine. He's unable to recreate this problem. These changes were made to both of our machines yesterday:
February Patch Tuesday updates were applied
Definition update for System Center Endpoint Protection 2012

The other changes that occurred that I did uniquely were:
Ran 'powercfg.exe -h off' to kill the 26GB hiberfile.sys on my SSD
Ran cleanmgr.exe and cleaned user and system files
Ran cleanmgr.exe and removed all but most recent restore point
Ran 'dism /online /image-cleanup /analyzecomponentstore'
Ran 'dism /online /image-cleanup /startcomponentcleanup'
Moved the page file location to data drive

Troubleshooting steps I've taken so far that haven't worked:
I disabled real-time protection in Endpoint Protection
I verified that the Custom Level settings in Internet Options>Security>Internet were set to prompt for downloads
I reset IE as an administrator
I followed the directions located here: http://support.microsoft.com/kb/883260. I created an Attachments subkey in HKCU and set its value to 1.

The only way I've been able to get this to work is by locating that same 'ScanWithAntiVirus' value in HKLM and setting it to 1. Currently, that's what I'm running with and things are downloading as expected. However, I don't think that's a good way to go long term.

I've been a technician for many years and I've never really experienced any of the above things causing something like this. However, something obviously changed as I was downloading files just fine every day before yesterday.

Can anyone offer any insight into this? I would love to know what to do or to learn about some hidden pocket of settings. I don't want to just forfeit and refresh Windows if I don't have to.

Thanks,
Josh
0
Comment
Question by:price1jj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 23

Expert Comment

by:ComputerTechie
ID: 40607202
I would try making a usb disk with hitman pro and see what is said. Http://surfright.com

Also what is your antivirus software?

CT
0
 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 40607256
Some changes or services must have meddle with that registry keys. Agree having the setting it to '1' turns the off the function is no long term plan. Setting it to '3' turns it on and is what originally it should be ...thought I wonder if '2' that makes the system run scan loosely can works as well. If it doesnt, likely the scanner (most probably SCEP) is highly suspected for this interfere

I also thinking on multiple scanner as well as normally the value of "3" turns the waits for the first scanner to return an "infected" response to cause the block and any further operation or downloading. The value of "2" allows all the multiple scanners registered in machine to scan before acting on any "infected" results. Wondering it may be possible that there's a latency issue involving the Microsoft Manager and the SCEP hence more time to respond is required after some recent changes in the machine.

Separately, there seem similar forum discussion in which KB3036437 or SCEP (your AV) is the suspected cause. No good conclusion https://social.technet.microsoft.com/Forums/en-US/78d1d963-a74f-4a6f-8ff6-65d0b5a1516a/kb3036437-system-center-endpoint-protection-47-blocks-downloads?forum=FCSNext

but may be worth re-installing SCEP and try again...else try another AV to see if it affects with these KB and updates already installed ...
0
 
LVL 1

Author Comment

by:price1jj
ID: 40617239
@btan - that TechNet post is actually identical to the problem that I am having. A user mentions a few posts down that FireFox works, but Opera, IE and Chrome do not. I checked my SCEP version and it is, in fact, 4.7.205.0. I also LOVE the fact that this issue appears to be intermittent among machines in our organization.

While I obviously work in IT, and do work in our centralized IT unit, I do want to avoid making changes to my AV configuration to become different from what our users are expected to run. I am going to ask around now and see if any of the technicians are hearing about this from any of their users.

I will be trying the value of 2 to see what it does. Thanks for the suggestion!
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 65

Expert Comment

by:btan
ID: 40617904
noted thanks for sharing, hopefully we can isolate further to find the root cause and test out the machine even with re-installing the SCEP agent. Steps shared from forum:
Rename the folder C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old   <--- this is the important step, without this the process fails
uninstall System Center Endpoint Protection
Wait for it to be uninstalled
Test that you can download files without issue
Download to the System Center Endpoint Protection installer to their desktop
Install System Center Endpoint Protection
Test your ability to download files.
0
 
LVL 1

Author Comment

by:price1jj
ID: 40619053
Neither setting it to 2 nor renaming that folder worked. I am going to reinstall later today to determine if that will fix it.

So far, I am not hearing from anyone else in our organization of thousands that this problem exists. Lucky me.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 1500 total points
ID: 40620282
also maybe to check out the EndpointProtectionAgent.log (default inside C:\Windows\CCM\Logs\) to see any other hints to this peculiarity. Also maybe good to see if the policy for one of the working machines and your machine on the applied policy history. E.g. Under the regedit, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy will have a list of all anti-malware policies along with all merged settings which are shown with a value of “0x00000002”. Or with admin run in cmd, the  reg query HKLM\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy /f 2 /d. hopefully we can sieve why so different behaviour, i assuming the browser ver is same
0
 
LVL 1

Author Comment

by:price1jj
ID: 40727173
I've been unable to recreate this issue on my machine. I changed the registry setting back to scan attachments after this patch window - which was really yesterday for our client machines - and it doesn't seem to be causing any issues anymore. Meanwhile, no one else is really seeing this problem in our organization and they weren't.

I am going to accept a couple solutions... while they aren't exact answers, they definitely either turned me on to ways to narrow it down or even a workaround. I appreciate the help with this... I cannot wait until I have a question for EE that isn't wacky as all heck!

Josh
0
 
LVL 65

Expert Comment

by:btan
ID: 40727245
thanks for sharing
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
What we learned in Webroot's webinar on multi-vector protection.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question