[KB3544] ESET Installation Fixer (1.5.2.x)



What is an Installation Fixer?

ESET Installation Fixer (InstaFix, install fix) is a technical support tool for ESET products. ESET Installation Fixer is designed to fix several issues that can occur with services while installing ESET software. Before using ESET Installation Fixer, make sure that you have the latest version of the tool, shown here: ESET Installation Fixer

Before using ESET Installation Fixer
  • The program must be run from an administrative account. Installation Fixer commands must be executed using a command prompt with elevated full admin privileges.
  • The ESET Installation Fixer will not function in Safe Mode.
  • When working on a 64-bit operating system, you must use a 64-bit version of ESET Installation Fixer.
  • ESET Installation Fixer is intended for use on Windows XP SP3 and later versions of Windows.

This current version supports the following fixes:

How do I use ESET Installation Fixer?

  1. Click the appropriate link below to download the ESET Installation Fixer for your operating system (Click for steps to determine whether your OS is 32- or 64-bit):

    Download ESET Installation Fixer (32-bit)Download ESET Installation Fixer (64-bit)

    After the tool has finished downloading, run the ESET Installation Fixer from an administrative command prompt using one of the commands detailed below. All commands should be added after the directory where the Installation Fixer is located, for example:

    C:\Users\Owner\Desktop\ESETInstallationFixer_64.exe -fix MRL

    Users with the 32-bit version of Installation Fixer will type "ESETInstallationFixer_32.exe" rather than "ESETInstallationFixer_64.exe"

MSI Registry Leftovers


An attempt to upgrade an ESET product to a newer version fails. The installation log reports the error "Error 2753: The File 'shellExt.dll' is not marked for installation."

  • The upgrade process is interrupted by a new installation of an older product that was already upgraded in the past. This happens right after the RunEngine section responsible for removal of the product currently being upgraded ends successfully.
  • The group policy application management (AppMgmt) service is suspected to run the installation of the missing software. The reason for this may be a misconfiguration of some Group Policy Objects, where according to this policy the old product should still be installed on the system and the application upgrade process is not detected.

Command: C:\Users\Owner\Desktop\ESETInstallationFixer_64.exe -fix MRL -b

InstFix enumerates all ESET security products with a specific MSI Upgrade Code from the Windows Installer Registry and tries to determine the installer version of the current product. Registry entries that do not match the installed version are deleted from the following locations:

  • HKCR\Installer\UpgradeCodes
  • HKCR\Installer\Products

When using the -b switch with this command, each entry that is going to be deleted is backed up to a separate REG file.

Missing MSI Registry


An attempt to upgrade an ESET product to a newer version fails when stopping the ESET Service (ekrn). The installation log contains RunEngine sections that reference only the MSI package that is currently installed.

  • Windows Installer is missing registry entries for the currently installed application. During an upgrade, the old MSI package must be called in a separate RunEngine section with its GUID listed as the product name. After a successful uninstallation of the old MSI package, a new RunEngine section starts and the main installation of the newer version begins. The main reason why the Registry entries are missing is unknown.

Command: C:\Users\Owner\Desktop\ESETInstallationFixer_64.exe -fix MMR

InstFix checks if the problem is present and then tries to restore all known mandatory Windows Installer Registry keys and values.

  1. Manually copy the original MSI package (same product, version, platform, and language) of the currently installed product into the hidden system directory %SystemRoot%\Installer!
  2. InstFix will gather all required information about the currently installed product and search for the original MSI package in the Windows Installer MSI Cache. If the MSI package is found, a list of mandatory registry keys and values is restored in the following locations:

    • HKCR\Installer\UpgradeCodes
    • HKCR\Installer\Products
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

Search Service Index


Installation of an ESET product fails in CA EpfwInst!FinalizeInstall on EpfwWfpRegisterCallouts with error code ERROR_RM_NOT_ACTIVE (0x1a91 = 6801).

  • Some system files related to the Windows Search service are corrupted or left in an inconsistent state. One reason for this may be that a System Restore was performed.

Command: C:\Users\Owner\Desktop\ESETInstallationFixer_64.exe -fix SSI

InstFix deletes all *.blf and *.regtrans-ms files in the following locations:

  • %SystemRoot%\system32\config\TxR
  • %SystemRoot%\system32\SMI\Store\Machine

InstFix first tries to stop the Windows Search Service if it is running. Then the main fix is applied and the service is started again. A reboot may still be required if unsuccessful.

This solution is based on Knowledgebase article http://support.microsoft.com/kb/948252.

Higher CPU and HDD load

You can expect higher CPU and HDD load while rebuilding the search index.

Registry Value Types


Installation of an ESET Security product fails in CA InstSupp!InstallDriverPackages for EDEVMON on SetupInstallFromInfSection with error code 13.

The Setup API APP log reports "[SetupInstallFromInfSection - DefaultInstall]" related to the error time and EDEVMON ("inf: AddReg=EDEVMON") the issue "!!! inf: Error setting registry value HKLM...".


Some third-party applications write values to the Registry using the wrong Registry type as declared in the Windows Registry documentation. This causes driver installation failures when the next driver is installed because Windows is expecting to read a different Registry type.


Command: C:\Users\Owner\Desktop\ESETInstallationFixer_64.exe -fix RVT -b

InstFix iterates over a list of known registry values and checks their types. If a type does not match the expected type, InstFix converts the value appropriately and stores it as the correct and expected registry type. The list currently contains only EDEVMON registry values located under the registry key HKLM\System\CurrentControlSet\Control\Class. Each registry value that needs to be converted will first be backed up to a separate REG file when using the -b switch.

Note: Third-party software that sets registry values using the wrong registry types and then tries to read the fixed values may stop working properly. This issue needs to be reported as a software bug to the third-party application vendor.



Installation of an ESET Security product fails in CA InstSupp!InstallDriverPackages for EPFWLWF on HrInstallComponent with error code NETCFG_E_MAX_FILTER_LIMIT (0x8004a029).

Windows has a restriction for the maximum number of network filter drivers that can be loaded at a time. If the maximum value is reached, then the next filter driver installation will fail. Each version of Windows has this maximum value hard coded and also defined in the Registry. The value in the Registry is typically set to a much smaller value than the hardcoded one. If the Registry value is not defined, then the hardcoded value is used.



SolutionCommand: C:\Users\Owner\Desktop\ESETInstallationFixer_64.exe -fix MNF

InstFix deletes the MaxNumFilters registry value which enables Windows to use the internal hardcoded value.