I am seeing a problem with the Elastic Endpoint service on a couple of windows servers. When trying to start the service we get the error:
The Elastic Endpoint service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
There is no corruption on the server and the file is 100% valid. This started happening after a reboot. The Elastic Agent runs fine. When I try to run the process manually I get the following crash details:
What version of Windows Server are you seeing this on? Is it up to date with Windows updates?
You should be able to run elastic-endpoint.exe version as a slightly easier way to test if the binary is able to run.
If it is not, could you please check the event logs on those servers under:
Applications and Services Logs > Microsoft > Windows > CodeIntegrity > Operational
You can use the version command above to attempt to generate repeat error messages.
One of the more common reasons that you would see that error is if you have another security product that is attempting to load a dll within the elastic-endpoint service. Please ensure that you've added the endpoint process to exception lists for that kind of dll injection or API hooking in other security products.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.