Uninstall the Antivirus from a test server to verify if the Antivirus is the cause of the issue and then implement the Antivirus exceptions in the following article:
ESET File Security has a Self-Defense Protocol that will stop any service that attempts to scan it. When the Change Auditor tries to start, ESET notices this and immediately terminates the Service.
In ESET File Security's Advanced Setup, disable HIPS and reboot the DC as a workaround to allow Change Auditor agent to load all required components.
If the issue persists, engage the Antivirus support for the proper Antivirus exceptions.
The following instructions are meant as a general guide and intended as an aid to resolution. Steps may differ based on the version of ESET.
Use the ESET RSAT or the agent on a particular computer:
Select Admin--> Policies
Select New Policy
Basic-->NamePolicy Allow QuestChangeAuditor Policy
select Settings
Click on ESET File Security for Windows Server (v6+)
Select AntiVirus--> HIPS
Under Rules, select Edit
Click on Add to create a new rule
NameRule QuestChangeAuditor
Action Allow
Select Allow Files, Applications, Registry Entries
KeepRule Enabled
Set Logging to none
Set Notify user to blank
Click on Add for Source Application
Paste in the file path from the Windows service Quest Change Auditor Agent
with this path: C:\Program
Files\Quest\ChangeAuditor\Agent\NPSrvHost.exe
Click OK and Next
Select All File Operations
select Next and Next
Select All Application Operations
select Next and Next
Select All Registry Operations
select Next
FIN
Then apply this policy to groups/servers of your clients On their next check-in it will be applied.