Jump to content

Leaderboard

Popular Content

Showing content with the most kudos on 09/14/2021 in Posts

  1. Since malware often disguise as a crack, keygen, etc. you should avoid using them regardless of whether it's for antivirus or another application.
    2 points
  2. I erred in my original posting in this thread. I didn't implement Eset's recommended anti-ransomware HIPS rules per se. Rather, I made them more secure which suits me personally. One of the revisions for example is I monitor all Windows script executable's startup via a HIPS ask rule. This includes PowerShell.exe startup. As such, there was no need to use the recommended rule of monitoring all child process startup from PowerShell.exe. To use PowerShell legitimately, it must be allowed to start conhost.exe since it is the graphical interface element for PowerShell.
    1 point
  3. You could create a permissive rule based on the rule "Deny child processes for powershell.exe" and add the path to conhost when specifying the path to target applications which would be safer than disabling the rule completely.
    1 point
  4. First, what is conhost.exe: https://softwarekeep.com/what-is-conhost-exe I have had this Eset Powershell HIPS rule in place for ages and never received "a peep" from it. One example of conhost.exe starting from PowerShell.exe is when it is deployed by PowerShell Empire used maliciously: https://www.trustedsec.com/blog/who-left-the-backdoor-open-using-startupinfo-for-the-win/
    1 point
  5. It's fixed, thank you!
    1 point
  6. As Marcos said above, it's more of a hibernation/deep sleep with default Windows settings. Control Panel>Change to Large/Small Icons>Power Options>Choose What Power Buttons Do From here change the Power Button to Shut Down if not already, then as Marcos said Turn off Fast Startup.
    1 point
  7. That's because you probably have fast startup enabled. If so, shutdown in the Start menu is not a real shutddown but rather a kind of hibernation. That said, the OS doesn't start loading from scratch.
    1 point
×
×
  • Create New...