Jump to content

GCG

Members
  • Posts

    31
  • Joined

Everything posted by GCG

  1. just give us some credit or contribution credit
  2. We are a national MSP based in Chicago and while working with ESET to test the upcoming ESET ESMC 7.X release GCG decided that we wanted to upgrade the built-in version of Tomcat 7.x (32-bit) to version 9.0.10 (64-bit). This, of course, meant that we also had to update the Tomcat configuration and update our Java install. We don't want to bore everyone with the technical details, but we felt like the overall level of documentation available was lacking so we wanted to share the Tomcat configuration we are using to make configuration and upgrade of the Tomcat install easier for others. Our configuration should work for most 32-bit or 64-bit installs of Tomcat 7, 8, or 9. As part of our upgrade, we migrated away from using keystores and instead referenced the CA, Certificate, and Key directly using (binary) PEM formatted files. We are more than happy to share our configuration with the community, so everyone can benefit. CVE-2018-1336 We have sanitized the configuration for security reasons. If you have questions about why we have configured things the way, we have we will do our best to respond to questions. Please make sure to you have a backup of your Tomcat install before overwriting or modifying any files. We take no responsibility for anyone's actions except our own. Configuration was verified on Tomcat version 9.0.10 (64-bit) with Java 8 update 181 (64-bit) GCG SAMPLE TOMCAT CONFIGURATION (ATTACHMENT BELOW) Tomcat.zip
  3. We look forward to testing the G.A. release of the upcoming version 7 release
  4. Peter, My organization is interested in being apart of your beta test group for this and other products. Robert GCG
  5. This is likely happening because proper exclusion rules have not been implemented on the server in question. I would recommend that you disable parts of the application one at a time to see if you can narrow down which part of the application is causing the high CPU usage issue in your environment. once you identify which part of the ESET application causing the high CPU usage I would recommend focusing on making sure your settings are configured properly to for your business and environment requirements.
  6. A) I would recommend restarting the server into safe mode so that you can be sure that the application is not running. B) I would then use the "SC delete" command to delete the actual service. I would then take the directory and create a password protected (make sure it is password protected) archive using WinRAR of the entire directory at the folder level of "C:\program files (x86)\common files\sys" Please note: I am recommended this for the following reasons: 1) so that you can ensure even hidden folders or files are captured in the archive and 2) so you can restore, recover, or submit files to support for additional analysis. C) I would then delete the "C:\program files (x86)\common files\sys" folder and repair or reinstall any applications that utilize the library or files in that directory. Please note: if the files return after you have delete them it is likely due to a secondary application or service is restoring them D) I would recommend you run DISM and then SFC commands in safe mode to check the seals on other system files and services. (can be done while operating in safe or normal boot modes) E) reboot back into normal mode and scan the server again (anti-virus scan will not be able to scan password protected archives) F) If you are booting using MBR instead of UEFI I would also recommend scanning the boot sector it is possible that restricting system privileges as previously suggested will not be effective, as the directory likely has already provided system or service(s) with full permission to this directory and even if you enable UAC it may not impact or impair the infection from executing, operating, or spreading. This advise is offered as is with no guarantees. If you need further assistance I would recommend that you either contact support or a company like our for assistance Robert Grant Consulting Group LLC
  7. We also had an instance today of a user's laptop not startup up normally, extended windows startup time, logon process slow to respond, user desktop unresponsive after upgrading the ESET agent from 6.4.283.0 to 6.5 and after disabling HIPS completely on the machine all issues went away. We then re-enabled HIPS but left self-defense disabled and user has had no issues since.
  8. ESET ERA component upgrade iinitiated from ESET ERA web console between 15:21:49 and 15:32:36 - Result: FAILED Below are examples of blocking action taken by ESET (NO CUSTOM RULE, BUILT-IN RULES ONLY IN EFFECT) We also are investigating the possibility that HIPS is preventing Acronis backup software from working normally.
  9. Marcos, We also posted this in another thread, but we tried initiating an in place agent upgrade using ESET ERA Server 6.4. to upgrade a few test clients ESET Agent application from version 6.4.283.0 to 6.5 and the upgrade failed. The computer is pretty vanilla and doesn't have much loaded. logs show that ESET blocked installer and several other processes from modifying the ESET Agent application. Time;Application;Operation;Target;Action;Rule;Additional information 3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:34 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:34 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:34 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:33 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:33 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:30 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:30 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:27 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:41:27 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:27 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:27 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:25 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:06 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:06 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:06 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:06 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:26 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:26 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:26 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:26 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:24 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:24 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:24 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:24 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:24 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:23 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:23 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:23 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:23 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:23 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:40:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\NOTICE;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\NOTICE;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\VAHCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\VAHCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Updates.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Updates.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\UpdaterService.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\UpdaterService.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\updater.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\updater.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Symbols.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Symbols.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ServerApi.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ServerApi.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Security.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Security.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Scheduler.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Scheduler.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Replication.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Replication.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RDSensorConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RDSensorConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ProxyConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ProxyConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Protobuf.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Protobuf.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Policies.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Policies.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\OSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\OSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Network.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Network.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\MDMCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\MDMCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Kernel.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Kernel.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ESSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ESSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAG1ClientConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAG1ClientConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DynamicGroups.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DynamicGroups.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Diagnostic.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Diagnostic.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DataMiners.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DataMiners.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Database.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Database.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DALNativeSQLite.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DALNativeSQLite.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Cleanup.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Cleanup.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Automation.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Automation.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\AVRemover.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\AVRemover.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RestartAgent.bat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RestartAgent.bat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:27:23 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:27:23 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:27:23 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:27:23 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:27:21 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:27:20 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:27:20 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:27:20 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:39 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:39 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:39 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:39 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:37 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:25:20 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:18 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:18 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:18 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:18 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:13 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:12 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:12 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:12 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:12 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:11 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:11 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:11 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:11 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:11 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:10 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:10 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:10 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:10 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:10 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:10 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:10 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:10 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:09 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:09 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:09 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:09 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:09 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:09 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:09 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:08 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:08 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:08 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:08 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:07 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:07 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:07 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:07 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:06 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:25:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:25:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:24:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:24:59 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:24:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:24:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:24:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:24:58 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:24:58 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:24:58 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:24:58 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\NOTICE;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\NOTICE;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\VAHCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\VAHCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Updates.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Updates.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\UpdaterService.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\UpdaterService.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\updater.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\updater.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Symbols.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Symbols.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ServerApi.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ServerApi.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Security.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Security.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Scheduler.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Scheduler.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Replication.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Replication.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RDSensorConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RDSensorConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ProxyConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ProxyConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Protobuf.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Protobuf.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Policies.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Policies.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\OSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\OSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Network.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Network.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\MDMCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\MDMCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Kernel.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Kernel.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ESSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ESSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAG1ClientConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAG1ClientConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DynamicGroups.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DynamicGroups.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Diagnostic.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Diagnostic.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DataMiners.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DataMiners.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Database.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Database.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DALNativeSQLite.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DALNativeSQLite.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Cleanup.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Cleanup.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Automation.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Automation.dll;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:57 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:57 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\AVRemover.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:57 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\AVRemover.exe;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:57 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RestartAgent.bat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:57 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RestartAgent.bat;some access blocked;Self-Defense: Protect ESET files;Write to file 3/21/2017 3:24:57 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:24:57 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:24:57 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:22:13 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:22:13 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:22:12 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:22:11 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:21:43 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:21:43 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Get access to another application 3/21/2017 3:21:43 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
  10. We see our own log files is that if you have HIPS - Self-Defense enabled it shows that ESET blocks actions against its own product, even a inplace upgrade of the ESET ERA 6.x Agent initiated from the ESET ERA console. We tested this today, and captured over 100 different events in the HIPS logs (you have to manually enable logging for all blocked operations (AntiVirus Section - HIPS Section - Advanced Setup (click plus symbol) - log all blocked operations (Enable). If you do not enable this feature operations blocked by built-in rules are not logged to the HIPS log in ESET. ESET ERA component upgrade iinitiated from ESET ERA web console between 15:21:49 and 15:32:36 - Result: FAILED Below are examples of blocking action taken by ESET (NO CUSTOM RULE, BUILT-IN RULES ONLY IN EFFECT) hips_log.txt
  11. We are seeing some potential issues with ESET HIPS self-defense and Windows during upgrades of the ESET clients or ESET ERAS components. You might try enabling logging of all blocked actions under HIPS to capture such actions that are happening behind the scenes. Here are some examples of the items we are seeing logged and being blocked by ESET HIPS. We do not have any custom HIPS rules in place so it is odd that ESET is even block itself according to the logs. it appears from the logs that HIPS could be contributing to some of the issues people are having when upgrading ESET ERA Server or ESET ERA client(s) Time;Application;Operation;Target;Action;Rule;Additional information 3/21/2017 3:59:40 PM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application 3/21/2017 3:59:39 PM;C:\Windows\System32\svchost.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Modify state of another application 3/21/2017 3:59:39 PM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application 3/21/2017 3:59:39 PM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application 3/21/2017 3:58:06 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:58:06 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:58:06 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:58:06 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:46:26 PM;C:\Program Files\ESET\ESET Endpoint Security\SysInspector.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:46:26 PM;C:\Program Files\ESET\ESET Endpoint Security\SysInspector.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:46:23 PM;C:\Program Files\ESET\ESET Endpoint Security\SysInspector.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application 3/21/2017 3:41:30 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:30 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application 3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
  12. Just an FYI, We manually downloaded 6.5 and pushed it out to a few test machines in our environment. We were still able to administrate it with ESET ERA 6.4 but we had to adjust the several policies as 6.5 introduces several new settings and changes how alerts are displayed on the actual machine versus the ERA server. ESET ERA server policies can be adjusted without having any ESET EFSW 6.5 clients deployed.
  13. New 6.5 documentation was released today and made available. https://download.eset.com/com/eset/apps/business/era/suite/latest/eset_era_65_era_admin_enu.pdf https://download.eset.com/com/eset/apps/business/era/suite/latest/eset_era_65_era_deploy_va_enu.pdf https://download.eset.com/com/eset/apps/business/era/suite/latest/eset_era_65_era_install_enu.pdf https://download.eset.com/com/eset/apps/business/era/suite/latest/eset_era_65_era_smb_enu.pdf In the past our experience has been relatively smooth with ERAS upgrades when you use the Built-in admin account to initiate the upgrade of the server product. Agents upgrades can be accomplished by running Upgrade of ESET ERA components on client machines.
  14. We wanted to let people know that we see that version 9.5 has been released and made publically available. Like many of you we also have been encountering issues with clients downloading updates since the beginning of march. Does anyone know if it is related to program or feature updates that were released?
  15. Did you also enable web access protection and web control? hxxp://help.eset.com/ees/6/en-US/idh_config_web.htm hxxp://help.eset.com/ees/6/en-US/idh_config_epfw_scan_http.htm hxxp://help.eset.com/ees/6/en-US/idh_config_epfw_scan_http_address_list.htm hxxp://help.eset.com/ees/6/en-US/idh_config_parental_rule_edit_dlg.htm If not I would turn both of them on and try your test again. If it still doesn't work, I would change the level of logging to Diagnostic and also enable advance (debug) logging logging so that you can capture what is exactly happening and see how ESET is handling your rule and web site traffic hxxp://help.eset.com/ees/6/en-US/idh_logfilter_find.htm hxxp://help.eset.com/ees/6/en-US/idh_config_diagnostics.htm hxxp://help.eset.com/ees/6/en-US/logging.htm hxxp://help.eset.com/ees/6/en-US/solving_problems_advanced_pcap_logging.htm hxxp://help.eset.com/ees/6/en-US/idh_config_epfw_advanced_settings.htm hxxp://help.eset.com/ees/6/en-US/idh_config_alert.htm hxxp://help.eset.com/ees/6/en-US/idh_config_diagnostics.htm
  16. Hello ESET Team, We would be interested in participating in the ESET ERA 6.5 Beta. Many Thanks, Grant Consulting Group LLC
×
×
  • Create New...