Jump to content

SWa

Members
  • Content Count

    5
  • Joined

  • Last visited

Profile Information

  • Location
    Norway
  1. Log files have been sent. There are no recent files in quarantine.
  2. The service is registered on the local PC.
  3. It's a 32-bit service made by our own company. Has been running for months with no issues. Just funny that ESET suddenly created what to me seems like obvious false positive warnings only seconds after an ESET update. The same issue occurs after update of the Detection Engine (version 20664) and Rapid Response module (version 15560) . It seems to happen only for one service and on one PC, so not much data to base any claims on. ESET seems to create warnings when a service log entry is written to C:\ProgramData\<company>\<application>\<log>\<textfile.log.txt> Events log shows multiple entries: Time - Module: HIPS - Event: "An application (<service name>) tried to modify files on your computer in a suspicious way. This attempt was blocked." User - SYSTEM. However, our service's log file is updated with information. No entries in other logs. Nothing in the HIPS-log either, even though the "Events" log says the event took place in the HIPS module. Warning message says "Ransomeware shield" followed by the text in the events log entry: "An application.... tried to modify...etc." Other services write similar log files to similar folders without issues. When uninstalling our 32-bit service and reinstalling with a new 64-bit service, the issue disappears. Little data to work on, and could be due to a weakness in our service. I guess this case can be closed. Sorry for the inconvenience.
  4. Five seconds after update of Detection Engine (version 20663) and Rapid Response module (version 15559), Eset's HIPS module started to generate Ransomwear-warnings, apparently when a Windows service was writing an innocent logging text to a log-file. This only happened to one service though. The service has been running for months without issues. Suspecting false positive here... Anyone with similar issues? BR SWa
×
×
  • Create New...