Jump to content

ESET ERA v5 - HIPS - unknown operation


Recommended Posts

Hi!

 

I have noticed in HIPS logs strange Operation unknown operation and strange Rule int3rn4l.

Included in attachment is list of HIPS rules I have defined on ERA.

As I look configuration from clients I also don't notice this rule.

What could be generating this strange rule name?

 

ERA 5.3.39.0

EES 5.0.2265

Edited by bbahes
Link to post
Share on other sites
  • Administrators

It's an internal rule which is logged only in diagnostic mode, ie. when logging of blocked operations is enabled. You should enable this option only while troubleshooting a HIPS-related issue, otherwise huge logs may be generated and the system performance may be affected too.

Link to post
Share on other sites

It's an internal rule which is logged only in diagnostic mode, ie. when logging of blocked operations is enabled. You should enable this option only while troubleshooting a HIPS-related issue, otherwise huge logs may be generated and the system performance may be affected too.

 

In Windows Desktop v5 > Kernel > Settings > Log Files > Save logs from level: Informative records is selected and unmarked.

Is there any other policy rule that could activate this diagnostics?

Link to post
Share on other sites

It's turn off by default. So either enabled it in a policy that was applied on clients or it was enabled manually if the advanced HIPS setup on clients.

 

Clients are all controlled by policy in which this setting is unchecked.

Link to post
Share on other sites
  • Administrators

The thing is HIPS doesn't log basically anything by default. Please collect logs from a computer where this message is still being logged using ESET Log Collector and pm me the output archive. If too large to send via pm, upload it to a safe location and pm me the download link.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...