Jump to content

ESET ERA v5 - HIPS - unknown operation


bbahes
 Share

Recommended Posts

Hi!

 

I have noticed in HIPS logs strange Operation unknown operation and strange Rule int3rn4l.

Included in attachment is list of HIPS rules I have defined on ERA.

As I look configuration from clients I also don't notice this rule.

What could be generating this strange rule name?

 

ERA 5.3.39.0

EES 5.0.2265

Edited by bbahes
Link to comment
Share on other sites

  • Administrators

It's an internal rule which is logged only in diagnostic mode, ie. when logging of blocked operations is enabled. You should enable this option only while troubleshooting a HIPS-related issue, otherwise huge logs may be generated and the system performance may be affected too.

Link to comment
Share on other sites

It's an internal rule which is logged only in diagnostic mode, ie. when logging of blocked operations is enabled. You should enable this option only while troubleshooting a HIPS-related issue, otherwise huge logs may be generated and the system performance may be affected too.

 

In Windows Desktop v5 > Kernel > Settings > Log Files > Save logs from level: Informative records is selected and unmarked.

Is there any other policy rule that could activate this diagnostics?

Link to comment
Share on other sites

  • Administrators

It's turn off by default. So either enabled it in a policy that was applied on clients or it was enabled manually if the advanced HIPS setup on clients.

Link to comment
Share on other sites

It's turn off by default. So either enabled it in a policy that was applied on clients or it was enabled manually if the advanced HIPS setup on clients.

 

Clients are all controlled by policy in which this setting is unchecked.

Link to comment
Share on other sites

  • Administrators

The thing is HIPS doesn't log basically anything by default. Please collect logs from a computer where this message is still being logged using ESET Log Collector and pm me the output archive. If too large to send via pm, upload it to a safe location and pm me the download link.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...