Jump to content

ESET ERA v5 - HIPS - unknown operation

bbahes
 Share

Recommended Posts

bbahes

bbahes 29

Posted
Posted (edited)

Hi!

 

I have noticed in HIPS logs strange Operation unknown operation and strange Rule int3rn4l.

Included in attachment is list of HIPS rules I have defined on ERA.

As I look configuration from clients I also don't notice this rule.

What could be generating this strange rule name?

 

ERA 5.3.39.0

EES 5.0.2265

Edited by bbahes
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

It's an internal rule which is logged only in diagnostic mode, ie. when logging of blocked operations is enabled. You should enable this option only while troubleshooting a HIPS-related issue, otherwise huge logs may be generated and the system performance may be affected too.

Link to comment
Share on other sites
bbahes

bbahes 29

Posted
  • Author
Posted

It's an internal rule which is logged only in diagnostic mode, ie. when logging of blocked operations is enabled. You should enable this option only while troubleshooting a HIPS-related issue, otherwise huge logs may be generated and the system performance may be affected too.

 

In Windows Desktop v5 > Kernel > Settings > Log Files > Save logs from level: Informative records is selected and unmarked.

Is there any other policy rule that could activate this diagnostics?

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

It's turn off by default. So either enabled it in a policy that was applied on clients or it was enabled manually if the advanced HIPS setup on clients.

Link to comment
Share on other sites
bbahes

bbahes 29

Posted
  • Author
Posted

It's turn off by default. So either enabled it in a policy that was applied on clients or it was enabled manually if the advanced HIPS setup on clients.

 

Clients are all controlled by policy in which this setting is unchecked.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

The thing is HIPS doesn't log basically anything by default. Please collect logs from a computer where this message is still being logged using ESET Log Collector and pm me the output archive. If too large to send via pm, upload it to a safe location and pm me the download link.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...