Jump to content

Upgrade ERA from 6.4 to 6.5


whitelistCMD
 Share

Recommended Posts

Can anyone comment on the process for upgrading from 6.4 to 6.5? I've only done one upgrade which was actually a migration and because there was a lot of problems, it was actually done for us over the course of a couple of days. There was issues with authentication, and a mess of other things. I'd like to avoid that this time, but the knowledge base doesn't reference 6.5 in the upgrade article. Does anyone have any professional insight on a true upgrade (not migration) from 6.4 to 6.5?

Below is what I have running right now...

 

ESET Remote Administrator (Server), Version 6.4.304.0
ESET Remote Administrator (Web Console), Version 6.4.280.0

CentOS (64-bit), Version 7.3.1611 

 

Thank you in advance.

Link to comment
Share on other sites

  • ESET Staff
38 minutes ago, whitelistCMD said:

I'm currently using the ERA OVA. How do I backup the database before the move? I have the webmin feature enabled if that helps?

In case of OVA, creating snapshot of whole appliance is preferred as it backups not only DB, but also whole setup and revert in case something goes wrong is straightforward.

Link to comment
Share on other sites

Perfect. This is what I did last time and it saved me from catastrophic failure. I'm just trying to make sure I get all the details correct. I need this to go as smooth as possible. So, here I am sitting here making sure I have everything covered. I have the ERA Components Upgrade Task pointed to the new repository. I removed all unique characters from password. I'm trying to make sure I don't have any tasks in progress right now, but is there anything else to be checking?

Link to comment
Share on other sites

@whitelistCMD - It's been my experience that when moving between 6.X versions (6.2 -> 6.3, 6.3->6.4) the transitions are seamless resulting in no loss of data, no issues with authentication, etc. It was only our transition from 5.X to 6.X that provided us with headaches. 

I'm certainly not one to suggest that you should not backup your virtual appliance regularly (and without a doubt before major changes). I would hope to ease your fears a bit, and make the thought of this update a little less nerve wracking in this situation. 

On my test server I initated the components update about 30 min ago without thinking about what else might be running, etc. It ran, updated me to 6.5, and there do not seem to be any glaring issues so far... i'd even venture to say that several of the features added are quite nice.. and might reduce my workload considerably!

 

Jdashn

Link to comment
Share on other sites

Thank you, jdashn. Your post has given me quite a bit more confidence. I'm putting in my change ticket now, and I should be pulling the trigger by tomorrow morning. I'll keep this post updated with my experience. Thanks again.

Link to comment
Share on other sites

New 6.5 documentation was released today and made available.

https://download.eset.com/com/eset/apps/business/era/suite/latest/eset_era_65_era_admin_enu.pdf

https://download.eset.com/com/eset/apps/business/era/suite/latest/eset_era_65_era_deploy_va_enu.pdf

https://download.eset.com/com/eset/apps/business/era/suite/latest/eset_era_65_era_install_enu.pdf

https://download.eset.com/com/eset/apps/business/era/suite/latest/eset_era_65_era_smb_enu.pdf

In the past our experience has been relatively smooth with ERAS upgrades when you use the Built-in admin account to initiate the upgrade of the server product.  Agents upgrades can be accomplished by running Upgrade of ESET ERA components on client machines.

 

Link to comment
Share on other sites

  • ESET Moderators

Thanks to @GCGfor the documentation links, but I recommend bookmarking the Online Help for ERA (and all others that are available via Online Help, you can see the list at help.eset.com) because we are constantly updating and expanding documentation, and the most up-to-date content will be on Online Help

http://help.eset.com/era_install/65/en-US/index.html 

Link to comment
Share on other sites

I just wanted to give a quick thank you to everyone who commented in this thread. I did the upgrade yesterday morning following everyone's advice. It went very smooth and took about 35 minutes to complete. I sincerely appreciate all the help. It made my day yesterday and probably the rest of my week, so thank you. I do have one question in regards to the repository... I can't find a package for ESET File Security (English) that says it's compatible with Windows Server 2003 - 2016. I only see one for 2003 and 2008. Is there a typo, or is there another version coming soon? Thanks.

Link to comment
Share on other sites

  • Administrators
1 hour ago, whitelistCMD said:

I just wanted to give a quick thank you to everyone who commented in this thread. I did the upgrade yesterday morning following everyone's advice. It went very smooth and took about 35 minutes to complete. I sincerely appreciate all the help. It made my day yesterday and probably the rest of my week, so thank you. I do have one question in regards to the repository... I can't find a package for ESET File Security (English) that says it's compatible with Windows Server 2003 - 2016. I only see one for 2003 and 2008. Is there a typo, or is there another version coming soon? Thanks.

Server v6.5 products are fully compatible with any version of Windows Server systems, including Windows Server 2016. See https://forum.eset.com/topic/11322-file-security-v65120070.

Link to comment
Share on other sites

We are seeing some potential issues with ESET HIPS self-defense and Windows during upgrades of the ESET clients or ESET ERAS components.  You might try enabling logging of all blocked actions under HIPS to capture such actions that are happening behind the scenes.

 

Here are some examples of the items we are seeing logged and being blocked by ESET HIPS.  

We do not have any custom HIPS rules in place so it is odd that ESET is even block itself according to the logs.  it appears from the logs that HIPS could be contributing to some of the issues people are having when upgrading ESET ERA Server or ESET ERA client(s)

Time;Application;Operation;Target;Action;Rule;Additional information
3/21/2017 3:59:40 PM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application

3/21/2017 3:59:39 PM;C:\Windows\System32\svchost.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Modify state of another application

3/21/2017 3:59:39 PM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application

3/21/2017 3:59:39 PM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application

3/21/2017 3:58:06 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application

3/21/2017 3:58:06 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application

3/21/2017 3:58:06 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application

3/21/2017 3:58:06 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application

3/21/2017 3:46:26 PM;C:\Program Files\ESET\ESET Endpoint Security\SysInspector.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application

3/21/2017 3:46:26 PM;C:\Program Files\ESET\ESET Endpoint Security\SysInspector.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application

3/21/2017 3:46:23 PM;C:\Program Files\ESET\ESET Endpoint Security\SysInspector.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
 

3/21/2017 3:41:30 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application

3/21/2017 3:41:30 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application

3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file

 

Link to comment
Share on other sites

  • Administrators
17 minutes ago, GCG said:

We are seeing some potential issues with ESET HIPS self-defense and Windows during upgrades of the ESET clients or ESET ERAS components.  You might try enabling logging of all blocked actions under HIPS to capture such actions that are happening behind the scenes.

What actual issues are you having with upgrade? The records in the HIPS log are probably normal and not a sign of issues. Diagnostic HIPS logging should only be enabled for a limited time to troubleshoot HIPS-related issues.

Link to comment
Share on other sites

Marcos,

   We also posted this in another thread, but we tried initiating an in place agent upgrade using ESET ERA Server 6.4. to upgrade a few test clients ESET Agent application from version 6.4.283.0 to 6.5 and the upgrade failed.  The computer is pretty vanilla and doesn't have much loaded.  logs show that ESET blocked installer and several other processes from modifying the ESET Agent application.

 

Time;Application;Operation;Target;Action;Rule;Additional information
3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:43:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:36 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:35 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:34 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:34 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:34 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:33 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:33 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:32 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:31 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:30 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:30 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:27 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:41:27 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:27 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:27 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:26 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:25 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:06 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:06 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:06 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:06 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:41:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:41:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:28 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:27 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:26 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:26 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:26 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:26 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:25 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:24 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:24 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:24 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:24 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:24 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:23 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:23 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:23 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:23 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:23 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:40:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:40:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\NOTICE;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\NOTICE;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\VAHCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\VAHCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Updates.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Updates.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\UpdaterService.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\UpdaterService.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\updater.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\updater.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Symbols.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Symbols.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ServerApi.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ServerApi.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Security.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Security.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Scheduler.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Scheduler.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Replication.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Replication.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RDSensorConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RDSensorConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ProxyConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ProxyConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Protobuf.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Protobuf.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Policies.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Policies.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\OSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\OSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Network.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Network.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\MDMCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\MDMCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Kernel.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Kernel.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ESSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ESSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAG1ClientConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAG1ClientConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DynamicGroups.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DynamicGroups.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Diagnostic.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Diagnostic.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DataMiners.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DataMiners.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Database.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Database.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DALNativeSQLite.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DALNativeSQLite.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Cleanup.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Cleanup.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Automation.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Automation.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\AVRemover.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\AVRemover.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RestartAgent.bat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:39:59 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RestartAgent.bat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:27:23 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:27:23 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:27:23 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:27:23 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:27:21 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:27:20 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:27:20 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:27:20 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:39 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:39 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:39 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:39 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:38 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:37 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:36 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:35 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:34 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Data\data.db;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:25:20 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:19 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:18 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:18 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:18 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:18 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:13 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:12 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:12 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:12 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:12 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:11 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:11 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:11 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:11 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:11 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:10 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:10 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:10 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:10 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:10 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:10 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:10 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:10 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:09 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:09 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:09 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:09 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:09 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:09 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:09 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:08 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:08 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:08 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:08 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:07 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:07 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:07 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:07 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:06 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:05 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:04 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:03 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:02 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:01 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:25:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:25:00 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:24:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:24:59 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:24:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:24:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:24:59 PM;C:\Windows\System32\msiexec.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:24:58 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:24:58 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:24:58 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:24:58 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em039_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em000_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\NOTICE;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\NOTICE;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\VAHCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\VAHCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Updates.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Updates.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\UpdaterService.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\UpdaterService.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\updater.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\updater.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Symbols.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Symbols.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ServerApi.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ServerApi.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Security.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Security.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Scheduler.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Scheduler.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Replication.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Replication.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RDSensorConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RDSensorConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ProxyConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ProxyConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Protobuf.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Protobuf.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Policies.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Policies.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\OSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\OSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Network.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Network.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\MDMCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\MDMCoreConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Kernel.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Kernel.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ESSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ESSConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAG1ClientConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAG1ClientConnector.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DynamicGroups.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DynamicGroups.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Diagnostic.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Diagnostic.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DataMiners.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DataMiners.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Database.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Database.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DALNativeSQLite.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\DALNativeSQLite.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Cleanup.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Cleanup.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Automation.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\Automation.dll;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em017_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Modules\em001_64.dat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:58 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:57 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:57 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\AVRemover.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:57 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\AVRemover.exe;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:57 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RestartAgent.bat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:57 PM;C:\Windows\System32\msiexec.exe;Get access to file;C:\Program Files\ESET\RemoteAdministrator\Agent\RestartAgent.bat;some access blocked;Self-Defense: Protect ESET files;Write to file
3/21/2017 3:24:57 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:24:57 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:24:57 PM;C:\Windows\System32\wbem\WmiPrvSE.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:22:13 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Windows\System32\lsass.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:22:13 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application
3/21/2017 3:22:12 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:22:11 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:21:43 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
3/21/2017 3:21:43 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Get access to another application
3/21/2017 3:21:43 PM;C:\Users\robert\AppData\Local\Temp\Procmon64.exe;Get access to another application;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
 

Link to comment
Share on other sites

ESET ERA component upgrade iinitiated from ESET ERA web console between 15:21:49 and 15:32:36 - Result: FAILED

Below are examples of blocking action taken by ESET (NO CUSTOM RULE, BUILT-IN RULES ONLY IN EFFECT)

 

We also are investigating the possibility that HIPS is preventing Acronis backup software from working normally.

Link to comment
Share on other sites

We also had an instance today of a user's laptop not startup up normally, extended windows startup time, logon process slow to respond, user desktop unresponsive after upgrading the ESET agent from 6.4.283.0 to 6.5 and after disabling HIPS completely on the machine all issues went away.  We then re-enabled HIPS but left self-defense disabled and user has had no issues since.

Link to comment
Share on other sites

  • ESET Staff
6 hours ago, GCG said:

We also had an instance today of a user's laptop not startup up normally, extended windows startup time, logon process slow to respond, user desktop unresponsive after upgrading the ESET agent from 6.4.283.0 to 6.5 and after disabling HIPS completely on the machine all issues went away.  We then re-enabled HIPS but left self-defense disabled and user has had no issues since.

Could you please provide version information of EES/EAV you were using during upgrade? Are EES/EAVs updating from standard ESET mirror?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...