Hips log files

[TAdams 0]

Hello,

Once again, I would like to request that all windows be allowed to maximize. Please end the insanity

 

Secondly, I have been having issues with HIPS blocking things like:

Time;Application;Operation;Target;Action;Rule;Additional information
7/19/2017 11:01:57 AM;C:\Windows\System32\svchost.exe;Modify registry;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EPFWWFPR;blocked;Self-Defense: Registry with full protection;

Time;Application;Operation;Target;Action;Rule;Additional information
7/18/2017 7:25:52 PM;O:\Steam\SteamApps\common\Days of War\DaysOfWar\Binaries\Win64\DaysOfWar-Win64-Shipping.exe;Modify state of another application;C:\Windows\System32\csrss.exe;blocked;Self-Defense: Do not allow modification of system processes;

Time;Application;Operation;Target;Action;Rule;Additional information
7/17/2017 9:23:07 PM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\ESET Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application

Time;Application;Operation;Target;Action;Rule;Additional information
7/17/2017 9:16:32 PM;C:\Windows\SysWOW64\XSrvSetup.exe;Get access to another application;C:\Windows\System32\winlogon.exe;some access blocked;Self-Defense: Do not allow modification of system processes;Terminate/suspend another application,Modify state of another application

 

I am currently trying learning mode to see if that may remedy some of the issues. Is there a configuration file like the one over at the Wilders forums I could use to test with/compare to?

 

Regards,

Tom

[Marcos 5,074]

Log windows can be maximized. What particular window do you mean that cannot be maximized (except the main window with the android)?

As for the records in your HIPS log, it appears that you have logging of all blocked operations enabled. It should be enabled only for troubleshooting purposes, otherwise the HIPS log may grow quickly, unnecessarily waste disk space and also cause performance issues.

[TAdams 0]

Marcos,

 

 Thank you for the response, the log file window cannot be maximized. The tools window cannot be maximized, Scheduler window cannot be maximized, watch activity cannot be maximized, etc. etc..Ala 800 X 600 Resolution from the 90's.

I have them logging to find out why since installation of this version of NOD 32 AV my system has screeched to a halt. I even have disabled HIPS and it still lists things that are being blocked.Temporarily disabling AV and things are still slow as well as HIPs showing items continuing to be blocked. Along the same lines, temporarily "pause protection" should do just that. Stop it, period - However things still show as being blocked.

I think at this time, I am going to uninstall and reinstall. I recall over at the Wilders security forums that a user used to post a configuration file which was an excellent starting point. The out of the box settings and my system have not played well together.

edit: I can on the log file (I just found) can click on an obscure icon labeled "open in a new window" and I can then maximize that window. I don't get it at all. Why not just have that on the main window like every other program that is run and be consistent with the UI...  Speaking of UI, it would be nice to have themes, or at least revert back to a higher contrast theme. The light blue and light gray test with a small font is an extremely poor choice for a light (white/near white) background.

 

[Marcos 5,074]

The main gui window cannot be maximized. For this reason, we have the "Open in a new window" option wherever it makes sense, e.g. for logs and on-demand scanner to name some.

You can revert to default settings to make sure that you don't have logging of blocked HIPS operations or diagnostic logging enabled. These should be enabled only for a limited time while troubleshooting a particular issue. As for HIPS, you can disable logging of blocked operations in the advanced HIPS setup -> Log all blocked operations. Should the problem persist, please provide me with ELC logs as per the instructions linked in my signature.

I strongly suggest using default settings which already provide maximum protection without any noticeable effect on performance.