kyo1972 1 Posted June 7, 2020 Posted June 7, 2020 I get a lot of these messages on startup. I do not see explorer in the Startup list in Task Manager. I also get a fair number of HIPS entries about self-defense and access to eset files. I recently changed from MS Edge to Firefox in the Banking & Payment Protection feature. Eset is not showing any alerts. Is this anything to worry about? Sample messages from HIPS: 2020-06-07 5:25:21 PM;C:\Windows\explorer.exe;Modify startup settings;HKEY_USERS\S-1-5-21-136920658-3447232488-3887249229-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\Application Restart #24;allowed;Automatic mode; 2020-06-07 5:24:13 PM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe;blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application
Administrators Marcos 5,468 Posted June 8, 2020 Administrators Posted June 8, 2020 Please make sure to disable logging of blocked operations in the advanced HIPS setup. Diagnostic logging is intended only to troubleshoot HIPS-related issues. Unless you experience issues with HIPS, leave logging disabled. Also the option to notify about changes occurring in autostart locations may produce unnecessary notifications if legitimate applications write in autostart locations.
kyo1972 1 Posted June 8, 2020 Author Posted June 8, 2020 I turned off the "Notify when changes in Startup applications" (I think this returned the setting to its default), and that removed the "modify startup settings" messages and log entries. There are still "self defense" entries in the HIPS log but no notifications. I am less worried, thanks.
Administrators Marcos 5,468 Posted June 8, 2020 Administrators Posted June 8, 2020 1, Make sure that logging of blocked operations is disabled: 2, Clear the HIPS log.
Recommended Posts