Jump to content

HIPS: explorer.exe ... Modify startup settings ... RunOnce\Application Restart #24


Recommended Posts

I get a lot of these messages on startup. I do not see explorer in the Startup list in Task Manager. I also get a fair number of HIPS entries about self-defense and access to eset files. I recently changed from MS Edge to Firefox in the Banking & Payment Protection feature. Eset is not showing any alerts. Is this anything to worry about? 

Sample messages from HIPS: 

2020-06-07 5:25:21 PM;C:\Windows\explorer.exe;Modify startup settings;HKEY_USERS\S-1-5-21-136920658-3447232488-3887249229-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\Application Restart #24;allowed;Automatic mode;

2020-06-07 5:24:13 PM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe;blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application
 

Link to comment
Share on other sites

  • Administrators

Please make sure to disable logging of blocked operations in the advanced HIPS setup. Diagnostic logging is intended only to troubleshoot HIPS-related issues. Unless you experience issues with HIPS, leave logging disabled.

Also the option to notify about changes occurring in autostart locations may produce unnecessary notifications if legitimate applications write in autostart locations.

Link to comment
Share on other sites

I turned off the "Notify when changes in Startup applications" (I think this returned the setting to its default), and that removed the "modify startup settings" messages and log entries. There are still "self defense" entries in the HIPS log but no notifications. I am less worried, thanks. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...