Jump to content

Recommended Posts

Posted

I get a lot of these messages on startup. I do not see explorer in the Startup list in Task Manager. I also get a fair number of HIPS entries about self-defense and access to eset files. I recently changed from MS Edge to Firefox in the Banking & Payment Protection feature. Eset is not showing any alerts. Is this anything to worry about? 

Sample messages from HIPS: 

2020-06-07 5:25:21 PM;C:\Windows\explorer.exe;Modify startup settings;HKEY_USERS\S-1-5-21-136920658-3447232488-3887249229-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\Application Restart #24;allowed;Automatic mode;

2020-06-07 5:24:13 PM;C:\Windows\System32\csrss.exe;Get access to another application;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe;blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application
 

  • Administrators
Posted

Please make sure to disable logging of blocked operations in the advanced HIPS setup. Diagnostic logging is intended only to troubleshoot HIPS-related issues. Unless you experience issues with HIPS, leave logging disabled.

Also the option to notify about changes occurring in autostart locations may produce unnecessary notifications if legitimate applications write in autostart locations.

Posted

I turned off the "Notify when changes in Startup applications" (I think this returned the setting to its default), and that removed the "modify startup settings" messages and log entries. There are still "self defense" entries in the HIPS log but no notifications. I am less worried, thanks. 

  • Administrators
Posted

1, Make sure that logging of blocked operations is disabled:

image.png

2, Clear the HIPS log.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...