Jump to content

Eset HIPS preventing BITS to modify starting params


Recommended Posts

Guest JustAnotherGuest

I have set Eset to warn me when HIPS forbid an action or when a modification apply to boot application.

I get this message (it's a translation i'm using the french UI): 
"boot parameters modification

Application : C:\Windows\System32\services.exe

Target : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Start

The operation has not been allowed."

I seems BITS should be allow, isn't it? Is it an error from eset?

Link to comment
3 hours ago, Guest JustAnotherGuest said:

Application : C:\Windows\System32\services.exe

Target : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Start

The operation has not been allowed."

Malware can modify that registry key. Example of this here: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.lnk.powload.ah .

Link to comment
Guest JustAnotherGuest

What a shame!
Eset is either buged or badly translated. The box on the screen says "operation not authorized" while the HIPS log says action : "authorized" !

images : https://www.udrop.com/5aD9/Capture_d’écran_2021-03-28_035605.png
https://www.udrop.com/5aDa/Capture_d’écran_2021-03-28_063702.png

Link to comment
Guest just another guest

PS : I have no custom HIPS rules. And I am on auto mode

Link to comment
Guest just Another Guest

Eset translation is awfull. I had to install the english version.
Even some French sentences that i couldn't understand (although i'm french myself) makes absolute sence in english.

I wouldn't advise anyone to install anyother translation than the english application

Link to comment
  • Administrators

Thank you for the heads-up. The localization bug has been reported and will be fixed, if confirmed.

Link to comment
Guest just Another Guest

There is another bug

in French translation instead of saying "scans" they says "detections" while "une détection" is when you found something. "scan" or "analyse" are often used in French.

Link to comment
  • Administrators

Since I don't speak French, I'd recommend reporting it through your local ESET distributor. Translation is done by a professional translation company but issues may occur if exact context is not known.

Link to comment
Guest Just Another Guest

Thanks for your help.
I have an ultimate last question. I noticed in the english version, once a scan is completed in the info box

"No detections has been found"

Is it my poor english (it may be) or is it a wrong translation as wouldn't this meen that they "didn't find the finding"?

 

Link to comment
Guest just another guest

actually it is written "have" not "has" :S
ok it's not critical but ...

Link to comment
  • Most Valued Members
3 hours ago, Guest just another guest said:

actually it is written "have" not "has" :S
ok it's not critical but ...

This means no viruses have been found - no detections have been found 

Link to comment
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...