eornate 4 Posted October 1, 2023 Share Posted October 1, 2023 Hi everyone, Sometime ESET noticed notifications like that and i don't know what the new application start.Is there a way to check what a particular application run ? Link to comment Share on other sites More sharing options...
itman 1,747 Posted October 1, 2023 Share Posted October 1, 2023 I assume you are using Eset recommended HIPS anti-ransomware rules? On my Win 10 22H2 build, I discovered Windows runs internal scheduled PowerShell maintenance tasks. When PowerShell is used in those tasks, the first thing it does is spawn a child conhost.exe task. I had to create a HIPS rule for PowerShell to allow startup of conhost.exe. Link to comment Share on other sites More sharing options...
eornate 4 Posted October 1, 2023 Author Share Posted October 1, 2023 3 minutes ago, itman said: I assume you are using Eset recommended HIPS anti-ransomware rules? On my Win 10 22H2 build, I discovered Windows runs internal scheduled PowerShell maintenance tasks. When PowerShell is used in those tasks, the first thing it does is spawn a child conhost.exe task. I had to create a HIPS rule for PowerShell to allow startup of conhost.exe. Yes i did.So if don't create a HIPS rule for PowerShell to allow startup of conhost.exe, what will happend with OS windows ? Link to comment Share on other sites More sharing options...
itman 1,747 Posted October 1, 2023 Share Posted October 1, 2023 Just now, eornate said: So if don't create a HIPS rule for PowerShell to allow startup of conhost.exe, what will happend with OS windows ? The script won't run obviously. I don't know what is the impact. For me allowing this conhost.exe exception isn't of concern since I monitor all PowerShell.exe startup. This might be unusable for you. Also and interesting, I get no HIPS alerts as a result of this rule when these internal PowerShell scheduled tasks run. Link to comment Share on other sites More sharing options...
Recommended Posts