Jump to content

HIPS log file


eornate

Recommended Posts

Hi everyone,

Sometime ESET noticed notifications like that and i don't know what the new application start.Is there a way to check what a particular application run ?

 

hip.png

Link to comment
Share on other sites

I assume you are using Eset recommended HIPS anti-ransomware rules?

On my Win 10 22H2 build, I discovered Windows runs internal scheduled PowerShell maintenance tasks. When PowerShell is used in those tasks, the first thing it does is spawn a child conhost.exe task. I had to create a HIPS rule for PowerShell to allow startup of conhost.exe.

Link to comment
Share on other sites

3 minutes ago, itman said:

I assume you are using Eset recommended HIPS anti-ransomware rules?

On my Win 10 22H2 build, I discovered Windows runs internal scheduled PowerShell maintenance tasks. When PowerShell is used in those tasks, the first thing it does is spawn a child conhost.exe task. I had to create a HIPS rule for PowerShell to allow startup of conhost.exe.

Yes i did.So if don't  create a HIPS rule for PowerShell to allow startup of conhost.exe, what will happend with OS windows ? 

Link to comment
Share on other sites

Just now, eornate said:

So if don't  create a HIPS rule for PowerShell to allow startup of conhost.exe, what will happend with OS windows ? 

The script won't run obviously. I don't know what is the impact.

For me allowing this conhost.exe exception isn't of concern since I monitor all PowerShell.exe startup. This might be unusable for you. Also and interesting, I get no HIPS alerts as a result of this rule when these internal PowerShell scheduled tasks run.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...