HIPS log file

[eornate 2]

Hi everyone,

Sometime ESET noticed notifications like that and i don't know what the new application start.Is there a way to check what a particular application run ?

 

[itman 1,630]

I assume you are using Eset recommended HIPS anti-ransomware rules?

On my Win 10 22H2 build, I discovered Windows runs internal scheduled PowerShell maintenance tasks. When PowerShell is used in those tasks, the first thing it does is spawn a child conhost.exe task. I had to create a HIPS rule for PowerShell to allow startup of conhost.exe.

[eornate 2]

3 minutes ago, itman said:

I assume you are using Eset recommended HIPS anti-ransomware rules?

On my Win 10 22H2 build, I discovered Windows runs internal scheduled PowerShell maintenance tasks. When PowerShell is used in those tasks, the first thing it does is spawn a child conhost.exe task. I had to create a HIPS rule for PowerShell to allow startup of conhost.exe.

Yes i did.So if don't  create a HIPS rule for PowerShell to allow startup of conhost.exe, what will happend with OS windows ? 

[itman 1,630]

Just now, eornate said:

So if don't  create a HIPS rule for PowerShell to allow startup of conhost.exe, what will happend with OS windows ? 

The script won't run obviously. I don't know what is the impact.

For me allowing this conhost.exe exception isn't of concern since I monitor all PowerShell.exe startup. This might be unusable for you. Also and interesting, I get no HIPS alerts as a result of this rule when these internal PowerShell scheduled tasks run.