Jump to content

HIPS detection


Recommended Posts

Guest h4X0R

Hi, I'm trying NOD32 n windows 10. I have set up HIPS in smart mode plus the rules described in this KB. Rule "deny child processes for powershell.exe" threw this alert and I'm having trouble reading the command. I can't scroll the text to the right to see the whole command. The log entries don't record the command entry. Any suggestions to try to find the program/process that's triggering this hips rule? - thanks

 

 

Link to comment
  • Administrators

Not sure what you mean by "I'm having trouble reading the command". The information shown in the pop-up notification when a HIPS rule is applied are also logged in the HIPS log providing the logging verbosity was set to "information":

image.png

Link to comment

The Eset recommended anti-ransomware rule for PowerShell child process startup is detecting it starting conhost.exe. You will have to create a HIPS allow rule for this activity. I did. Appears internal PowerShell maintenance scripts used by Windows perform this activity.

Link to comment
Guest h4X0R
31 minutes ago, itman said:

The Eset recommended anti-ransomware rule for PowerShell child process startup is detecting it starting conhost.exe. You will have to create a HIPS allow rule for this activity. I did. Appears internal PowerShell maintenance scripts used by Windows perform this activity.

Thank you very much for the info.

Link to comment
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...