Kimiya Kitani 0 Posted November 15 Posted November 15 ESET Endpoint Security 11.1.2052.0 Windows11 I heard from some users that their PCs suddenly started getting the warning in the attached file (English translation below). It is not always present and cannot be reproduced. Then, it doesn't affect communication in particular. Do you know why this warning came out of nowhere? == English translation in the warning dialog message == ESET suddenly warns, "The application has been modified." One of the rule applications (spooler subsystem application) has changed. If you are unsure whether this change is legal, disable any previously created permission firewall rules. Application path: C:\Windows\System32\spoolsv.exe (PID 5536) Signatory: Microsoft Windows Publisher: Microsoft Corporation Evaluation: Detected 2 weeks ago Disable Allow Firewall Rules? === Quote
Administrators Marcos 5,455 Posted November 15 Administrators Posted November 15 ESET will notify you if you have custom firewall rules created for an application which is later modified. By default, you are not asked if the application is signed and trusted but this can be changed in the advanced setup. If you have ESET configured to not ask about trusted application and allow the communication automatically, and you still receive the interactive dialog, please raise a support ticket for further troubleshooting assistance. Quote
Kimiya Kitani 0 Posted November 18 Author Posted November 18 Thank you for the reply. Is there a policy setting (Admin Console) that does not display this warning? Quote
Administrators Solution Marcos 5,455 Posted November 18 Administrators Solution Posted November 18 Is it just spoolsv.exe that the user was asked about? Does it help if you add it to the list of applications excluded from modification detection? Quote
Kimiya Kitani 0 Posted November 19 Author Posted November 19 Thank you for the replay. Yes. There are no particular problems such as being unable to print, but some users have contacted us saying that warnings have started to appear. I added a policy in the admin console to exclude spoolsv.exe from application modification detection. I'd like to see how it goes. Quote
Kimiya Kitani 0 Posted November 22 Author Posted November 22 Since then, we have received no more inquiries about the trouble, so we have determined that this policy setting has brought it under control. Thank you for the information. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.