Jump to content

Strange Blocked Events in HIPS Log

cutting_edgetech
 Share

Recommended Posts

  • ESET Insiders
cutting_edgetech

cutting_edgetech 25

Posted
  • ESET Insiders
Posted

I have all these strange entries in my HIPS log, and I have never seen these before until recently. I'm using Smart Mode, and I have not created any custom rules. I also have never received any prompts from the HIPS despite having all these entries in the log file. Should the HIPS be silently blocking all these events? Is this something I should be concerned about? I copied a few of them below. I attached the rest of the log with this post. The forum software said there were too many to paste them all below.  I'm using Windows 7X64 Ultimate SP1.

 

 

C:\Windows\System32\svchost.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application,Modify state of another application
4/17/2015 4:24:46 PM    C:\Windows\System32\svchost.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application,Modify state of another application
4/17/2015 4:23:16 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:16 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:16 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:16 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:16 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:16 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:16 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:16 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:16 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:15 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:15 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:15 PM    C:\Windows\System32\svchost.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Modify state of another application
4/17/2015 4:23:15 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:12 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:12 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:12 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:23:11 PM    C:\Windows\System32\svchost.exe    Get access to another application    C:\Windows\System32\winlogon.exe    some access blocked    Self-Defense: Do not allow modification of system processes    Modify state of another application
4/17/2015 4:23:11 PM    C:\Windows\System32\svchost.exe    Get access to another application    C:\Windows\System32\winlogon.exe    some access blocked    Self-Defense: Do not allow modification of system processes    Modify state of another application
4/17/2015 4:23:11 PM    C:\Windows\System32\svchost.exe    Get access to another application    C:\Windows\System32\winlogon.exe    some access blocked    Self-Defense: Do not allow modification of system processes    Modify state of another application
4/17/2015 4:20:19 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:19 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:19 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:19 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:19 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:19 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:19 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:19 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:18 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:18 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:18 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:18 PM    C:\Windows\System32\svchost.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Modify state of another application
4/17/2015 4:20:17 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\egui.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:14 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:13 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:13 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:13 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application
4/17/2015 4:20:13 PM    C:\Windows\System32\csrss.exe    Get access to another application    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe    some access blocked    Self-Defense: Protect ekrn and egui processes    Terminate/suspend another application

 

 

 

HIPS Log.txt

Link to comment
Share on other sites
  • ESET Insiders
puff-m-d

puff-m-d 120

Posted
  • ESET Insiders
Posted (edited)

Hello cutting_edgetech,

 

Those log entries are from the default rules and the self-defense modules of HIPS. They are normal and nothing to worry about. In fact, with the default settings in HIPS, you should not be seeing those log entries. You should only see them if you have enabled the "Log all blocked operations" for the HIPS module (Advanced setup > Computer > HIPS > Advanced setup > Log all blocked operations).

HTH...

Edited by puff-m-d
Link to comment
Share on other sites
  • ESET Insiders
cutting_edgetech

cutting_edgetech 25

Posted
  • Author
  • ESET Insiders
Posted

I did enable the logging for the HIPS recently. I just didn't expect to see anything in the log file without receiving a single prompt from the HIPS. Eset's HIPS behaves more like a policy based AE to me. Thank you!

Link to comment
Share on other sites
rugk

rugk 397

Posted
Posted

AE?

Well... of course it's policy based - why do you think can you create rules?

 

HIPS alone is more or less policy based, but "sub features" like the exploit blocker or the advanced memory scanner are maybe less policy based and are working differently.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...