GUI is suspended

Discussion in 'ESET NOD32 Antivirus' started by kencl, Dec 14, 2012.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    That's interesting to know. The weird thing is that no changes have been made to HIPS since RC that could cause the issue.
    Please make sure that Self-defense is 100% enabled and working and that no other problems arise. Please post here the information about installed modules (from the About window).
    If you confirm that everything works well with the release version of ESS v6, we'd appreciate if you could once more uninstall it and install RC v6. We don't see any reasons why it wouldn't work but it'll be interesting to hear about your findings.
     
    Marcos, Jan 15, 2013
    #26
  2. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    Yeah, will do. I thought my eyes deceived me too, but yes Self-defense and HIPS are enabled. And I'm currently on the pre-release updates servers just as last time too.

    Code:
    Virus signature database: 7895 (20130115)
Update module: 1040 (20120313)
Antivirus and antispyware scanner module: 1377 (20130110)
Advanced heuristics module: 1138 (20121210)
Archive support module: 1158 (20121203)
Cleaner module: 1059 (20121212)
Anti-Stealth support module: 1038 (20130110)
ESET SysInspector module: 1230 (20130108)
Real-time file system protection module: 1007 (20111129)
Translation support module: 1100 (20121205)
HIPS support module: 1064 (20130109)
Internet protection module: 1051 (20121203)
Database module: 1024 (20121016)
    This is all with me working through remote desktop currently. I'll be sure to give it another reboot followed by a reinstall tonight.

    For the record, here's the HIPS log after the installation and reboot.

    Code:
    2013-01-15 10:26:46 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application,Modify state of another application
2013-01-15 10:25:19 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:19 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:19 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:19 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:19 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:19 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:19 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:19 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:19 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:18 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:18 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Modify state of another application
2013-01-15 10:25:18 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:17 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:17 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:16 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:25:16 AM	C:\Windows\System32\taskhostex.exe	Modify startup settings	HKEY_USERS\S-1-5-21-3363106976-1724946033-2902058823-1001\Software\Microsoft\Windows\CurrentVersion\Run\internat.exe	allowed	Automatic mode	
2013-01-15 10:25:14 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
2013-01-15 10:25:14 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
2013-01-15 10:25:14 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
2013-01-15 10:25:14 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
2013-01-15 10:25:14 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
2013-01-15 10:23:29 AM	C:\Windows\System32\services.exe	Modify startup settings	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DeviceAssociationService\Start	allowed	Automatic mode	
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\services.exe	Modify startup settings	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DeviceAssociationService\Start	allowed	Automatic mode	
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:23:26 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
2013-01-15 10:23:25 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
2013-01-15 10:23:25 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
2013-01-15 10:23:25 AM	C:\Windows\System32\services.exe	Get access to another application	C:\Windows\System32\lsass.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application,Modify state of another application
2013-01-15 10:20:54 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\lsass.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:54 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\csrss.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\wininit.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\csrss.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\smss.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	[System]	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\csrss.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\lsass.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\csrss.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\wininit.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\csrss.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\smss.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
2013-01-15 10:20:53 AM	C:\Windows\System32\svchost.exe	Get access to another application	[System]	some access blocked	SelfDefense: Do not allow modification of system processes	Terminate/suspend another application
    I do notice that the explorer.exe process is no longer in this log trying to modify the egui.exe process though.
     
    Geosoft, Jan 15, 2013
    #27
  3. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    OK, I'm completely confused. I did a full reinstall and tried my best to reproduce the problem and I can't.

    I can only assume that this was fixed in code between RC and release. For example, the gamer mode for Windows 8 wasn't properly implemented for modern (metro) apps.

    I'll keep an eye out for this if it happens again. For now, the issue on my computer has been resolved.
     
    Geosoft, Jan 15, 2013
    #28
Page 2 of 2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...