error when i shut down

Discussion in 'ESET Smart Security' started by mantra, Mar 25, 2013.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    Hi

    on my laptop i run smart security 4 last built

    at every shut down i got this error

    Code:
    log type Application
    event Warning
    source Userenv
    event id 1517
    user name SYSTEM
    error tranlated in uk with google

    i run xp and only smart security no other softwares

    is there a fix?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Ekrn is run in the system account, not in a user account. Does renaming any of the following files in safe mode make a difference?
    C:\Windows\System32\drivers\eamonm.sys
    C:\Windows\System32\drivers\ehdrv.sys

    If not, does the problem go away after uninstalling ESS? I'd also strongly suggest upgrading to the latest version 6.0.314 as v4 is obsolete and may contain bugs resolved in newer versions.
     
  3. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    hi
    i will try to rename these files
    but until few days ago , i had nod antivirus v4 ,never had a problem
    it starts with smart security v4
     
  4. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    i tried v4 and v6 , seems the problem is related to self defence but this happen on xp and smart security
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Do you mean that after installing v6 the problem persisted but after disabling HIPS it went away? If so, enable logging of blocked operations, reproduce the problem and then post here the recent records from your HIPS log.
     
  6. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    hi

    clean install , ESETUninstaller.exe for windows 7
    w7 32bit , installed the last v5 version , in this case ,antivirus (not smart secutiry) , acivated , updated ,hips i learning mode

    Code:
    27/03/2013 17:34:19	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:32:57	C:\Windows\System32\svchost.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application,Modify state of another application
    27/03/2013 17:32:57	C:\Windows\System32\svchost.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application,Modify state of another application
    27/03/2013 17:31:28	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:28	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:28	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:28	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:28	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:28	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:28	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:28	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\svchost.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Modify state of another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:26	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:25	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:25	C:\Windows\System32\csrss.exe	Get access to another application	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	some access blocked	SelfDefense: Protect ekrn and egui processes	Terminate/suspend another application
    27/03/2013 17:31:25	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
    27/03/2013 17:31:25	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
    27/03/2013 17:31:25	C:\Windows\System32\svchost.exe	Get access to another application	C:\Windows\System32\winlogon.exe	some access blocked	SelfDefense: Do not allow modification of system processes	Modify state of another application
     
  7. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    after what? 40 reboots to find out the problem

    i set the hips automatic mode with rules i got rid of the errors

    but in learnig mode it's a problem reboot or shut down

    but how should i setup the hips?
    learning mode ? right at the fist install
    after i used my programs change to ?

    i even create these 2 rules
    but i don't think they are the best :)

    http://i.imgur.com/qYlZQPN.png
    http://i.imgur.com/aHfv0EC.png
    http://i.imgur.com/PzSovbw.png
    http://i.imgur.com/2JIH1xR.png
    http://i.imgur.com/GTpDXZZ.png
    http://i.imgur.com/cBIbJt2.png

    Code:
    Virus signature database: 8168 (20130327)
    Update module: 1041 (20120430)
    Antivirus and antispyware scanner module: 1384 (20130312)
    Advanced heuristics module: 1139 (20130208)
    Archive support module: 1163 (20130312)
    Cleaner module: 1060 (20130228)
    Anti-Stealth support module: 1038 (20130110)
    ESET SysInspector module: 1232 (20130206)
    Real-time file system protection module: 1007 (20111129)
    Translation support module: 1100 (20121205)
    HIPS support module: 1071 (20130301)
    Internet protection module: 1051 (20121203)
    Database module: 1033 (20130319)
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I was unable to reproduce the warnings in the application event log with a clean install of v6.0.314 and switching HIPS to learning mode. After a computer restart, no warnings appeared in the log. Maybe it's another 3rd-party application clashing with HIPS.
     
Thread Status:
Not open for further replies.