explorer.exe crashing possibly HIPS

Discussion in 'ESET Smart Security' started by skippyhippy, Jul 10, 2012.

Thread Status:
Not open for further replies.
  1. skippyhippy

    skippyhippy Registered Member

    Joined:
    Jul 10, 2012
    Posts:
    2
    Location:
    United Kingdom
    I think there may be a problem with my configuration of ESET Smart Security 5.0.95.0 (as far as I know, the computer is clean; I have done scans with four separate pieces of software both in and out of safe mode, and there is no other suspicious activity). HIPS is recording explorer.exe blocks, and explorer.exe is crashing every now and then for no apparent reason. I pasted some of the logs below, which are exactly the same every day. The explorer crashes only began after I upgraded to the new version of Smart Security.

    HIPS log entries

    C:\WINDOWS\explorer.exe Get access to file C:\Program Files\ESET\ESET Smart Security\egui.exe some access blocked SelfDefense: Protect ESET files Write to file

    C:\WINDOWS\system32\services.exe Delete from registry HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EPFWTDI\0000\LogConf\OverrideConfig blocked SelfDefense: Registry with full protection

    C:\WINDOWS\explorer.exe Get access to file C:\Program Files\ESET\ESET Smart Security\SysInspector.exe some access blocked SelfDefense: Protect ESET files Write to file

    C:\WINDOWS\system32\svchost.exe Modify state of another application C:\WINDOWS\system32\winlogon.exe blocked SelfDefense: Do not allow modification of system processes

    C:\WINDOWS\explorer.exe Get access to file C:\Program Files\ESET\ESET Smart Security\SysRescue.exe some access blocked SelfDefense: Protect ESET files Write to file


    I hope this is the right place to post this. Otherwise please advise me of what to do and feel free to either delete or move this thread.

    System information

    ESET Smart Security version:
    5.0.95.0 (English)

    Operating system version:
    Windows XP SP3

    ESET modules:
    Virus signature database: 7287 (20120710)
    Update module: 1040 (20120313)
    Antivirus and antispyware scanner module: 1363 (20120702)
    Advanced heuristics module: 1121 (20111208]
    Archive support module: 1147 (20120620)
    Cleaner module: 1057 (20120626)
    Anti-Stealth support module: 1026 (20110628]
    Personal firewall module: 1082 (20120515)
    Antispam module: 1022 (20120601)
    ESET SysInspector module: 1225 (20120629)
    Self-defense support module: 1018 (20100812)
    Real-time file system protection module: 1006 (20110921)
    Translation support module: 1044 (20120223)
    HIPS support module: 1052 (20120613)
    Internet protection module: 1041 (20120627)
    Web content filter module: 1009 (20110705)
    Advanced antispam module: 1043 (20120709)
    Database module: 1022 (20120709)
     
    Last edited: Jul 10, 2012
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    Sorry for the delay but have you since upgrade to version 5.2.9.1 and if so, are you still having the same issues?

    If you have not upgraded, I'd recommend completely uninstalling (manual uninstall) and reinstalling the latest version. There may have been an issue with the original upgrade installation.
     
  3. skippyhippy

    skippyhippy Registered Member

    Joined:
    Jul 10, 2012
    Posts:
    2
    Location:
    United Kingdom
    Sorry for the significant delay in getting back to you. I appreciate you replying to my initial post, but I simply missed your post.

    I have done as you advised and updated to the 5.2.9.1 version with a clean manual install. So far I have not had any recurring issues, and the Explorer and ESET driver crashes seem to have stopped also. I imagine it was simply bad configuration or corruption. I had attempted to update ESET via the GUI automatically, but a manual install was obviously required in this case. One thing that hasn't changed is the HIPS log; HIPS SelfDefense continues to log attempted access to ESET and system files by svchost.exe and explorer.exe. I certainly can't figure out why this is the case, and I am almost certain that there is nothing hiding on my system.
     
    Last edited: Sep 23, 2012
Thread Status:
Not open for further replies.