Author Topic: 'Access memory' event log entries - how can I suppress these? [v6]  (Read 2229 times)

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11852
Some older programs and some utilities (eg process explorer) repeatedly access the memory of all running programs, including CIS and windows system files. Malware also does this for less benign reasons - to crash security software for example.

CIS prevents such access to its own, Windows and some other files and logs an event each time it occurs.

If and only if you totally trust the file that is doing this (look in the 'application' column), you can suppress these alerts by allowing them in the protection settings of the file or group being accessed.

To do this navigate to Advanced Settings ~ Security Settings ~ Defense Plus ~ HIPS ~ Rules and locate the file or group being accessed. In most cases this will be a file in the CIS group itself, so choose the CIS group.

If this file has a custom setting (as CIS does), choose Edit ~  Protection settings ~ Interprocess Memory Accesses ~ Modify and add the file to the exclusion list.

If this file has a predefined policy setting (as windows files do). Navigate to Advanced Settings ~ Security Settings ~ Defense Plus ~ HIPS ~ Rulesets. Then choose the appropriate predefined policy, choose edit then follow the same steps as above. Do this very carefully as any changes you make here will affect a lot of files.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek