Hello. This little issue started yesterday and really annoys me. EVERYTIME i log on Steam or i shut down/restarts my PC, the message saying that System is trying to modify a logfile on the directory C:\Windows\system32\WDI\LogFiles\ShutdownCKCL.etl (this happens when i try to restart or shut down my pc) and on C:\Windows\system32\Logfiles\WMI\RtBackup\EtwRESteam Event Tracing.etl (and this is when i log on steam).
What is going on? I tried to allow it, marked as a trusted application and everything. But, everytime i restart or shutdown the problem continues to occur!
Can someone help me? Please? This never happened before.
I’m sending a screenshot of Defense+ Logs. It’s on portuguese, sorry.
You should not be asked this System is part of the group Windows System Application in Rulesets they are allowed to do all without asking.
So either you have taken in Defense+ the application system out of that group, or you install is corrupt.
If you check in Defense+ Hips rules the group Windows System Applications should be at the bottom which will include System.
Then check Rulsets there should be group Windows System Applications with if you edit all functions allowed including the first one which says Ask as if you Modify you will see * plus a box after which means allow all applications to be run.
If you are running CIS 7/8 at default Hips is now disabled as the Sandbox takes precedence.
I added “Windows System Application” to the rules last night, but the annoying thing is that this morning it was missing. I am pondering if the best thing to do now, would be a clean install. But, that will have to wait until the weekend.
c
Evening update.
I may of been a bit premature on this point. At the moment all now seems to be OK. Keeping fingers crossed.