Nikilet

Behavior alert received on start up

Recommended Posts

My computer is having trouble booting this morning and I have no idea why. I went into the Event Viewer but I understand nothing of that. I did copy some error messages if anyone would like to take a look at them. 

 

I restarted and my desktop came up, altho not fully loaded with all my icons and everything. The little circle was still going around and then my screen turned white. It stayed white for some time while the circle kept going around and then my dekstop finally came back with all folder and such loaded but there was a "Behavior Alert" from Emsisoft. I have attached screenshot here. Can anyone tell me if this indicates an infection ... or what might be going on?

 

I have 6 events copied to Notepad from my Event Viewer, if they would help identify what's going on.

post-26590-0-21785400-1454961683_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

Yes, please allow the Intel program in that alert. It is related to drivers for your computer's hard drive controller, and the alert for it may be related to the issues you were having.

Share this post


Link to post
Share on other sites

That is the first time I've ever gotten that particular alert. Since I didn't know what it was I "Allowed Once." Are these alerts recorded somewhere, to where I could go in and "Always Allow" this one?

Share this post


Link to post
Share on other sites

Are these alerts recorded somewhere, to where I could go in and "Always Allow" this one?

You can adjust the Application Rules to determine whether something is always allowed or not. Here's how to get to edit a rule:

  • Open Emsisoft Anti-Malware.
  • Click on Protection.
  • Find IAAnotif.exe in the list, and double-click on it.
  • Click on Custom monitoring and change it to All allowed.
  • Click OK at the bottom to save the changes.

Share this post


Link to post
Share on other sites

IAAnotif.exe is not in the list, I suppose since I allowed once. Still can't understand why I would have received an alert on this. If it ever pops up again I will elect to always allow.

 

Thank you.

Share this post


Link to post
Share on other sites

If you allowed it once then it will appear again at the next startup.

You can zip that file and submit it in FP topic for whitelisting.

Share this post


Link to post
Share on other sites

It could have been a temporary issue with reading its digital signature. There may also be versions of the file that aren't digitally signed, and that could be why you saw the alert.

Share this post


Link to post
Share on other sites

I just got the alert on that file again. I'm having other problems and didn't get the file zipped but I did "Always Allow" this time. If it comes up again I'll try to zip and submit.

Share this post


Link to post
Share on other sites

I went to program data/emsisoft/logs and the last log it shows there is Feb. 8. That's not right because it scans every day and it scanned last night 

 

Maybe there's another place?

Share this post


Link to post
Share on other sites

Open EAM's interface.

Go to Logs-behavior blocker.

It should be there...

The whole path to the file should be also under Protection-application rules.

Share this post


Link to post
Share on other sites

Here's how to get to the Behavior Blocker log:

  • Open Emsisoft Anti-Malware.
  • Click on Logs.
  • Click on Behavior Blocker at the top.

Share this post


Link to post
Share on other sites

Here is the log you asked for.

 

As long as I have your attention ... I have another topic in regarding how to exclude things from being scanned. I finally figured out how to add those things for exclusion, I think, but if I decide I want to remove an item I have added, where do I go to remove it?

 

It's rather odd that after you add something you would think it would then appear on that screen, but after I go to Manage White List, I click the little arrow on the left to choose Name, File, Folder, Process ... then I click the three little dots and explorer opens ... I browse to what I want to add and click ok and POOF, it disappears from the screen. Now I may want to remove one of those things I added so where do I find them?

BB_160213-230336.txt

Share this post


Link to post
Share on other sites

Interesting, I don't see any entries of IAAnotify.exe in the log. The next time you see the alert, try clicking on the View details button on the right side of the alert, and let me know if you see any information listed.

Share this post


Link to post
Share on other sites

This is interesting because I'm sure I saw it in the log. I have clicked on View details and there's always something there so next time I'll take a screenshot.

 

You can adjust the Application Rules to determine whether something is always allowed or not. Here's how to get to edit a rule:

  • Open Emsisoft Anti-Malware.
  • Click on Protection.
  • Find IAAnotif.exe in the list, and double-click on it.
  • Click on Custom monitoring and change it to All allowed.
  • Click OK at the bottom to save the changes.

 

Find it in what list? I see no IAAnotif.exe, I see no Custom monitoring. 

Share this post


Link to post
Share on other sites

Find it in what list? I see no IAAnotif.exe, I see no Custom monitoring.

If it's not there, then you can try adding it manually. There's a button at the bottom of the Application Rules list to add a new rule.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.