Jump to content

Kernel eevents in 4.5.1.431


newboy192
 Share

Recommended Posts

Since upgrading to 4.5.1.341 the History log is full of kernel events. The previous version of OA I had installed reported significantly fewer kernel events. Here is an example of just one (jqs.exe is a legitimate Java system file):

OA Driver: Duplicate Object, Acc:0, Opt: 6, PID 280, Src 936 -> Trg: 936 – Deny (watched)

280 – jqs.exe

And another one, this time for process explorer:

OA Driver: Create File, PID: 3504, Acc 80100180 Shr:3, File: C;\Program Filwes\Online Armor\oahlp.exe - Deny (rule)

3504 - procexp.exe

Any idea as to why I'm suddenly getting lots of these kernel events? Does it indicate a problem?

Regards

Link to comment
Share on other sites

The majority of kernel events are just the result of OA's self protection (which was enhanced when x64 support was added). They aren't anything to worry about and can be filtered out of the History if desired :)

You say "the majority", how would we tell which are simple records of usage, and which are actually something to take notice of?

Thank you.

Link to comment
Share on other sites

You say "the majority", how would we tell which are simple records of usage, and which are actually something to take notice of?

Thank you.

If you aren't experiencing any problems, then there is no reason to worry about the kernel events :) They are not actually that useful to users. It's more of a debug feature that can help the developers in the event of someone having a particular problem that they have requested the history for.

Link to comment
Share on other sites

  • 2 weeks later...

If you aren't experiencing any problems, then there is no reason to worry about the kernel events :) They are not actually that useful to users. It's more of a debug feature that can help the developers in the event of someone having a particular problem that they have requested the history for.

Well, I am experiencing some problems, but I presume you mean to ignore kernel events unless instructed otherwise by support staff.

If it really is simply a debug feature that isn't useful to users, perhaps it should have it's own section of "Kernel event history", that only appears when debug mode is activated.

I'm curious why I see so much Denying, even of perfectly legitimate, trusted programs.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...