Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: echinchon2001 on April 28, 2021, 06:21:28 PM
-
Frequently at start-up, I will receive sidebar notifications from Windows Security, and I am looking for remedy. Please.
"Unauthorized changes blocked. Controlled folder access blocked [one, all, or more of exe-files below] from making changes to memory"
- C:\Program...\instup.exe
C:\Prog...\aswidagent.exe
C:\Prog...\AvastSvc.exe
C:\Prog...\AvEmUpdate.exe
-
Can you please post a screenshot?
Thanks.
-
I will the next time that it occurs. It does not happen at every start-up, but only with apparent updates.
The frequency can be on average once per week, and today I cleared all the notifications after writing down the blocked exe-files.
-
Attached are two screencaps: 1) the Notification , 2) view after clicking on Notification.
-
Can you please open Event Viewer, go to Application and Services Logs (it may take a while to open), navigate to Microsoft\Windows\Windows Defender\Operational and look for the associated warnings (and post an example here)?
The warnings are related to Defender's antiransomware feature - but we're not sure what actually "making changes to memory" means, or why it doesn't consider antimalware processes safe.
-
Two 'blocks', today.
Friendly Views pasted, below. (Or is XML preferred? or simply screencaps?)
- System
- Provider
[ Name] Microsoft-Windows-Windows Defender
[ Guid] {11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}
EventID 1127
Version 0
Level 3
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2021-04-30T15:43:38.8617297Z
EventRecordID 3879
Correlation
- Execution
[ ProcessID] 1680
[ ThreadID] 11536
Channel Microsoft-Windows-Windows Defender/Operational
Computer XXXXXX
- Security
[ UserID] XXXXXX
- EventData
Product Name Microsoft Defender Antivirus
Product Version 4.18.2102.3
Unused
ID
Detection Time 2021-04-30T15:43:38.856Z
User NT AUTHORITY\SYSTEM
Path \Device\Harddisk0\DR0
Process Name C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
Security intelligence Version 1.331.2590.0
Engine Version 1.1.17900.7
--------------------------------------------------------------------------------------------
- System
- Provider
[ Name] Microsoft-Windows-Windows Defender
[ Guid] {11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}
EventID 1127
Version 0
Level 3
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2021-04-30T15:43:06.6259805Z
EventRecordID 3876
Correlation
- Execution
[ ProcessID] 1680
[ ThreadID] 8688
Channel Microsoft-Windows-Windows Defender/Operational
Computer XXXXXX
- Security
[ UserID] XXXXXX
- EventData
Product Name Microsoft Defender Antivirus
Product Version 4.18.2102.3
Unused
ID
Detection Time 2021-04-30T15:43:06.475Z
User NT AUTHORITY\SYSTEM
Path \Device\Harddisk0\DR0
Process Name C:\Program Files\Avast Software\Avast\aswidsagent.exe
Security intelligence Version 1.331.2590.0
Engine Version 1.1.17900.7