I just tried running Etcher for the first time, and it caused my security software to light up. It isn’t unusual for the software to flag something, so that wasn’t an immediate problem. However, I see no reason why Etcher should be taking any of these actions.
For starters why is Etcher trying to get Tcb privileges? This lets it act as part of the operating system and is complete overkill for anything legitimate it needs to do. There’s also no reason it would need to modify the certificate stores.
I killed it after that, so I don’t know what else it was going to modify…
Date & Time | Alert Type | Description | Advice | Answered | Answer | Option | Treat as |
---|---|---|---|---|---|---|---|
2020-10-28 08:44:52 | HIPS alert | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is trying to modify a protected registry key | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized and it is about to modify the protected registry key HKLM\Software\Microsoft\SystemCertificates\CA. You must make sure C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is a safe application before allowing this request. | 2020-10-28 08:44:52 | Deny, Terminate and Reverse | Remember | |
2020-10-28 08:44:48 | HIPS alert | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is trying to modify a protected registry key | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized and it is about to modify the protected registry key HKLM\Software\Microsoft\SystemCertificates\CA. You must make sure C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is a safe application before allowing this request. | Invalid DateTime | Show | ||
2020-10-28 08:44:41 | HIPS alert | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is trying to modify a protected registry key | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized and it is about to modify the protected registry key HKUS\S-1-5-21-1881121578-3391224131-2480528822-1001\SOFTWARE\Policies\Microsoft. You must make sure C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is a safe application before allowing this request. | 2020-10-28 08:44:41 | Deny | Remember | |
2020-10-28 08:44:24 | HIPS alert | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is trying to modify a protected registry key | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized and it is about to modify the protected registry key HKUS\S-1-5-21-1881121578-3391224131-2480528822-1001\SOFTWARE\Policies\Microsoft. You must make sure C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is a safe application before allowing this request. | Invalid DateTime | Show | ||
2020-10-28 08:44:18 | HIPS alert | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is trying to modify a protected registry key | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized and it is about to modify the protected registry key HKUS\S-1-5-21-1881121578-3391224131-2480528822-1001\Software\Policies\Microsoft\SystemCertificates\CA. You must make sure C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is a safe application before allowing this request. | 2020-10-28 08:44:18 | Deny | Remember | |
2020-10-28 08:44:11 | HIPS alert | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is trying to modify a protected registry key | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized and it is about to modify the protected registry key HKUS\S-1-5-21-1881121578-3391224131-2480528822-1001\Software\Policies\Microsoft\SystemCertificates\CA. You must make sure C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is a safe application before allowing this request. | Invalid DateTime | Show | ||
2020-10-28 08:44:05 | HIPS alert | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is trying to modify a protected registry key | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized and it is about to modify the protected registry key HKUS\S-1-5-21-1881121578-3391224131-2480528822-1001\Software\Microsoft\SystemCertificates\CA. You must make sure C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is a safe application before allowing this request. | 2020-10-28 08:44:05 | Deny | Remember | |
2020-10-28 08:43:43 | HIPS alert | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is trying to modify a protected registry key | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized and it is about to modify the protected registry key HKUS\S-1-5-21-1881121578-3391224131-2480528822-1001\Software\Microsoft\SystemCertificates\CA. You must make sure C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is a safe application before allowing this request. | Invalid DateTime | Show | ||
2020-10-28 08:43:37 | HIPS alert | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is trying to obtain an elevated privilege | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized and it is about to obtain Tcb privilege. If C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is one of your everyday applications, you can allow this request. | 2020-10-28 08:43:37 | Deny | Remember | |
2020-10-28 08:43:35 | HIPS alert | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is trying to obtain an elevated privilege | C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized and it is about to obtain Tcb privilege. If C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 is one of your everyday applications, you can allow this request. | Invalid DateTime | Show | ||
2020-10-28 08:43:25 | HIPS alert | cmd.exe is trying to execute C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 | cmd.exe is a safe application signed by Microsoft Windows. However, the executable C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized. Please submit it to COMODO for analysis. | 2020-10-28 08:43:25 | Allow | Remember | |
2020-10-28 08:43:01 | HIPS alert | cmd.exe is trying to execute C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 | cmd.exe is a safe application signed by Microsoft Windows. However, the executable C_powershell.exe_A14C41F955205F2AB48520E9335E0213DD30EA82.ps1 could not be recognized. Please submit it to COMODO for analysis. | Invalid DateTime | Show |