|
|
#1
September 13th, 2011, 10:44 AM
|
||||
|
||||
HIPS Automatic Mode
Hello i test the new version Final 5.
30 Links with HIPS in interactive mode.Results is zero. Hips in automatic mode the results is... http://i53.tinypic.com/2e54lj7.jpg ....Comodo in Automatic mode do better! |
|
#2
September 13th, 2011, 10:58 AM
|
||||
|
||||
Re: HIPS Automatic Mode
Hello, ESET states this feature is for preventing unauthorized changes in your system.
As far as I know you have not created rules for unauthorize such changes.
__________________
Pentium M| 512 RAM ESET NOD32 Antivirus 5 ESET Smart Security 6 RC |
|
#3
September 13th, 2011, 11:05 AM
|
||||
|
||||
|
Re: HIPS Automatic Mode
Quote:
Hips of Comodo in automatic mode work ,here do nothin.The hips need to be relooking. |
|
#4
September 13th, 2011, 11:23 AM
|
||||
|
||||
|
Re: HIPS Automatic Mode
I can assure that automatic heuristic detections can block a large quantity of malware out there even faster than on-execution technologies.
__________________
Pentium M| 512 RAM ESET NOD32 Antivirus 5 ESET Smart Security 6 RC |
|
#6
September 13th, 2011, 01:49 PM
|
||||
|
||||
Re: HIPS Automatic Mode
Quote:
 |
|
#7
September 14th, 2011, 11:17 AM
|
||||
|
||||
|
Re: HIPS Automatic Mode
Automode is a confusing terminology in ESETs Hips. So be careful!!
Average users believe that automode means that ESET uses some information, predefined rules etc. to make auto decisons. Right as known from many other Hips solutions. But thats an illusion in ESETs case. Reality (and also the helpfile states this clear): Automode in ESETs Hips allows all except manually defined deny rules. So the default setting (HIPS=automode and no default deny rules existing) means: no working HIPS, the same results as without HIPS, no additional protection. To see it for yourself some testcases: - enable logging of all deny actions and execute what you want. Except self-defense messages there will be nothing. - or: disable realtime protection and enable HIPS only. Play with malware - all will pass. - or: do some leaktests: CLT on Win7x86 with ESET HIPS in automode 150/340 (the same result which my Win7 reaches without any security software) http://www.abload.de/image.php?img=cltesetautogkgw.jpg __ Interactive Mode: 280/340 (other HIPSes are better) http://www.abload.de/browseGallery.p...aktiv.juey.jpg Some real world malware testing (signatures off, to test HIPS only) besides the funny leaktests: - HIPS is able to alarm about TDL4 (Direct disc access) and can protect - actual ZeroAccess: no messages from ESETs HIPS - no change to protect from that |
|
#8
September 14th, 2011, 11:26 AM
|
|||
|
|||
|
Re: HIPS Automatic Mode
The statements above are not true. In automatic mode, a set of default rules (beyond the scope of configurable options) protecting crucial files is used. This set of rules will be updated further by module updates to provide even better protection against malware.
|
|
#9
September 14th, 2011, 11:40 AM
|
||||
|
||||
|
Re: HIPS Automatic Mode
Quote:
Ok - i can say nothing about invisible rules. I just posted my observations and facts that everybody can test for himself. If your claims are true than some things make me wonder: - Your helpfile says about auto-mode that all is allowed except deny rules. (Sorry atm i can only cite the german helpfile "Vorgänge werden ausgeführt, mit Ausnahme vorab definierter Regeln zum Schutz Ihres Systems"). So exactly what i said. - And why all testet malware passes HIPS in automode (if AV is turned off of course)? - Why none of CLTs leaktests is blocked in automode? Everybody can easily retest for himself to see that I not postet lies as you claim. So two possibilites: - atm there are no rules in automode - atm those invisible rules are very few and weak The other things about TDL4 and ZeroAccess are true too. You can have MD5 of the zeroacces samples if you want - your signatures already know them. Last edited by SLE : September 14th, 2011 at 11:48 AM. |
|
#10
September 14th, 2011, 04:50 PM
|
||||
|
||||
|
Re: HIPS Automatic Mode
In fact the HIPS of Comodo work pretty good in automatic mode.
Here in automatic mode allow all. I now very well Comodo ,Outpost,Online Armor. The Hips of Eset is the same kind like Malware Defender-"trouth hips). Today all theres company try to do the hips more automatic for the masses.(Look Comodo) If Logo of Droid is technology -here we are very far from the new technology of Hips. I hope that Eset will do better job very soon. .....p.s.Cloud-Powered Reputation the same think....very bad.Miss to much information for the programs.Be better if we make the reputation like Norton. Last edited by Coccinelle : September 14th, 2011 at 05:08 PM. |
|
#11
September 15th, 2011, 01:59 AM
|
||||
|
||||
|
Re: HIPS Automatic Mode
Quote:
In what point? Malware Defender Hips watches far more system activities than ESETS and is much more user friendly: you can define rule groups, have user defined presets etc. ... So IMO you can't compare them. |
|
#12
September 15th, 2011, 04:24 PM
|
||||
|
||||
|
Re: HIPS Automatic Mode
COMODO Leaktests v.1.1.0.3
Interactive Mode:HIPS, Fiwewall Windows Vista Ultimate SP2 64 bit 10. Injection: SetWinEventHook 11. Injection: SetWindowsHookEx 10, 11, this is a bug Leaktests? 
__________________
ESET Smart Security 5 - The next generation of NOD32 Technology. ESET - Essential Security against Evolving Threats Windows 7 x64 SP1. Moscow Last edited by ESS3 : September 15th, 2011 at 05:01 PM. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
