ESET version 5.2.9.1

Discussion in 'ESET NOD32 Antivirus' started by PaulBB, May 16, 2012.

Thread Status:
Not open for further replies.
  1. Sacles
    Offline

    Sacles Registered Member

    Hello,

    Restore the default settings in the main window of HIPS does not work correctly (bug already reported).
    Last edited: Jun 3, 2012
  2. Escalader
    Offline

    Escalader Registered Member


    Please clarify why you say HIPS is not working properly. :D
  3. Ego_Dekker
    Offline

    Ego_Dekker Registered Member

    1. Why doesn't ESET add signatures for these files: 0A1E7DC1BBA68DAFA35C1B00D43F4EE432CA17D8, A0A32CAC3227C23AEEC6A7B4BB57872B0EC6D703, C804C14979CF34066B664C0F00A327EAA97C3B3A, E7865BDA2EDB8D80DCDBDB1206B48CE7ADF03DC7?
    2. Why does ESET sometimes change the “a variant of Win32/Kryptik” or “probably a variant of Win32/Agent” signatures to “Win32/Oficla” or “Win32/MBRlock”, but not always? That confuses your users.
    3. You recommend to use special ESET tools to clean malware. I wonder how to clean 1000 infected OS with these tools when your AV's cannot clean malware?
  4. Sacles
    Offline

    Sacles Registered Member

    Excuse me it's in the windows of the advanced parameters for the HIPS.

    If you modify some parameters, the button "Default" does not work to restore the default advanced settings of HIPS
    Last edited: Jun 3, 2012
  5. toxinon12345
    Offline

    toxinon12345 Registered Member

    "Probably a variant of"
    "A variant of"
    are heuristic detection of unknown threats

    Heuristic detections are submitted to ESET (they will add the signature immediately if necessary)
  6. Escalader
    Offline

    Escalader Registered Member

    My Status re: ESET version 5.2.9.1

    Well I can report today that the normal eset update notified me that a new version (5.2.9.1) was available.

    I installed it after disabling OP FW Pro (avoid trouble was my thinking) and the install went okay.

    It wanted a restart after the "upgrade" and I checked that HIPS was OFF before rebooting.

    When the restart finished I see that no HIPS rules were generated this time and HIPS was disabled. The issue of self defense seems to be more clear as before UNLESS you tick HIPS on self defense remains greyed out.

    The help page from Nod 32 relating to all this I include here for the thread.

    I read this several times and then wondered if the whole product is now doing nothing as the help seems to refer to the imbedded self defense as primal. Seems odd to use the same words to decribe 2 types of self defense. Probably a language issue.

    The help also refers to the firewall rules as similar to HIPS rules, but I don't have the Nod32 FW so this help page seems to be for the suite.

    The more I read it the more confused I am. Do I have a FW from Nod32 that I don't want?

    Take a look in your "about" and look at the dates on the various components. Some date back to 2010, 2011. :doubt:

  7. toxinon12345
    Offline

    toxinon12345 Registered Member

    Self-defense are predefined IPS rules for protecting ESET's processes, system services and files.

    You could try to terminate egui.exe after checking the HIPS > Advanced setup > Log all blocked operations option; as an example for logging these rules.

    As for the "Network filtering" mentioned in your quote, the only one I can see is the "Protocol scanning" used by the "Web access protection", but I can assure you Smart Security have more "Network Filtering" features, one of particular interest to me is the Firewall's IDS and Parental control
    Last edited: Jun 5, 2012
  8. Escalader
    Offline

    Escalader Registered Member

    Thanks for your post.

    Unfortunatly I don't match your setup as I only use the AV from Nod32. The HIPS I get from OP FW Pro.


    I looked in the HIPS log (why do I even have one?) and it is empty.
  9. toxinon12345
    Offline

    toxinon12345 Registered Member

    You could create a rule in Outpost; protecting Nod32's processes, files and registry keys.
  10. Escalader
    Offline

    Escalader Registered Member


    I could. I have always practiced exclusion where any security tool/product I have excludes all the others. OP is no exception.

    But the news I have now is not about that.
    After the ESET Nod32 AV 5.2.9.1 "upgrade" I have had 3 BSOD. Missing driver for the HIPS feature in Nod. :thumbd:

    So disabling HIPS prior to the upgrade I thought must be the issue.
    Sadly I felt that if something this fundamental was flawed in the vendor code it must not have been tested. If you want to run OP for FW and HIPS and use Nod32 you are in trouble. I must be the only guy on earth doing it.:D

    So I removed Nod32 from my W7 64 bit setup.

    Once a week or so I will run online scans and for now I'll just run behind the router, with OP FW pro and SUPERAntispyware 5.0.1150 with real time protection enabled.
  11. screenname
    Offline

    screenname Registered Member

    Does 5.0.xx work on your machine?
    I have 3 PCs, 5.2.9.1 works fine on 2 but has problem on the third one. (Machine hung. Slow start up, no/slow intnet access)
  12. Escalader
    Offline

    Escalader Registered Member


    Earlier versions all worked on my W7 64 bit machine.

    with the introduction of 5.2.9.1 the partnership I had carefully build twixt OP FW Pro and Nod32 collapsed.

    The goal at the time was OP did HIPS and FW work and Nod32 did web security and real time AV and ASW work.


    What is hapening is this (IMHO) those (like me) who want to build layers of defense and search and destroy are in a techi "war" with the suite builders. I'm losing.
  13. rcdailey
    Offline

    rcdailey Registered Member

    Disabling HIPS in NOD32 renders the program vulnerable because self-defense is disabled as well. With HIPS disabled, it is possible to completely disable the Eset service so that it will not load at boot. Without the kernel loaded, NOD32 is useless. Eset really needs to rethink this HIPS thing and how it affects the entire application, and especially the configuration options for HIPS and self-defense. At this point, I think that if you intend to use NOD32 (version 5.x and later), you just need to leave HIPS enabled. Otherwise, do not use NOD32. Find another solution.
  14. toxinon12345
    Offline

    toxinon12345 Registered Member

    Usually the average user wont change the HIPS settings.
  15. Escalader
    Offline

    Escalader Registered Member


    Thanks Guys:

    1) I plead guilty to not being an average user (but I don't need 2 HIPS programs)

    2) I have found another solution at the moment it doesn't include Nod32 V5


    The idea of layers is one prevents trouble from getting into your castle via gates, moats, walls etc. Call this my 2 way SFW and a router for a 1 way HFW. Sandboxie is a variation on this theme.

    The next layer is your swat team call it search and destroyfor the uninvited bad guests who get past your walls etc. Don't tell me it is not possible as we all know better. That was what I wanted Nod32 V5 AV (NOT THE SUITE) to do.


    Your HIPS is sort of a bouncer where a guest with good credentials and an invite goes crazy at the party and BEHAVES badly so he has to be put in the sin bin.

    If all this fails and the castle blows up I have the material and plans to rebuild it this is the image restore.

    Enjoy the day!
  16. Escalader
    Offline

    Escalader Registered Member

    Well I just ran a week with no installed Nod32. I ran behind a router, using a 2 way SW FW and SAS with real time scanning installed.

    During the week I visited all the usual (for me) sites and ran the same applications.

    I just ran ON line (free scan) from Nod32 it took 30 minutes and found zip in the way of threats.

    So far so good.
Thread Status:
Not open for further replies.