HIPS - Feedback - additional information

Hello,

I like the HIPS included in version 5 over 4 of Antivirus. However I have a number of minor niggles.

There are no default rules included in the beta. This would be nice, however I understand it is only a beta. You cant really tell what it is doing in default automatic mode with rules as it doesnt create any. If so where.

In interactive mode the information provided at the allow/deny authorisation box is very limited. To be blunt, zonealarm offered this information back in the early 2000 years. More information please, maybe the inclusion of the cloud based reputation information in the box would be of great help or at least further information such as that provided by the sysinternal process explorer application would be useful.

Complete system shutdown required for HIPS to reengage in interactive mode. Im not sure about this but I think this is what happenned. I understand why but it was not explained after moving from auto mode to interactive.

One of the greatest attributes of ESet antivirus products I like is the automatic termination of internet processes that involve viruses. I am very glad this has been retained.

Other than that I like very much. Cant tell what has changed under the bonnet in relation to 5 over 4, so I hope automatic upgrade allowed from 4 to 5 in relation to licenses.

If this has all been meantioned in previous forum threads sorry to repeat.

Regards

 

The number of options for HIPS should be reduced. HIPS should only be used if there is no other way to determine if software is malware. Every time a user has to respond "allow" or "deny" increases the chances he/she will become infected.

 

Hello Eset
I am a little bit concerned about the new H.I.P.S. feature in version 5 of Eset Smart Security. What concerns me is, that I do not receive any guidense when a H.I.P.S. notification appears. I am not able /unsure how to decipher the popup window. Maby some whitelisting based on reputation, digital signature, just something to lean against to support the less knowledgeable.
H.I.P.S. is without doubt a great tool to catch Malware, where there is no known signature, but it can also lead to fustation, at least for me. Of course I can always use H.I.P.S in automatic mode, but for me it is somewhat contradictory. the purpose of H.I.P.S. is to have a kind of interaction between the user and the software interface, when is it needed, IMHO. So please Eset give some guidance to the hips notifications, Otherwise version 5 runs smoothly on my machine.
Best Regards

 

HIPS application control inclusion dont increases the chances of infections, because the main task of Filesystem protection is the automatic filtering/recognition of files with bad or good intentions

 

Occasionally a bad file will slip through.

 

In Open ESS 5/ Setup/ Computer group is your HIPS WITH a Green Check by it Blue WITH an Active "Enabled" - OR - Black & Non-Active like mine?

All Groups in Setup that have an Enabled/Disabled indicator show a BLUE Active Enabled/Disabled EXCEPT HIPS. Makes me think something is wrong and I couldn't get this answered in another Thread. Many Thanks!

 

@ ESET:

Will the automatic HIPS mode be something like a behavior blocker if it is set up ready?

Just wondering about your plans for the HIPS..

 

Good Question

Considering that in the press release ESET said.....

Now my questions are, is there any settings for this Behavior analysis technology?
And what will the popup look like when the Behavior analysis detects something?

 

no answers from ESET... where can i find the settings for this behaviour blocker?

 

Bump....

 

Hi, I downloaded ESS beta 5 and here are my observations about HIPS...

HIPS needs to have groups setup. Like Trusted Applications, Blocked Application, etc. Allow or Deny rules can be set for groups and then applications can be populated in to groups respectively. This would greatly reduce the chaos and make HIPS configuration easy.

HIPS should be brought in to Main ESET Setup Tab, should not be hidden in Advanced Setup.

In HIPS configuration, right click on an application to allow/deny would be more easier for basic use compared to clicking on edit--selecting everything...

We can also have protected Files/Folders configurable via HIPS settings.

HIPS Alerts should be coloured to indicate the verdict of ESET, like RED for a dangerous operation and Green for a casual operation. It would make it easy for the users to take decision on HIPS Alert Popups.