Why not eset self protection protect these..?

Hi'
I can easily delete files in these folders or even folders by just pressing delete. I can even delete HIPS Rules. Why don't eset self protection protect these files also

"C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers"
"C:\ProgramData\ESET\ESET NOD32 Antivirus"

In my opinion ESET should protect all files in the following folders

"C:\Program Files\ESET\ESET NOD32 Antivirus"
and
"C:\ProgramData\ESET\ESET NOD32 Antivirus"

I have to check registry entries for working of self protection.
I think thats why malware are able to disable ESET and remove.

Regards
Ashish Singh

 

Self defense is not active until the user reboot the system

 

HIPS rules can not be removed

 

Well I can delete all these files

 

You can't delete anything in ProgramData without admin escalation. What exactly are you reporting?

 

I can even delete the installer contained in it

 

Look I am using Outpost Firewall Pro 7.5 with nod32. Whenever I try to delete any file from outpost folder it gives me an error that it can't be done because of self protection. Why don't eset protect its files from deletion?

 

In my case i cannot delete those files because of self defense

 

Today with ESET RC version installed from scratch I tried deleting this file
C:\ProgramData\ESET\ESET NOD32 Antivirus\Installer

And I could easily delete it
Also I can delete HIPS Rules .dat as well .xml file

is it normal ? Or these files are useless?
NOTE: I am using ESET Nod32 Antivirus 5 RC

 

I cannot reproduce that, eset denied me access to those files

 

Have you restarted after installing the RC?

 

Yes of course. Most of the files are protected but not all...

 

Which aren't? Msi is merely the installer, it has no effect on security and deleting it won't make your computer vulnerable to malware attacks. As for the xml, I couldn't find any, be more specific please.

 

"Msi is merely the installer, it has no effect on security".

Why ?? It is needed for repair of eset.
Ok leave it I can delete all the files(only outside the folders) in the following folder
"C:\ProgramData\ESET\ESET NOD32 Antivirus"

File names are
EpfwUser.dat
HipsRules.dat
HipsRules.xml
httpblk.dat
local (database file)

 

Also all files in this folder

"C:\ProgramData\ESET\ESET NOD32 Antivirus\Stats"
"C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon"
"C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs"
"C:\ProgramData\ESET\ESET NOD32 Antivirus\Stats"

AND MOST IMPORTANT

"C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles"

Regards
Ashish

 

None of the above are critical files. They are merely statistics, logs or update files that are downloaded during every update so amending them has no effect on program's functionality.

 

Hey Marcos, you are right, but seems files being critical in the %programdata% folder are HipsRules.. After deleting and a restart, the manually created rules are no listed anymore in HIPS Rules Management.

This files (HipsRules.*) seems to need Self-Defense protection.

 

I have never seen any HipsRules.dat

 

Maybe you can try to change your HIPS to interactive or learning mode?

 

I'm on 'learning mode' and there's no HipsRules.dat - instead, there's an HipsRules.bin (can't spot the HipsRules.dat in the screenshot posted above, either.)