Eset SS-5 Hips problem

Discussion in 'ESET Smart Security' started by tommy456, Sep 19, 2011.

Thread Status:
Not open for further replies.
  1. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    The hips module appears to be blocking a windows service why? i have also noticed that it will block things without asking the user,there does not seem to be any way to override it apart from disabling it altogether,

    I wish those who design these modules would take into account that the computer owner has ultimate control they should not try and hinder this

    Also the check licence validity button is not doing anything this issue occurres with both ESS4 /5

    Scrn shot showing the issue above

    the name suggests that it is eset firewall driver?? so why does windows want to delete it or why does hips think that it does?
     
  2. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    You should want to paste the HIPS log into the forum by right clicking it and select copy all.
     
  3. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
  4. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Please copy paste the text here, Not screenshots. That will do things easier.
     
  5. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    The text that you have entered is too long (119732 characters). Please shorten it to 81920 characters long so unable to post complete log, but the link isnt to a screen shot it is a txt file
     
  6. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Oh sorry I cant access the link, maybe broken? Could you paste a few lines here?
     
  7. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    link is working fine for me btw
     
  8. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Thats because ESET Firewall registry keys are protected against deleting. Self-Defense rules have saved you.

    Other rules I noticed are:
    "dont allow modification of system processes"
    "protect egui and ekrn processes"
    "protect eset files"
     
  9. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    Well i have changed some of the rules services.exe now does as windows wants it to do, and as the firewall module is essentially the same version as it is/was with ess4 it will of been doing what it wanted without being blocked by esset already,just as it does with hips disabled, services.exe may delete those files but eset will re write them as needed, IMO all windows system processes should work as intended and hips should not be flagging them
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Let's say a piece of malware injects into a Windows process. According to what you say, it shouldn't be blocked by Self-defense at all and all operations should be allowed, including tampering with ESET registry keys or files on the disk (?)
     
  11. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    I understand what you are saying but when hips set to it's defaults is causing issues when playing on line games and using apps such as teamspeak3 , then it's a case of don't use hips or modify it's blocking behavior,

    the other night my game crashed, i was unable to tab out of it game would not minimize so i could close it down or kill its process with taskmanager, so had to reset pc, the crash was caused by hips stopping a team speak overlay injecting into the game properly Eset ss 4 did not have any of this crap it just worked, this version don't 100%. last night the eset gui crashed and process stopped. in fact it crashes a lot but usually re starts it's self
     
  12. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Are you saying that by disabling SelfDefense you are not experiencing that problem anymore?
     
  13. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    If hips module is set to learn or the default, the game will crash and load slower than normal, infact the performance of the pc is somewhat affected by hips,

    With hips disabled or with my own rules the game runs ok, and although it may crash i ain't locked into it, i can tab out of it to kill it's running process if needed, no having to reset my pc risking corruption to data of the hdd,

    I'm all for having a robust line of defense against malware but if that restricts what i can use my pc for, then it will get disabled, there should be a way of excluding files from real time and hips protection ans scanning,

    also there seems to be lot of hdd activity during game play, infact even afterwards, i was unable as what was causing it, but i have my suspicions , as before i installed eset ss5 i never had these issues, but within hours i have

    Update module: 1036B (20110617)

    Antivirus and antispyware scanner module: 1321B (20110914)

    ESET SysInspector module: 1221B (20110623)

    Real-time file system protection module: 1005B (20110311)

    Translation support module: 1028B (20110907)

    The above appear to possibly be beta modules as the have the letter b + the date of creation

    HIPS support module: 1026 (20110725) 25 July 2011 ?
     
  14. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    The latest version of HIPS module is in pre-release phase, you could try and see if that correct the problem (1027P). Or Maybe a reinstall solves the problem.
     
Thread Status:
Not open for further replies.