Ok question regarding HIPS. I initially put smart mode on and seen in log legit apps were been blocked so I changed to learning mode. But apps are still been blocked, nod32 is even blocking itself 06/12/2014 15:14:36 C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe Modify state of another application C:\Windows\System32\csrss.exe blocked Self-Defense: Do not allow modification of system processes 06/12/2014 15:14:36 C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe Get access to another application C:\Windows\System32\csrss.exe some access blocked Self-Defense: Do not allow modification of system processes Modify state of another application (this one seems worked) 06/12/2014 10:22:48 C:\Windows\System32\taskhost.exe Modify startup settings HKEY_USERS\S-1-5-21-4172241013-911965141-3489704341-1000\Software\Microsoft\Windows\CurrentVersion\Run\internat.exe allowed Learning mode 05/12/2014 14:23:58 C:\Windows\System32\svchost.exe Get access to another application C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe some access blocked Self-Defense: Protect ekrn and egui processes Terminate/suspend another application,Modify state of another application these are just a few lines I pasted. There is a lot more. I do see plenty of rules added tho. If I go back to smart mode after the 14 days will these rules still take effect?
ESET staff tells you to disable some protection modules to isolate the "problem", to see what exactly is causing the slowdown, so they can fix it. Personally ESET runs great in my machine, it runs better than any other security that I have tried until now. After the first learning scan, I simple dont feel any impact ...
I understand. But why they do that is exactly like Nightwalker says above, that is only to isolate the problem. For example, if you would disable the HIPS (no difference) then disable the http module (makes a difference) then ESET would know that the cause for the problem is in the http module and they can continue from there, but you should not leave them disabled until it is fixed of course. I do try other products but I never managed stay with them. No, I'm not going to call you crazy, I am all for constructive criticism as I like to give that myself. If you feel that ESET is slower for you than other products than I will not say against it, my point is saying ESET is slow and then change product will not solve anything, which is why I think that users (of any product) should consider to work together with the vendor to solve the problems out. I like to do that anyway. As it won't get fixed if no one else reports about similar problems, or if the vendor can't reproduce the issue in-house. Even if AV-Test would show more positive results next month(won't happen) it doesn't automatically mean that your performance issue with the product is solved, so you would likely feel the same when you decide to try it out again. Yeah maybe, I don't know if ESET see this as problem or not. No I don't believe AV-Test have anything against ESET, perhaps AV-Test have something in their test that the ESET engine scans more throughly so it takes a bit longer to finish compared to the rest. I know of at least one Magazine that used the AV-Test performance results for a article and they pointed out the "burden it places on system resources" as you can see in the screenshot posted by a member: https://forum.eset.com/topic/3673-av-test-sep-oct-2014-windows-8/?p=21369 .....In this case one can't say all publicity is good publicity. But as I said in the thread the article does not lie as they only mention exactly what the results were, but it might results in that the Mag readers that currently use ESET (or thought about trying ESET) moves on to another product even if they don't have performance problems with ESET like the test results show. "XXX is faster according to the test let's try it out instead" That's an interesting idea, but I don't believe the uninstall survey results are public but used in-house only. Though I guess you can ask to see if they can share some of that data publicly or not. Personally, I always use the Arnold Schwarzenegger "I'll be back" checkbox when I uninstall.
I use Smart Mode too, but I don't have logging enabled because I don't have any issues at the moment(I have never had issues due to the HIPS). Logging should only be enabled for troubleshooting purposes e.g if you have problems with some apps for example that you believe is blocked by the HIPS. That you see blocks is normal and nothing to worry about UNLESS you are having issues due to the blocks that you see. If everything is working as it should then you don't need to worry about the blocks and have logging enabled. Logging should not be enabled for long periods as the log can grow very quickly in size to several hundred MB of data. Learning mode is not going to block anything but create allow rules. IMO, unless you are having issues while using the default Automatic or Smart mode, you shouldn't need to use learning mode at all. If you in the future will have problems with some app not working correctly, then you can switch HIPS to learning mode launch the app and use it for a while so all necessary rules will be created automatically, after that exit learning mode to see if the app works correctly.
