HIPS and Filtered Website question

Discussion in 'ESET NOD32 Antivirus' started by reevesloh, Feb 24, 2013.

Thread Status:
Not open for further replies.
  1. reevesloh

    reevesloh Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    160
    I using Nod 32 6.08 and i check the log files at Hips and filtered and i found out it blank even i been using it about a month??It is normal?
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Afaik Yes it's normal, unless you enabled "log all blocked operations" in the advanced HIPS settings. And you should only enable that incase of troubleshooting, or the log file may grow in size quickly.

    FYI I have used ESS V5 1 and ½ year and my HIPS log is empty too :thumb:
     
  3. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    If you don't mind, may I ask what mode you are using for the HIPS (and Personal Firewall)? I tried interactive mode, as some users have suggested, but I find it too chatty.

    Thanks.
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    No problem :)

    I use the HIPS in the default Automatic mode wich includes rules that has been pre-set by ESET developers.
    Though even if Automatic-mode only protect the most vital parts, it's fine by me as I am not a high risk user, plus the HIPS is the last layer of defense, and threats is in many cases stopped before they even can get in. :thumb:

    But as you may know you can use learning-mode for a while so HIPS rules is created automatically, and you can also create rules manually.

    As for the Firewall, first I user Interactive-mode and when I know that rules has been created for the applications that I use most I change the FW mode to Policy-based mode. And in that mode connections will be denied unless there is a FW rule in place wich I allowed while I used Interactive-mode.
    For example I don't have an allow rule for stuff like Adobe Flash, instead when there is an update available I change the FW mode to interactive click allow connection and when done I change back to policy-based mode, very simple.

    BTW here you can read a bit about the HIPS incase it may answer some questions you may have:http://kb.eset.com/esetkb/index?page=content&id=SOLN2908&viewlocale=en_US

    And if you scroll down a bit in this article you can read about the different Firewall modes (it's a V5 article though):http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1361884261460

    HTH SweX :)
     
Thread Status:
Not open for further replies.