HIPS does not work.

Discussion in 'ESET NOD32 Antivirus' started by siljaline, Sep 13, 2011.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    V5 engine freshly installed on an XP Pro SP3 machine. This a Home build since there are no Business builds polulated on the release servers at this time. :ouch:

    Error from log files as follows:
    How does one address this issue ?
    Assuming this is a required component of the software that is not functioning.

    Under advanced set-up, HIPS is showing a red flag.
     
    Last edited: Sep 13, 2011
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Is there any additional system-level software installed on the system (other security software like antivirus, firewall, or integrity monitoring tools; backup or disk imaging programs and so forth) that could be interfering with the HIPS module's ability to start up?

    Regards,

    Aryeh Goretsky
     
  3. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Hello
    Have you performed a clean install or you install it over a previous installation?
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Hello, Aryeh

    Yes, I do run a Western Digital HDD backup, there we no previous conflicts on the 4x build. To the other query, it was not a clean install since I do not plan on sitting with this for long. There is no other software in services or MSCONFIG that I see that could be causing the issue. I have rebooted several times since I first posted this query and the issue remains.

    System Information:
    Appreciate the expedited response.
     
    Last edited: Sep 13, 2011
  5. MWarner

    MWarner Registered Member

    Joined:
    Jul 31, 2011
    Posts:
    6
    Count me in as another with the exact same error. No other software running to my knowledge.. Installed over previous v4 of Nod32.
     
  6. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    is the same message error?
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    For those of you with this problem, could you create an ESET SysInspector log and send me a PM? Thank you.

    Regards,

    Aryeh Goretsky
     
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Try a new fresh install. Uninstall the current installation, and then install again.
     
  9. MWarner

    MWarner Registered Member

    Joined:
    Jul 31, 2011
    Posts:
    6
    Did you one better. Restored my partition back to before installing v5, let everything settle, uninstalled v4, rebooted, installed v5. I didn't get a log entry about HIPS not working, but it did show a red icon in the advanced setup tree. Don't know if the red icon is supposed to be there all the time or not.

    I restored back to v4 for the time being. If no one else sends a syslog to eset, let me know and I'll go thru the process again and send one.
     
  10. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    HIPS working fine here.

    Will the "file delete " option intercept accesses in which a file is not really deleted?
     
    Last edited: Sep 13, 2011
  11. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Afaik yes it's supposed to be there ;)

    Glad to hear that you sorted it out.
     
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Since there are replies to this thread that I wish to leave for the sake of all involved. I will be rolling back to the v4 engine later today as I do not have the available downtime to run a Beta on a Business Critical machine.
     
  14. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    Sorry, but I am confused. I did, in fact, receive the same error message as the OP ("HIPS Communication with the driver failed. HIPS does not work"), but the Setup screen (under "Computer") shows HIPS as being enabled. Again, sorry if I'm being obtuse but does that mean it's working or not? o_O

    Note: FWIW, the aforementioned error appeared on two machines (two licenses, of course), both of which are running XP SP3.
     
  15. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    This makes me think that there is something going on with HIPS when it is in the default "automatic" mode. That's how it was when I got a balloon with a message that the rules were "invalid" (or language to that effect). This is not the message you got, so it's hard to be sure what is going on. I switched to interactive mode and am training HIPS. Running XP SP3. Maybe Eset will be putting out an update to the HIPS module if there is some sort of bug or bugs in it.
     
  16. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    I'm not aware of bugs in the HIPS module. What you are experiencing is a fail in the loading of the driver, which can happen when installing over the RC or more rarely disabling AMON startup.
     
  17. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Not to hijack this thread...but I do have a question that pertains to Aryeh's comment highlighted above.

    IF....someone DOES have another HIPS program installed....is there a way to "disable" the HIPS portion of NOD32? In other words, can it be turned on, and turned off....if the end user wishes/wants to?
     
  18. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yes one can disable the HIPS in the setup tree :) And turn it back ON when you wish. ;)
     
  19. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    It's a possibility, I suppose. I actually tried the interactive mode and the module seemed to work just fine.
     
  20. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    If the driver failed to load (as the message indicated), then why would the module work fine (for me, at least) when I switched to the interactive mode? Also, it seems pretty strange that the software would indicate the module is enabled after there had been a failure in the loading of the driver. o_O
     
  21. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Is enabled in the main panel? Perhaps you rebooted your computer.?
     
  22. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    It is definitely enabled in the main panel and I definitely rebooted my computer after the install. I had to reboot because I was instructed to do so. Now you've got me wondering whether that message was spurious in the sense that it was generated *before* the reboot (when a reboot was necessary for it to start in the first place).
     
  23. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    that happens sometimes when is necessary. Check the events in the log files.
     
  24. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    For those with HIPS issues, as stated already at the earlier stages of this thread: submit a SysInspector Log, HIPS, enabled, disabled, there is no panel to speak of, per se, it's the UI of the software. Since we are all in learning mode as this has just been released, some restraint in the use of unfamiliar terms that do not apply would be appreicated.
     
  25. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Hello,

    HIPS is an important development for the new version.

    I think ESET should have made an effort to explain the default setting of HIPS (Automatic mode with rules).

    Just writing "Operations are enabled, except pre-defined rules that protect your system" is clearly inadequate.

    Could someone explain clearly how the default setting of the HIPS works?
     
Thread Status:
Not open for further replies.