HIPS - Feedback - additional information

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by scottysau, May 23, 2011.

Thread Status:
Not open for further replies.
  1. scottysau

    scottysau Registered Member

    Joined:
    May 23, 2011
    Posts:
    3
    Hello,

    I like the HIPS included in version 5 over 4 of Antivirus. However I have a number of minor niggles.

    There are no default rules included in the beta. This would be nice, however I understand it is only a beta. You cant really tell what it is doing in default automatic mode with rules as it doesnt create any. If so where.

    In interactive mode the information provided at the allow/deny authorisation box is very limited. To be blunt, zonealarm offered this information back in the early 2000 years. More information please, maybe the inclusion of the cloud based reputation information in the box would be of great help or at least further information such as that provided by the sysinternal process explorer application would be useful.

    Complete system shutdown required for HIPS to reengage in interactive mode. Im not sure about this but I think this is what happenned. I understand why but it was not explained after moving from auto mode to interactive.

    One of the greatest attributes of ESet antivirus products I like is the automatic termination of internet processes that involve viruses. I am very glad this has been retained.

    Other than that I like very much. Cant tell what has changed under the bonnet in relation to 5 over 4, so I hope automatic upgrade allowed from 4 to 5 in relation to licenses.

    If this has all been meantioned in previous forum threads sorry to repeat.

    Regards
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    The number of options for HIPS should be reduced. HIPS should only be used if there is no other way to determine if software is malware. Every time a user has to respond "allow" or "deny" increases the chances he/she will become infected.
     
  3. Aurora2me

    Aurora2me Guest

    Hello Eset
    I am a little bit concerned about the new H.I.P.S. feature in version 5 of Eset Smart Security. What concerns me is, that I do not receive any guidense when a H.I.P.S. notification appears. I am not able /unsure how to decipher the popup window. Maby some whitelisting based on reputation, digital signature, just something to lean against to support the less knowledgeable.
    H.I.P.S. is without doubt a great tool to catch Malware, where there is no known signature, but it can also lead to fustation, at least for me. Of course I can always use H.I.P.S in automatic mode, but for me it is somewhat contradictory. the purpose of H.I.P.S. is to have a kind of interaction between the user and the software interface, when is it needed, IMHO. So please Eset give some guidance to the hips notifications, Otherwise version 5 runs smoothly on my machine.
    Best Regards
     
  4. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    HIPS application control inclusion dont increases the chances of infections, because the main task of Filesystem protection is the automatic filtering/recognition of files with bad or good intentions
     
  5. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    Occasionally a bad file will slip through.
     
  6. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    In Open ESS 5/ Setup/ Computer group is your HIPS WITH a Green Check by it Blue WITH an Active "Enabled" - OR - Black & Non-Active like mine?

    All Groups in Setup that have an Enabled/Disabled indicator show a BLUE Active Enabled/Disabled EXCEPT HIPS. Makes me think something is wrong and I couldn't get this answered in another Thread. Many Thanks!
     
  7. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    @ ESET:

    Will the automatic HIPS mode be something like a behavior blocker if it is set up ready?

    Just wondering about your plans for the HIPS..
     
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Good Question :thumb:

    Considering that in the press release ESET said.....
    Now my questions are, is there any settings for this Behavior analysis technology?
    And what will the popup look like when the Behavior analysis detects something?
     
  9. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    no answers from ESET... where can i find the settings for this behaviour blocker?
     
  10. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Bump....
     
  11. gvvsss

    gvvsss Registered Member

    Joined:
    Jan 17, 2010
    Posts:
    8
    Hi, I downloaded ESS beta 5 and here are my observations about HIPS...

    HIPS needs to have groups setup. Like Trusted Applications, Blocked Application, etc. Allow or Deny rules can be set for groups and then applications can be populated in to groups respectively. This would greatly reduce the chaos and make HIPS configuration easy.

    HIPS should be brought in to Main ESET Setup Tab, should not be hidden in Advanced Setup.

    In HIPS configuration, right click on an application to allow/deny would be more easier for basic use compared to clicking on edit--selecting everything...

    We can also have protected Files/Folders configurable via HIPS settings.

    HIPS Alerts should be coloured to indicate the verdict of ESET, like RED for a dangerous operation and Green for a casual operation. It would make it easy for the users to take decision on HIPS Alert Popups.
     
Thread Status:
Not open for further replies.