HIPS tests results w/ Comodo Leaktest...

Discussion in 'ESET NOD32 Antivirus' started by sweater, Oct 6, 2011.

Thread Status:
Not open for further replies.
  1. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I was worried as when I run the CLT test with HIPS in the default Automatic Mode with rules the test result is very disappointing. I couldn't believe it that NOD32 HIPS didn't even reacts, and I was wondering what it really protects in this default mode. I thought at first that it really does protects system registry and other system's files but it doesn't.
     

    Attached Files:

  2. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Even if in the auto mode HIPS it scored very low, when I changed the HIPS into Interactive Mode...results are very different. I was bombarded with lots of pop-ups and of course I deny everything. It scored high, but the drawback was that it needs more close inspections on what the pop-ups tells us.

    Of course the Policy Mode has the same results with Interactive Mode.

    Here's the results in the Interactive Mode:
     

    Attached Files:

  3. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    You can add your own test/s with other HIPS testing available that you can find and posts it here.

    Maybe, more opinions if there's any...:rolleyes: .. bout NOD32 v5 HIPS protection capabilities.
     
  4. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    Gee, if HIPS is so bad in automatic mode it is..... :thumbd: it didnt add very much protection

    thanks for the information
     
  5. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    COMODO Leaktests v.1.1.0.3 ESS 5.0.93.0(5.0.94.0)

    Interactive Mode:HIPS, Fiwewall
    Windows Vista Ultimate SP2 64 bit


    HIPS support module: 1027P (20110914)
    HIPS support module: 1026


    Operations:
    Install global hook – Refers to calling the SetWindowsHookEx function from the MSDN library
    100% does not work.
    Intercept events from another application – o_O

    Automatic mode:
    HKEY_CURRENT_USER\*
    HKEY_CURRENT_USER\Software\*
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\*

    C:\Users\VITALIKEAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\virus.ink
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\virus.ink
    no control
    :)
     

    Attached Files:

    Last edited: Oct 6, 2011
  6. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Hello,

    Interactive Mode (HIPS NOD32): 320/340.

    Vulnerabilities:
    RootkitInstallation: ChangeDrvPath
    Injection: KnownDlls

    Automatic Mode:
    180/340
    150/340 (with Look 'n' Stop disabled)
     
    Last edited: Oct 7, 2011
  7. master131

    master131 Registered Member

    Joined:
    Oct 7, 2011
    Posts:
    1
    Currently running Windows 7 SP1 Ultimate x86. Tested ESET Smart Security 5.0.94 with Comodo's Leaktest tool and here are my results:

    Firewall (Automatic) & HIPS (Automatic):
    130/340

    Vulnerabilities:
    Too many to list.

    Firewall (Automatic) & HIPS (Interactive):
    270/340

    Vulnerabilities:
    RootkitInstallation: ChangeDrvPath
    Invasion: FileDrop
    Injection: KnownDlls
    InfoSend: DNS Test
    Impersonation: Coat
    Impersonation: BITS
    Hijacking: ChangeDebuggerPath

    Firewall (Interactive) & HIPS (Automatic):
    140/340.

    Vulnerabilities:
    Too many to list.

    Firewall (Interactive) & HIPS (Interactive):
    280/340

    Vulnerabilities:
    RootkitInstallation: ChangeDrvPath
    Invasion: FileDrop
    Injection: KnownDlls
    Impersonation: Coat
    Impersonation: BITS
    Hijacking: ChangeDebuggerPath

    As you can see, there is a significant difference when you enable Interactive HIPS filtering (although it's quite annoying with all those popups). But this also raises a concern for those who have their Firewall and HIPS settings set to Automatic which is the default...
     
    Last edited: Oct 7, 2011
  8. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    At first I was guessing that there are some improvements in the NOD32 HIPS when they released v5.0.94.0 but there's none. :mad: :(

    I was just hoping Eset also uses this test, and the many HIPS testing out there for the improvement in protecting systems files, registry, etc...just to be more safer surfing the web using the HIPS default automatic mode. You know, beginners would think they'd be safe with the recommended default auto mode but it's just a big illusion. Interactive mode offers a more better tangible protection (still many vulnerabilities) but it takes some technicalities to understand what it says. :blink:
     
  9. lucijamtrv91

    lucijamtrv91 Registered Member

    Joined:
    Sep 14, 2011
    Posts:
    37
    no way than NOD 32 pass this test for the moment....
    you can pass whit only comodo firewall safe mode defence+ safe mode 340/340...ESET must do something...
     
  10. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    No Eset moderator to defend HIPS automatic mode......? o_O :doubt:
     
  11. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
  12. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I don trust anything automatic as far as software. Interactive active is the safest bet in most cases of a user that generally has a mind set of deny.I think folks are better off learning mode for a short time then switch over to interactive.
     
  13. gugarci

    gugarci Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    288
    Location:
    Jersey
    Good to know how effective HIPS works in automatic mode. Unfortunately since my desktop with HIPS in automatic mode is used by the entire family the change to interactive mode is not going to happen.

    But this same fairly new desktop which has only used Eset starting with V4 has never been infected with any nasties, knocking on wood, yet in over a year using ESET with no HIPS.
     
  14. troy1987

    troy1987 Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    22
    HIPS is bad
     
  15. Sacles

    Sacles Registered Member

    Joined:
    Dec 8, 2004
    Posts:
    372
    Location:
    Belgique
    Hello,

    320/340 it's bad?

    Do not forget also that these tests are made by Comodo for Comodo. In these conditions 320/340 is a good score.
     
  16. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    Yes it is, especially after going to the "Emergency Room" (E.R.) for swollen fingers, or worst simply after using Eset HIPS in interactive mode. :(.


    Thanks.
     
Thread Status:
Not open for further replies.