is the hips real effective?

Discussion in 'ESET NOD32 Antivirus' started by mantra, Mar 14, 2013.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,129
    hi

    many time I wonder if the hips module is really effective


    when i installed nod32 v5 , i did a deep scan with it and malwarebyte and after i set in learn mode , i run all my program and i did perform common taks


    are there some serious tests about eset the hips with unknow malware?

    does the hips block them ?

    because i google it and on youtube there are some videos , and an hips not able to block malware

    is true , clean install -> scan -> learn mode ->Policy-based mode?

    thanks
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The role of HIPS is to protect ESET and crucial system processes from being tampered by malware, it does not prevent malware from running. Of course, you can switch to interactive mode or create a rule to prompt you before an unknown application is run which will prevent malware from running if you deny it.
     
  3. bcronin

    bcronin Registered Member

    Joined:
    Jun 24, 2004
    Posts:
    105
    Location:
    Hyde Park, NY USA
    This sounds useful. Why it is not turned on by default?
    --
    bc
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Because using interactive mode with tons of prompts would discourage probably every user from using it. I, for one, use a special rule asking me before running an application for which no rule exists yet. If I trust the application and plan to use it later, I create a rule so that I'm not prompted again.
     
  5. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,129
    Hi marcos
    well there are 4 options

    Automatic mode with rules -> nod will use the rules and if there is a program if a run -> allow

    Interactive mode -> user allow or deny

    Policy-based mode: -> nod will the use the rules outside ->deny

    which is the more secure option ? Policy-based mode


    how can i create a rule to prompt me before an unknow application is run?

    but hips with policy based mode i must block unknow malware

    and the question about unknow malware , virus

    are there tests if nod32 hips blocks them or not?
     
  6. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    Its very clear NOD32 hips is very effective although in the default option it only protect NOD32 and system files, you need to set to a more granular operation like in the Interactive mode, nod32 will bombard you with popups because the hips lacks a trusted vendor list like in comodo but it will block unknown malware.
     
  7. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,129
    hi

    may i know how can i create a rule like yours?

    i would appreciate it

    thanks
     
Thread Status:
Not open for further replies.