Why not eset self protection protect these..?

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by ashishsingh1508, Jun 13, 2011.

Thread Status:
Not open for further replies.
  1. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    Hi'
    I can easily delete files in these folders or even folders by just pressing delete. I can even delete HIPS Rules. Why don't eset self protection protect these files alsoo_O

    "C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers"
    "C:\ProgramData\ESET\ESET NOD32 Antivirus"

    In my opinion ESET should protect all files in the following folders

    "C:\Program Files\ESET\ESET NOD32 Antivirus"
    and
    "C:\ProgramData\ESET\ESET NOD32 Antivirus"

    I have to check registry entries for working of self protection.
    I think thats why malware are able to disable ESET and remove.

    Regards
    Ashish Singh *puppy*
     
  2. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Self defense is not active until the user reboot the system
     
  3. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    HIPS rules can not be removed :)
     
    Last edited: Jun 13, 2011
  4. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    Well I can delete all these files
     

    Attached Files:

  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    You can't delete anything in ProgramData without admin escalation. What exactly are you reporting?
     
  6. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    I can even delete the installer contained in it
     
  7. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    Look I am using Outpost Firewall Pro 7.5 with nod32. Whenever I try to delete any file from outpost folder it gives me an error that it can't be done because of self protection. Why don't eset protect its files from deletion?
     
  8. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    In my case i cannot delete those files because of self defense
     
  9. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    Today with ESET RC version installed from scratch I tried deleting this file
    C:\ProgramData\ESET\ESET NOD32 Antivirus\Installer

    And I could easily delete it
    Also I can delete HIPS Rules .dat as well .xml file

    is it normal ? Or these files are useless?
    NOTE: I am using ESET Nod32 Antivirus 5 RC
     
  10. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    I cannot reproduce that, eset denied me access to those files
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Have you restarted after installing the RC?
     
  12. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    Yes of course. Most of the files are protected but not all...
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Which aren't? Msi is merely the installer, it has no effect on security and deleting it won't make your computer vulnerable to malware attacks. As for the xml, I couldn't find any, be more specific please.
     
  14. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    "Msi is merely the installer, it has no effect on security".

    Why ?? It is needed for repair of eset.
    Ok leave it I can delete all the files(only outside the folders) in the following folder
    "C:\ProgramData\ESET\ESET NOD32 Antivirus"

    File names are
    EpfwUser.dat
    HipsRules.dat
    HipsRules.xml
    httpblk.dat
    local (database file)
     
  15. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    Also all files in this folder

    "C:\ProgramData\ESET\ESET NOD32 Antivirus\Stats"
    "C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon"
    "C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs"
    "C:\ProgramData\ESET\ESET NOD32 Antivirus\Stats"

    AND MOST IMPORTANT

    "C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles"

    Regards
    Ashish
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    None of the above are critical files. They are merely statistics, logs or update files that are downloaded during every update so amending them has no effect on program's functionality.
     
  17. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Hey Marcos, you are right, but seems files being critical in the %programdata% folder are HipsRules.o_O. After deleting and a restart, the manually created rules are no listed anymore in HIPS Rules Management.

    This files (HipsRules.*) seems to need Self-Defense protection.
     
    Last edited: Jun 15, 2011
  18. mbmalone

    mbmalone Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    13
    I have never seen any HipsRules.dat :gack:
     
  19. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    Maybe you can try to change your HIPS to interactive or learning mode?
     
  20. NodboN

    NodboN Registered Member

    Joined:
    Nov 3, 2007
    Posts:
    139
    I'm on 'learning mode' and there's no HipsRules.dat - instead, there's an HipsRules.bin (can't spot the HipsRules.dat in the screenshot posted above, either.)
     
Thread Status:
Not open for further replies.