Jump to content

cutting_edgetech

ESET Insiders
  • Content Count

    283
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by cutting_edgetech

  1. I think you misunderstand my request. I'm requesting an option to log all dropped/blocked packets per application that violates any packet filter rule that comes preset with ESS. Many rules come by default. I don't want to just log blocked packets for a rule I have created. The only option currently is to log all traffic for an application. Logging allowed traffic consumes the log file, and makes it hard to find what I'm looking for. It probably also makes ESS a little heavier on the system.
  2. Thank you for your help Macros! Honestly the IDS logging is more important to me than logging dropped packets for a specific application. It was something I was wanting to enable for a long period of time, and I wanted to log all dropped packet for the application instead of for just one rule.
  3. I did enable the logging for the HIPS recently. I just didn't expect to see anything in the log file without receiving a single prompt from the HIPS. Eset's HIPS behaves more like a policy based AE to me. Thank you!
  4. I have all these strange entries in my HIPS log, and I have never seen these before until recently. I'm using Smart Mode, and I have not created any custom rules. I also have never received any prompts from the HIPS despite having all these entries in the log file. Should the HIPS be silently blocking all these events? Is this something I should be concerned about? I copied a few of them below. I attached the rest of the log with this post. The forum software said there were too many to paste them all below. I'm using Windows 7X64 Ultimate SP1. C:\Windows\System32\svchost.exe Get ac
  5. If I want to enable logging for a specific application, and only log blocked packets then is that possible? I only saw the option to log allowed, and blocked packets.
  6. Thank you! I was hoping detected attacks would be logged. I used the trouble shooting log before, and it logs everything. It's really only good for trouble shooting to me. If I had an allow rule for an application, and the application still could not access the internet then I would turn that on if the logging for the application did not show anything blocking it. Edited 4/17 @6:41
  7. Regardless of my router I would still like to get an answer for my last question. It is good to know if any preset rules allowing these services come by default that will allow these services in automatic mode.
  8. Are there any preset rules created by Eset which come by default that would allow any of the allowed services in automatic mode? I'm just wanting to make sure no such rules come with ESS by default. If i'm understanding you correctly then the user would have to create a filter rule in all cases to allow any of the allowed services in automatic mode.
  9. Your first response to my question was, "ESET firewall doesn't prompt the user unless interactive mode is used or a rule asking for an action is applied." It sounded to me like you was saying that automatic mode would allow any of the enabled services in Eset's firewall without prompting the user. I still currently have no use for almost all of those services so I will leave them disabled on my machine. Also, allow incoming connections to admin shares in SMB protocol does not say it is in the trusted zone. Is this service referring to any remote connection?
  10. I strongly disagree. There are known attack vectors for SMB protocol. Do a google search, and you will find multiple articles about SMB flaws/vulnerabilities that were published in the past 2 days. Also why on earth would a home user need to allow remote registry service? Allowing all those services without prompting the user creates a much larger attack surface. Eset should never allow all those services without prompting the user, and that is exactly what they are doing since interactive mode is not ESS's default settings. Are you saying that ESS firewall will prompt the user in interactive
  11. If something triggers Eset's intrusion Detection does Eset log it in the firewall log by default? I don't see any option to enable logging for Intrusion Detection which is listed in the IDS Advanced Settings.
  12. Does Eset prompt the user if someone attempts to access their computer using one of the allowed services in the IDS, and advanced settings if the service is configured to allow? So if the service is configured to allow in the IDS, and advanced settings will it allow the service without prompting the user? They were all ticked by default, but I unticked almost all of them after discovering them. I think very few home users would need hardly any of them.
  13. I just ran into the exact same problem the starter of this thread did with ESS 8 on Windows 7X64. I had just switched my Network type from Home Network to Public Network hoping it would increase my security even though I'm on a Home Network. It caused the exact same problem with the exact same entries in Eset's Log that is described in the first post of this thread. I lost complete internet connectivity. I thought I would mention that here in case it helped others that may run into the same problem. Switching the Network type back to Home Network fixed the problem. ESS will not allow my router
  14. I think I may know why the sample kept failing. I did not try to send it in an archive since it was a false positive. I will try again.
  15. I was unable to send a sample file for a false positive within Eset Smart Security. It kept saying unable to send sample. I had to report the false positive by email instead, but my email will not allow me to send .exe files. I tried renaming the file extension, but was unable to. I'm running short on time so I don't have time to keep trying.They will just have to download Hitman Pro Alert from the link I provided of their website. hxxp://www.surfright.nl/en/alert
  16. It's already there. Just click on "configure HIPS" and you'll get a huge rules editor where you can add very specific rules. HIPSOptions_ConfigureMarked.pngHIPSRulesEditor.png Thank you! I had already looked at that, and overlooked the tab for the source application. I just hope they continue to add more options on what to monitor like physical memory access, remote code, remote data modification, use DNS API, keyboard access, etc.. Yes, that's expected. But nobody forces you to use the interactive mode. And if you create some rules (e.g. with the learning mode like you did) then yo
  17. Rug, I can't get this forum to allow me to multiquote you to specifically address each one of your responses. I'm not sure why. I just tried multiple time, and lost my post for all my trouble. I'm so tired of loosing my post on this forum. I multiquote on other forums all the time without any problems. If someone could tell me how I would appreciate it. The multipquote button is not working. It's like it is not giving me the option since you already multiquoted me.
  18. The HIPS needs to be made more configurable. I think the user should be able to select their applications from a list, and choose what permissions their applications have. Also make better use of white listing for harmless system executions. I tried using interactive, and policy based mode. Interactive mode is unusable without better whitelisting. I was prompted to death. I could no use my computer for anything due to answering prompts the entire time I was on my computer. I used my computer in learning mode while running all my applications, and booting in learning mode several times. I then
  19. Sorry guys. I just lost my post, and I don't have time to write it again. I will have to update you another day. It's just not my day I guess.
  20. I went ahead, and opened a case with Eset. Maybe my logs will make them discover something that will improve NOD 32.
  21. I rolled my computer back all three times using Shadow Protect to an image before I ever had the problem. I already rolled my computer back again. I will not need the uninstall tool because the regular uninstaller will work now since I rolled my computer back. Should I uninstall, and reinstall NOD 32 now that I have already rolled my computer back? I am no longer having the problem after rolling my computer back. I collected everything I could for Eset to diagnois the problem before rolling my computer back.
×
×
  • Create New...