cutting_edgetech

Yep, that worked. My bad.

I think I may know why the sample kept failing. I did not try to send it in an archive since it was a false positive. I will try again.

I was unable to send a sample file for a false positive within Eset Smart Security. It kept saying unable to send sample. I had to report the false positive by email instead, but my email will not allow me to send .exe files. I tried renaming the file extension, but was unable to. I'm running short on time so I don't have time to keep trying.They will just have to download Hitman Pro Alert from the link I provided of their website. hxxp://www.surfright.nl/en/alert

It's already there. Just click on "configure HIPS" and you'll get a huge rules editor where you can add very specific rules. HIPSOptions_ConfigureMarked.pngHIPSRulesEditor.png Thank you! I had already looked at that, and overlooked the tab for the source application. I just hope they continue to add more options on what to monitor like physical memory access, remote code, remote data modification, use DNS API, keyboard access, etc.. Yes, that's expected. But nobody forces you to use the interactive mode. And if you create some rules (e.g. with the learning mode like you did) then you get less prompts. That's the whole point I made though. Learning Mode did not do anything to eliminate the prompts. I used learning mode for about 1 1/2 hours, and ran all my applications while in learning mode. I also used learning mode while rebooting 3 times. I received 15 minutes of none stop prompts before I had to give up trying to use interactive mode. I actually clicked the allow button for 15 straight minutes. Interactive mode was useless on my system. That's why I say they need to use whitelisting with interactive mode to make it more usable. If a rule was correctly created then it shouldn't be blocked. If it still does then it surely wasn't created correctly or only a similar rule was created which doesn't cover the actions the application did later. For troubleshooting this we would need to know the exact application, HIPS rule(s) and more information about how you If the rules were not created correctly then it was not due to any error on my part. I used learning mode to create the rules. I did not make a list of the applications that were being blocked in policy based mode, but I do remember Tor Browser being one of them. I ran all the applications that were being blocked in learning mode multiple times. Policy Mode behaved more like an AE than a HIPS. Policy Mode would have been great if it prompted me for an action instead of blocking the application. Yes, this is expected in the policy-based mode. In this mode HIPS only applies the rules and blocks every other action. And again if you want to receive a prompt you have to use the interactive mode of course. Well, I just responded to this one above. Great, so you found the mode(s) which fit's to you. That's the sense of these modes. Use the one you like. And as you complained about the crowd of messages from interactive mode I would have recommend you the Smart mode anyway. There you have a huge "whitelist", so you will only be prompted for very suspicious actions. Smart Mode is actually not the Mode that fits me. It does not provide the leak protection I am looking for. Smart Mode is the only mode I found usable other than Automatic Mode With Rules.

Rug, I can't get this forum to allow me to multiquote you to specifically address each one of your responses. I'm not sure why. I just tried multiple time, and lost my post for all my trouble. I'm so tired of loosing my post on this forum. I multiquote on other forums all the time without any problems. If someone could tell me how I would appreciate it. The multipquote button is not working. It's like it is not giving me the option since you already multiquoted me.

The HIPS needs to be made more configurable. I think the user should be able to select their applications from a list, and choose what permissions their applications have. Also make better use of white listing for harmless system executions. I tried using interactive, and policy based mode. Interactive mode is unusable without better whitelisting. I was prompted to death. I could no use my computer for anything due to answering prompts the entire time I was on my computer. I used my computer in learning mode while running all my applications, and booting in learning mode several times. I then tried using policy-based mode, and the HIPS still blocked some of my applications even though I used those applications while in learning mode. The HIPS did not give me any option to allow them by prompt so the HIPS behaved more like an ant-executable in policy-based mode. Automatic mode with rules, and Smart Mode are the only modes that I have found useable. I have never received any prompt from either mode though so it's not like any HIPS I have ever used.

Sorry guys. I just lost my post, and I don't have time to write it again. I will have to update you another day. It's just not my day I guess.

I went ahead, and opened a case with Eset. Maybe my logs will make them discover something that will improve NOD 32.

I rolled my computer back all three times using Shadow Protect to an image before I ever had the problem. I already rolled my computer back again. I will not need the uninstall tool because the regular uninstaller will work now since I rolled my computer back. Should I uninstall, and reinstall NOD 32 now that I have already rolled my computer back? I am no longer having the problem after rolling my computer back. I collected everything I could for Eset to diagnois the problem before rolling my computer back.

Yes, I have read that article. Thank you!

I have gotten an error message that NOD 32 has failed to communicate with the kernel 3 time in the past week. I had to roll my computer back all 3 times it happened. After I received the error message NOD 32 would no longer function. It crashed over, and over again. I tried to uninstall NOD 32, but the uninstall failed each time. I want to open a support request, and send them my Sysinspector Log. Is this the correct support link? https://www.eset.com/us/support/contact/

I'm not sure I know how to create a rule for Smart Mode. I will have to take a look at it. Yes, policy mode needs cloud white listing used with it like some other HIPS do to make it usable. Eset should really considering giving the option to use whitelisting with interactive mode. They could also give the option to allow by signed certificate to further cut down on prompts. I tried policy based mode, but for some reason ESS kept blocking my other security applications during boot time. I ran ESS in learning mode when booting, but it continued to block AppGuard, and Malwarebytes-AntiExploit from loading at boot. I checked the logs, and the HIPS was blocking all kinds of different processes at boot. Also some applications like Tor Browser bundle would be blocked no matter how many times I ran them while in learning mode. I was really hoping I could use policy mode, but it did not work for me for two reasons. First it automatically blocked everything without giving me an option to allow anything; second learning mode was unable to learn some applications so they would fail no matter how many times I ran them while in learning mode. Learning mode was just unable to whitelist what was needed to allow the applications to run. I ran ESS HIPS against Comodo leak test, and it did pretty good. I tested in interactive mode, and policy based mode. I got the same results each time. It scored 300 out of 340 points. It failed the following test:ChangeDrvPath, SetWinEventHook, SetWindowsHookEx, and KnownDlls. Maybe Eset will want to further developer their HIPS. I think the most important thing is to make it more usable first though by incorporating cloud whitelisting with the HIPS.

Is there a mode that will prompt me for an action for anything not learned during learning mode without automatically blocking it?

If I run my computer for a while in learning mode for the HIPS then which mode should I switch to after I'm done using learning mode? I think it should have learned my computer pretty well during the time I used learning mode. I made sure to run all my software, and perform all the task I normally do on my computer. I tried interactive mode, but it prompted me so much I could not even use my computer. Should I switch to policy based mode instead? What I want to do is allow all the actions that were learned during the period I used learning mode, and prompt me for the rest.

I will try editing the rule for Type Acents to see if it logs it's blocked outbound request. That still does not fully answer my question as to why it is not logging anything in the Firewall log. Is there something else that needs to be enabled so the logging will work? It is not logging anything in the firewall log at all. I ran PC flanks leak test hoping it would log something, but it failed the test. Is ESS default rule set so lenient that its not blocking anything to log? Online Armor logged many ICMP destination unreachable request on my machines. What action does ESS take with ICMP destination unreachable request? Also does it log them?

I didn't try enabling log all blocked connections, and log blocked incoming worm attacks until now. I didn't have them ticked before, and ESS did not log anything then. After ticking those 2 boxes ESET at least logged something in the firewall log. Before it logged nothing.

I just found the following buried in the settings. Log all blocked connections, and log blocked incoming worm attacks. I ticked both of them. Does log all blocked connections have to be ticked before ESS firewall log will work at all? It has not been logging anything.

Eset Smart Security is not logging anything in it's firewall log, but it should at least be logging blocked events from type accents. I created a rule for outbound traffic from type accents. Type accents is constantly requesting outbound access so I chose block, and remember action. ESS should at least be logging blocked outbound request from type accents, but it is logging nothing at all. I had Online Armor installed before, and it logged many blocked request from type accents in it's log file. Does something have to be done to enable logging?

If this is intended behavior then I would like to make a recommendation. My logic is that NOD 32 should still be able to detect when a scan is in progress, and not begin another scan at the same time regardless if it's ticked in the settings. It could at least wait until the current scan is done. It just seems silly to me. I think this is something that could easily be remedied. No one wants to run 2 scans at the same time, and scan the same files. Just some food for thought.

Eset performed 2 scans at the same time. I reported this during the beta test period, but nothing was done about it. I think maybe I see why Eset is performing two scans at the same time now. During the installation I left perform scan after installation ticked. After the installation completed Eset did not begin a scan right away. I actually rebooted 2 additional times after the installation had completed. I then decided to do a custom scan of my entire C drive since Eset had not began it's scan yet. I left the scan running, and about 20 minutes later when I came back NOD 32 was conducting 2 scans at the same time. I looked to see what type of scan Eset was conducting, and the other scan said "first Scan". I assume this is the scan Eset is suppose to conduct after the installation is complete. That is fine unless the user is already conducting a complete scan of their own. Eset needs to be able to detect if the user has already started a scan so that it does not start an additional scan. I don't think anyone wants to conduct 2 scans at the same time. Especially if they are conducting a full scan of their OS drive. Please make Eset not start an additional scan if the user has already started their own scan. Its a waste of resources, and it will only slow down the other scan.

No, I don't have parental controls enabled. Thank you for your help!

Will an Eset Smart Security License work with NOD 32? I would like to use NOD 32 a while to see if there is any difference in Web pages loading slowly, or failing to finish loading.

That's not safe at all. If you exclude a browser from protocol filtering, access to websites with dangerous content won't be blocked, files downloaded via http/https won't be scanned and cloud block won't work either. Does disabling only web protection make the issue go away? What are the hardware specifications of your computer? Yes, disabling web protection fixed the problem. My hardware is the following: Intel Core i7 960 @ 3.20GHz, 8.00GB Dual-Channel DDR3 @ 534MHz, 2048MB ATI AMD Radeon HD 6900 Series (ATI), 300 GB Velociraptor 10,000 rpm. Windows 7X64 Ultimate. I'm going to use Kaspersky for a while since it is working so well for me at the moment. I have a lot of work I need to get done, and ESS 8 slows my productivity down to a crawl. I will switch back to Eset Smart Security 8 when I get caught up, and have more time to trouble shoot the problem. It will probably come down to me reporting multiple web pages that load very slowly, or fail to finish loading. Then with a little luck Eset will be able to reproduce the problem.

I have been using Kaspersky Security Suite for a a few days now, and my browsing speed has greatly increased. Pages load much faster, and I have not come across any web pages that fail to finish loading. Firefox still does occasionally freeze when switching between tabs so that particular problem seems to be a bug with Firefox. The slow loading of web pages, and failure of web pages to finish loading seems to have been caused by Eset Smart Security 8.

There you are correct! No seriously... So you have two issues: Firefox is slowing down. Pre-release updates aren't worked. About 1. Can you narrow that down to specific websites? Does the slow down goes away if you add exclude Firefox from protocol filtering? Do you have SSL scanning enabled? About 2. At first, just as a confirmation: Normal stable updates are working fine? Clear your update cache like described here and try it again. If it is still not working create a Wireshark log during you are trying to update your VSD with re-released updates and sent it to a moderator. Is there any difference in excluding FireFox from protocol filtering, and just disabling the AV protection? Does excluding the FireFox from protocol filtering disable the AV, and Firewall or just the AV? I'm likely going to have to roll my computer back tomorrow, and start using NOD 32 V7 again to see if I still have the problem then.