stackz
-
Posts
408 -
Joined
-
Last visited
-
Days Won
19
Posts posted by stackz
-
-
9 hours ago, Marcos said:
Couldn't it be that you have a custom rule for hosts created that would override asking you about an action?
I have no rule for the hosts file, furthermore I've just tested with a complete fresh uninstall/reinstall of EIS and Smart mode still doesn't trigger for writes to the hosts file.
If I create a rule for write access to the hosts file then this is being successfully triggered.
How can I troubleshoot the issues I'm having with HIPS?Win 7x64, EIS 11.0.159.0
-
13 minutes ago, Marcos said:
What tool did you use to test direct disk access?
HDHacker
Marcos, what product and HIPS module were you using when you tested writing to the hosts file?
-
HIPS support module: 1309
Smart modeDirect access to disk rules are not triggered. All access attempts are allowed.
-
Win 7x64
HIPS support module: 1309 (20171229)
Smart mode isn't triggering any alert for hosts file tampering. I made a temporary rule for the hosts file and this was successfully triggered.
How can I go about troubleshooting why smart mode isn't triggering any alert?
-
1 hour ago, John Alex said:
Just out of curiosity , any of you ever got an alert from HIPS in Smart mode?
Modifying the hosts file used to trigger an alert, but I just tested this again and the HIPS didn't alert.
-
4 hours ago, Hydro said:
However, when choosing "Create rule and remember permanently" -> "Deny", the application is still able to access the internet! A valid Deny rule will be created, but it is ignored the first time! Subsequent connections are refused, as expected.
I am able to reproduce this behaviour in interactive mode.
Win7x64
EIS 11.0.159.0
Firewall module 1372 (20171027)
-
8 hours ago, itman said:
One issue I have in regards to the cmd.exe is that there is no way to restrict what .bat files it can execute. A "target" in a HIPS rule has to be an application - period. This could be accomplished if the HIPS provided a read restriction in the Files section. I really don't know why read restriction capability was never added. Every other HIPS I have used in the past had the capability.
Having read restriction capability in the files section is a feature I suggested long ago. Hopefully ESET will finally see the merits of this.
-
Go into Advanced setup -> Update -> Profiles -> Update Mode.
See if you have "Ask before downloading update" enabled.
Set to disable if you don't want prompts. -
The live grid outages are just a ploy to get more traffic at this forum.
-
5 hours ago, Liz@rd said:
If I uninstall and install another version will I be charged? I paid for V9.
No you won't be charged. As long as your license is current you can upgrade to a newer release.
-
Win7x64
v10.1.219 : no reg run key
v10.1.230, v11 : reg run key, HKLM - C:\Program Files\ESET\ESET Security\ecmd.exe /launch /hide -
1 hour ago, Marcos said:
As of v10 this should not be present in the run registry key at all as egui is started by ekrn.
Marcos, refer to your reply regarding version 10.1.230.0 and egui starting via ecmd:
-
1 hour ago, tuanton said:
I am running free version of Malwarebytes and I do use ESET BPP so presume I take it out ?
No, keep using ESET BPP. There's no problem running Malwarebytes free version and ESET.
-
19 minutes ago, Marcos said:
Please provide more details as I have no clue what kind of logon you mean.
Win7x64 using v 10.1.230.0
When I boot the computer and log into my account, a command window flashes on the monitor seemingly as EGUI loads.
Rolled back to 10.1.219.0 and no more cmd window at logon.
-
On 9/15/2017 at 6:07 PM, Marcos said:
Anyone having issues with web access and email protection, download and install the latest not yet released version 10.1.230 from https://www.dropbox.com/sh/4tsiifvxzviym8z/AAB4VjY71XE9pzq6woz7Ch1ua?dl=0.
What's with the command window that flashes on the screen when logging on?
-
See if this is just a cosmetic bug.
Next time it happens, hold down the Shift key and then click on the 'x' in the GUI upper right hand corner.
Close down Egui and then relaunch it. If the issue is cosmetic then you should no longer see any activity in the update pane.
-
AFAIK it is fixed in the internal build 10.2.xxx
-
The reason you get the HIPS alert must be that neither Waterfox or Synchredible are digitally signed and are making a call to delete the AutoConfigURL entry.
The only thing you can do if you don't want the alert is to make a specific rule to allow 'Delete from registry' for AutoConfigURL.
-
Changelog
10.0.390.0
- Fixes internal bugs
Most informative
-
Thus, ESET, how to do responsible disclosure of highest severity bugs? Public or private? In this case I would suggest private.
I did it via private message as I thought this to be the most ethical way.
-
Just go to Setup - Import/Export settings.
-
Did you try running the command: ecmd /registeravsoft and then rebooting?
-
Most likely there's an issue unrelated to ESET with registration to WSC. Does running "ecmd.exe /registerav" from the command prompt run from the ESET install folder as an administrator ? If it doesn't help, try running "ecmd.exe /registeravsoft" and restart the computer. If that doesn't help either, we'll need a log from Process monitor from the time when you run "ecmd.exe /registerav".
I'm sorry, can you give me more details on how to do that, please?
Right click Command Prompt and Run as administrator.
At the prompt enter:
cd "%ProgramFiles%\ESET\ESET Internet Security"
Adjust the above command if EIS is installed to a different directory.
Once the prompt is at the installation directory, enter the commands given:
"ecmd /registerav" or "ecmd /registeravsoft"
-
Have you tried following the instructions here?
Major HIPS Issue
in ESET Internet Security & ESET Smart Security Premium
Posted
Does anyone have any ideas? I submitted a support request to ESET customer service but so far this has been met with deafening silence.