-
Posts
165 -
Joined
-
Last visited
-
Days Won
5
Everything posted by toxinon12345
-
Scheduled Scans
toxinon12345 replied to Aryeh Goretsky's topic in ESET Internet Security & ESET Smart Security Premium
Translation is ambiguous when you disable LiveGrid: "Esto puede ser muy peligroso, por lo que debe volver a habilitar la protección de inmediato" If we think of it as an implication, we should use "así que" or "por lo tanto". Thanks. -
Upgrading to Version 10
toxinon12345 replied to throwaway9's topic in ESET Internet Security & ESET Smart Security Premium
Just upgraded to v10 Internet Security and found out Default Settings are different to those of v9. Advanced heuristics on FileExecution is disabled, can someone confirm? -
AV-Comparatives: Performance test April 2016
toxinon12345 replied to Super_Spartan's topic in General Discussion
Nice to see that. -
Behavior Blocker
toxinon12345 replied to cutting_edgetech's topic in ESET Beta Products for Home Users
Advanced Memory Scanner does a dynamic DNA scan without the need of emulation. AMS is propietary technology and extends proactive longevity, reaching high (>90%) detection rates. -
Eset 10 beta new idea's
toxinon12345 replied to kakashi's topic in ESET Beta Products for Home Users
lol, sure. Then make CPU anti-dust fan protection. -
What I understood is that folders are just some type of Null-zero-byte files. So, only the First level would be affected. Speaking about registry access, keys and values are treated by different functions https://msdn.microsoft.com/en-us/library/windows/desktop/ms724875(v=vs.85).aspx Edit: another one undocumented: leaving the list for source apps in blank, and then switch between ["Specific applications" | "All applications"] makes a difference for triggering, related to overriding.
-
To avoid ambiguities, I set the double backslash because I dont want recursivity (I want only the First nested level to trigger). But that '\\' dont work for the root dir in the volume. On the other hand, I triggered a rule when c:\windows\explorer.exe was trying to delete the file in the c:\windows directory; just using the c:\windows\\ notation. So is working as expected, exception is the root volume.
-
Drivers could also be loaded at any time after boot, it should makes sense when switched to interactive or policy based mode. I, for one, cannot see any important bug in the HIPS. Also, Smart rules seem to be dynamic for each HIPS update, maybe adapting to current threat landscape. Sometimes I see some notifications stating the HIPS user rule file was sent for analysis, which suggests a community ruleset.
-
I just noticed Smart mode rules cannot be overriden also, a good thing in my opinion: I dont imagine to click Allow in a dialog just to notice after it was logged as Blocked by a explicit user rule. It would lead to confusion. EDIT: Smart mode rules can be overriden, too. I noticed that when enabled the rule notify/logging. Allowed drivers can be overriden, is explicitly written in documentation. Also some system processes are allowed access by default. (Regedit to registry keys, Explorer to write Thumbnails etc) they can be overriden also. This particular sentence... an ask rule is just that: an interactive rule, but if you manage to disable globally the GUI alerts, that would be just a matter of a !¿temporal hook.?!!! Just trying in Advanced setup > User Interface > Alerts and notifications
-
Yes, I know what you are refering to. Self-defense predefined rules are default deny rules, and they work no matter under what filtering mode you are running. They cannot be overriden (for example create a rule based on self-defense and change to default allow; it will be blocked anyway) You should understand each filtering mode as doing what they are intended to do, and rules as exceptions of what that filtering mode do. Now, between user rules the precedence is first the Block rules and just then the Allow rules I think Smart mode rules and Allowed drivers rule cannot be overriden, it is something I will evaluate.
-
v8 predefined rules are listed as user rules (allowed drivers) smart mode use some predefined rules which are hidden and intend to protect modification of services and so on. @itman, I would like to know under what filtering mode are you running the HIPS? I ask this because, there is no sense running it under a mode which doesnt correspond to the user rules.