Jump to content
Network communication blocked after upgrade to macOS 15 (Sequoia) ×

Future changes to ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium and ESET Ultimate Security

Aryeh Goretsky
 Share

Recommended Posts

persian-boy

persian-boy 22

Posted
Posted

 You don't know to allow or block the connection When the IDS system alerts you for an internet connection.
Can we have this ability to trace the IP with Eset?
I mean Eset design an option to trace the IP and show me the IP location and the isp.

 

Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted (edited)

Eset needs to update the Hips module and make it work like this:
If a command wants to run via the cmd then Hips(in interactive mode)must show that command line for the user.
I mean not only show an access alert for the cmd also show the command itself and let the user see the command and then ask to allow or block it.
Also, provide an option to add our safe command lines to the Hips rules.
Im sorry for my bad English but I guess you know what I mean.
 

Edited by persian-boy
Link to comment
Share on other sites
  • 2 weeks later...
  • Administrators
Marcos

Marcos 5,259

Posted
  • Administrators
Posted
6 hours ago, Wolf Igmc4 said:

An option to block individually notifications of a particular threat.

You can exclude potentially unwanted and unsafe applications from detection by name.

Link to comment
Share on other sites
Wolf Igmc4

Wolf Igmc4 6

Posted
Posted
19 minutes ago, Marcos said:

You can exclude potentially unwanted and unsafe applications from detection by name.

No, for example: A threat has been detected (MSIL/blabla) when X tried to access X.

I just want to block the popup of the specific ´MSIL/blabla´.

If for example another threat is detected (for example, MSIL/Blabla25) is detected, it´s popup will appear.

 

I don´t know if you understand me :/

Link to comment
Share on other sites
itman

itman 1,746

Posted
Posted
4 hours ago, persian-boy said:

Can we have this feature in the upcoming version? plsssss -.-
This is very important because I cant blindly allow a command line :|
 

In the example of lets say a command shell executing powershell, cmd.exe starts up conhost.exe. Conhost.exe is the process that actually starts up powershell.exe. So creating a HIPS rule to monitor what conhost.exe starts up will give you the information your seeking. 

Link to comment
Share on other sites
  • Most Valued Members
peteyt

peteyt 396

Posted
  • Most Valued Members
Posted

Could we have an ignore once options for Potentially unwanted applications? Often I will instal stuff that might contain extras e.g. in the installer and Eset will pop up and let me know I'm instaling a potentially unwanted application. I've noticed that Malwarebytes has an option to ignore it once e.g. you want to test it but might remove it fully later.  

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,259

Posted
  • Administrators
Posted
38 minutes ago, peteyt said:

Could we have an ignore once options for Potentially unwanted applications? Often I will instal stuff that might contain extras e.g. in the installer and Eset will pop up and let me know I'm instaling a potentially unwanted application. I've noticed that Malwarebytes has an option to ignore it once e.g. you want to test it but might remove it fully later.  

Unfold advanced options in the yellow alert window, check "Exclude from detection" and click "No action".

Link to comment
Share on other sites
  • Most Valued Members
peteyt

peteyt 396

Posted
  • Most Valued Members
Posted
1 hour ago, Marcos said:

Unfold advanced options in the yellow alert window, check "Exclude from detection" and click "No action".

I do not see no action when installing a Potentially unwanted application - I think no action appears after a scan. After pressing ignore I get a windows access the specific file. I either have to exclude it  which would exclude it for good I presume or disable the protection temporarily. Malwarebytes comes up with ignore or ignore once which is helpful.

Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted

Hi, Itman Hips In interactive will alert about conhost by default.
But that's not what I want...if you noticed that new voodoo shield can monitor commands I mean smth like that!
Your way doesn't work for me.

Eset pls add this feature and also sorting the hips rules list by directory and a purge button for not existing rules in hips rules to your Todo list.
 

 

Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted

Can ESET force the Hips to work like an Anti-EXE? I tired a lot of sample with Hips in interactive but because the Exe file could run the final system status is infected...the problem is hips won't react in execution.
Even with Hips in interactive mode, the process will run(if Eset fails to detect it by sig or whatever it has)and it will remain in the process but can't do anything malicious because hips alert you.
Would be good if we let this hips jump on Executable files :)
 

Link to comment
Share on other sites
itman

itman 1,746

Posted
Posted (edited)
5 hours ago, persian-boy said:

Can ESET force the Hips to work like an Anti-EXE? I tired a lot of sample with Hips in interactive but because the Exe file could run the final system status is infected...the problem is hips won't react in execution.
Even with Hips in interactive mode, the process will run(if Eset fails to detect it by sig or whatever it has)and it will remain in the process but can't do anything malicious because hips alert you.
Would be good if we let this hips jump on Executable files :)
 

You will need to show an example of an .exe that Eset HIPS did not detect running in Interactive mode. The only way I know that could occur is if you inadvertently created an allow rule while running in Training mode or by manual creation. 

One possibility for example is that an allow rule was created for a process to start another process. If the allow rule did not specifically state what process start up was allowed, then Eset will allow any child process startup from the parent process.

Edited by itman
Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted (edited)

You are right sorry my bad :-)
I had allowed rule for EXPLORER.exe that's why it didn't react I just tweaked the rules manually and everything working nicely.
I trained the Hips in learning mode for 3 days and after that removed, every rule that I thought its dangers but forgot to tweak the rules for EXPLORER.exe
Thanks To Eset for this hips module:D
Still waiting to see the new features like a purge button for HIPS list and sorting the rules based on the directory.

Edited by persian-boy
Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted (edited)

What about a sandbox? I guess it is much important than Anti-Theft-_- I'm still waiting to see a purge button for not existing Rules in both Hips and firewall.
Also showing the command line when Hips alert for cmd!and provide a way to submit the FP from the Gui, not email :|
Also an option to let us sort the rules based on the directory.

 

Edited by persian-boy
Link to comment
Share on other sites
Wolf Igmc4

Wolf Igmc4 6

Posted
Posted
17 minutes ago, persian-boy said:

What about a sandbox? I guess it is much important than Anti-Theft-_- I'm still waiting to see a purge button for not existing Rules in both Hips and firewall.
Also showing the command line when Hips alert for cmd!and provide a way to submit the FP from the Gui, not email :|
Also an option to let us sort the rules based on the directory.

 

ESET have sandbox, but we just can't access it. But I agree with you, I want to manage apps in a sandbox.

Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted
On 10/1/2017 at 8:21 AM, persian-boy said:

You are right sorry my bad :-)
I had allowed rule for EXPLORER.exe that's why it didn't react I just tweaked the rules manually and everything working nicely.
I trained the Hips in learning mode for 3 days and after that removed, every rule that I thought its dangers but forgot to tweak the rules for EXPLORER.exe
Thanks To Eset for this hips module:D
Still waiting to see the new features like a purge button for HIPS list and sorting the rules based on the directory.

 

 

I thought I fixed it... but the same issue exists.
Example: Dw farbar recovery scan tool and run it!then you will see Hips won't alert for execution.
 

Link to comment
Share on other sites
itman

itman 1,746

Posted
Posted
57 minutes ago, persian-boy said:

Example: Dw farbar recovery scan tool and run it!then you will see Hips won't alert for execution.

I have run Farbar in the past and Eset HIPS in Auto or Safe mode will not alert because its a safe app.

Are you saying that the HIPS in Interactive or Policy mode is not throwing an alert at Farber startup time?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...