Wolf Igmc4 6 Posted September 4, 2017 Share Posted September 4, 2017 Eset could add folder protection too. Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted September 5, 2017 Share Posted September 5, 2017 You don't know to allow or block the connection When the IDS system alerts you for an internet connection. Can we have this ability to trace the IP with Eset? I mean Eset design an option to trace the IP and show me the IP location and the isp. Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted September 5, 2017 Share Posted September 5, 2017 On 7/28/2017 at 1:01 AM, JoMos said: Description: Firewall rules cleanup of unnecessary / invalid entries Good suggestion, same for the Hips rules list. Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted September 7, 2017 Share Posted September 7, 2017 (edited) Eset needs to update the Hips module and make it work like this: If a command wants to run via the cmd then Hips(in interactive mode)must show that command line for the user. I mean not only show an access alert for the cmd also show the command itself and let the user see the command and then ask to allow or block it. Also, provide an option to add our safe command lines to the Hips rules. Im sorry for my bad English but I guess you know what I mean. Edited September 7, 2017 by persian-boy Wolf Igmc4 1 Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted September 20, 2017 Share Posted September 20, 2017 Whats up? Can we have this feature?or should I rely on my Rehips for cmd? I'm happy because no one cares about this hips Wolf Igmc4 1 Quote Link to comment Share on other sites More sharing options...
Wolf Igmc4 6 Posted September 23, 2017 Share Posted September 23, 2017 An option to block individually notifications of a particular threat. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted September 23, 2017 Administrators Share Posted September 23, 2017 6 hours ago, Wolf Igmc4 said: An option to block individually notifications of a particular threat. You can exclude potentially unwanted and unsafe applications from detection by name. Quote Link to comment Share on other sites More sharing options...
Wolf Igmc4 6 Posted September 23, 2017 Share Posted September 23, 2017 19 minutes ago, Marcos said: You can exclude potentially unwanted and unsafe applications from detection by name. No, for example: A threat has been detected (MSIL/blabla) when X tried to access X. I just want to block the popup of the specific ´MSIL/blabla´. If for example another threat is detected (for example, MSIL/Blabla25) is detected, it´s popup will appear. I don´t know if you understand me :/ Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted September 24, 2017 Share Posted September 24, 2017 On 9/6/2017 at 8:05 PM, persian-boy said: show that command line Can we have this feature in the upcoming version? plsssss -.- This is very important because I cant blindly allow a command line :| Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 24, 2017 Share Posted September 24, 2017 4 hours ago, persian-boy said: Can we have this feature in the upcoming version? plsssss -.- This is very important because I cant blindly allow a command line :| In the example of lets say a command shell executing powershell, cmd.exe starts up conhost.exe. Conhost.exe is the process that actually starts up powershell.exe. So creating a HIPS rule to monitor what conhost.exe starts up will give you the information your seeking. Quote Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted September 25, 2017 Most Valued Members Share Posted September 25, 2017 Could we have an ignore once options for Potentially unwanted applications? Often I will instal stuff that might contain extras e.g. in the installer and Eset will pop up and let me know I'm instaling a potentially unwanted application. I've noticed that Malwarebytes has an option to ignore it once e.g. you want to test it but might remove it fully later. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted September 25, 2017 Administrators Share Posted September 25, 2017 38 minutes ago, peteyt said: Could we have an ignore once options for Potentially unwanted applications? Often I will instal stuff that might contain extras e.g. in the installer and Eset will pop up and let me know I'm instaling a potentially unwanted application. I've noticed that Malwarebytes has an option to ignore it once e.g. you want to test it but might remove it fully later. Unfold advanced options in the yellow alert window, check "Exclude from detection" and click "No action". Quote Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted September 25, 2017 Most Valued Members Share Posted September 25, 2017 1 hour ago, Marcos said: Unfold advanced options in the yellow alert window, check "Exclude from detection" and click "No action". I do not see no action when installing a Potentially unwanted application - I think no action appears after a scan. After pressing ignore I get a windows access the specific file. I either have to exclude it which would exclude it for good I presume or disable the protection temporarily. Malwarebytes comes up with ignore or ignore once which is helpful. Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted September 27, 2017 Share Posted September 27, 2017 Hi, Itman Hips In interactive will alert about conhost by default. But that's not what I want...if you noticed that new voodoo shield can monitor commands I mean smth like that! Your way doesn't work for me. Eset pls add this feature and also sorting the hips rules list by directory and a purge button for not existing rules in hips rules to your Todo list. Quote Link to comment Share on other sites More sharing options...
ESET Insiders SM03 16 Posted September 27, 2017 ESET Insiders Share Posted September 27, 2017 when will the full n final v11 release? Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted September 30, 2017 Share Posted September 30, 2017 Can ESET force the Hips to work like an Anti-EXE? I tired a lot of sample with Hips in interactive but because the Exe file could run the final system status is infected...the problem is hips won't react in execution. Even with Hips in interactive mode, the process will run(if Eset fails to detect it by sig or whatever it has)and it will remain in the process but can't do anything malicious because hips alert you. Would be good if we let this hips jump on Executable files Wolf Igmc4 1 Quote Link to comment Share on other sites More sharing options...
Wolf Igmc4 6 Posted September 30, 2017 Share Posted September 30, 2017 You can add a vulnerability detection module, and something like the USB vacinne of Panda. persian-boy 1 Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 30, 2017 Share Posted September 30, 2017 (edited) 5 hours ago, persian-boy said: Can ESET force the Hips to work like an Anti-EXE? I tired a lot of sample with Hips in interactive but because the Exe file could run the final system status is infected...the problem is hips won't react in execution. Even with Hips in interactive mode, the process will run(if Eset fails to detect it by sig or whatever it has)and it will remain in the process but can't do anything malicious because hips alert you. Would be good if we let this hips jump on Executable files You will need to show an example of an .exe that Eset HIPS did not detect running in Interactive mode. The only way I know that could occur is if you inadvertently created an allow rule while running in Training mode or by manual creation. One possibility for example is that an allow rule was created for a process to start another process. If the allow rule did not specifically state what process start up was allowed, then Eset will allow any child process startup from the parent process. Edited September 30, 2017 by itman persian-boy 1 Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 1, 2017 Share Posted October 1, 2017 (edited) You are right sorry my bad :-) I had allowed rule for EXPLORER.exe that's why it didn't react I just tweaked the rules manually and everything working nicely. I trained the Hips in learning mode for 3 days and after that removed, every rule that I thought its dangers but forgot to tweak the rules for EXPLORER.exe Thanks To Eset for this hips module:D Still waiting to see the new features like a purge button for HIPS list and sorting the rules based on the directory. Edited October 1, 2017 by persian-boy Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 6, 2017 Share Posted October 6, 2017 (edited) What about a sandbox? I guess it is much important than Anti-Theft I'm still waiting to see a purge button for not existing Rules in both Hips and firewall. Also showing the command line when Hips alert for cmd!and provide a way to submit the FP from the Gui, not email :| Also an option to let us sort the rules based on the directory. Edited October 6, 2017 by persian-boy Wolf Igmc4 1 Quote Link to comment Share on other sites More sharing options...
Wolf Igmc4 6 Posted October 6, 2017 Share Posted October 6, 2017 17 minutes ago, persian-boy said: What about a sandbox? I guess it is much important than Anti-Theft I'm still waiting to see a purge button for not existing Rules in both Hips and firewall. Also showing the command line when Hips alert for cmd!and provide a way to submit the FP from the Gui, not email :| Also an option to let us sort the rules based on the directory. ESET have sandbox, but we just can't access it. But I agree with you, I want to manage apps in a sandbox. persian-boy 1 Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 6, 2017 Share Posted October 6, 2017 (edited) That sandbox is diffrent.. it can analyze the malware but I mean smth like Sandboxie :| Edited October 6, 2017 by persian-boy Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 8, 2017 Share Posted October 8, 2017 On 10/1/2017 at 8:21 AM, persian-boy said: You are right sorry my bad :-) I had allowed rule for EXPLORER.exe that's why it didn't react I just tweaked the rules manually and everything working nicely. I trained the Hips in learning mode for 3 days and after that removed, every rule that I thought its dangers but forgot to tweak the rules for EXPLORER.exe Thanks To Eset for this hips module:D Still waiting to see the new features like a purge button for HIPS list and sorting the rules based on the directory. I thought I fixed it... but the same issue exists. Example: Dw farbar recovery scan tool and run it!then you will see Hips won't alert for execution. Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted October 8, 2017 Share Posted October 8, 2017 57 minutes ago, persian-boy said: Example: Dw farbar recovery scan tool and run it!then you will see Hips won't alert for execution. I have run Farbar in the past and Eset HIPS in Auto or Safe mode will not alert because its a safe app. Are you saying that the HIPS in Interactive or Policy mode is not throwing an alert at Farber startup time? persian-boy 1 Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 8, 2017 Share Posted October 8, 2017 No, I'm running it in interactive mode and it won't alert for EXE file but I found(just 20 min ago) how to make it work. I will create an article and gonna learn smth cool:D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.