Jump to content

HIPS & Ransomware protection


Erik
 Share

Recommended Posts

Hello!

I doubt it has gone under anyones radar that there's a huge problem with ransom ware in the world today, and being a home user with a plenthora of private photographs
i have done my backupsbut i want to try and tighten down my PC a bit.

Doing some reading i got the suggestion to use HIPS to deny any running of executables from the %APPDATA% directory (My home directory). Is this possibly to accomplish in Windows 10 x 64 Home Edition, using NOD32 antivirus / HIPS functionality, and  if so - how?

With regards,
Erik

 

Edit: I posted the topic yesterday, and taking this t ime for a paid service to even process the thread to become publically available is seriously bad practice. I'm off to free AV's again.

Edited by Erik
Link to comment
Share on other sites

  • Administrators

Yes, it can be accomplished using HIPS. Please refer to this KB for some examples: http://support.eset.com/kb6119

Quote

I posted the topic yesterday, and taking this t ime for a paid service to even process the thread to become publically available is seriously bad practice. I'm off to free AV's again.

Access to this forum is not paid and is free to everyone. Approving the first post of a user is an effective measure how to prevent spam flooding the forum and since it was weekend, it could take some time to get your post approved.

Link to comment
Share on other sites

9 hours ago, Marcos said:

Yes, it can be accomplished using HIPS. Please refer to this KB for some examples: hxxp://support.eset.com/kb6119

Now question:

If is that simple, why we did not implement this on ESET v8 , rather than developing V10 with a dedicated antiransomware module????

Link to comment
Share on other sites

  • Administrators
55 minutes ago, MSE said:

Now question:

If is that simple, why we did not implement this on ESET v8 , rather than developing V10 with a dedicated antiransomware module????

It's like asking why we didn't implement it in NOD32 v1 and waited until v10 :) Or why Windows 10 couldn't look and work like it does since v1.

Every software is developed over time and reacts to current needs. Even cars or other things were not like they currently are at the time they were invented and things as well as software and even we humans continue to develop.

Link to comment
Share on other sites

Sorry, I may not be clear enough.

I fighting against ransomwares can be accomplished simply by creating a set of rules in HIPS, why we did not create the rules in v8 , which was a perfect version of ESET (NOD), rather than going through the pain of releasing a totally new version (v9, v10) with a dedicated antiransomware module, which , so far did not prove to be extremely efficient.

Moreover, as long as v8 is still supported , why not update automatically  HIPS with that specific set of rules, so users still using v8 would get antiransomware protection?

Link to comment
Share on other sites

  • Administrators

It's not true. HIPS rules alone would cause a lot of problems. If one wants, we have a document with hints as to what rules can be added to mitigate ransomware. However, the user must know how and what to fix if issues stemming from the rules occur.

The Anti-ransomware feature is not simply HIPS rules that have been added. It's a sophisticated system for evaluation of process behavior which is an extension of HIPS.

Adding brand new features to old versions with limited support is not a practice of software or operating system vendors.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...