itman 1,659 Posted October 28, 2017 Share Posted October 28, 2017 (edited) 5 hours ago, persian-boy said: But if I start a music(MP3) from somewhere(consider Aipm player is default media player)then the Aimp.exe will run AND I can see it in process list but the hips won't alert me about it! First, what do you mean by "somewhere;" details please. Again, I believe you have inadvertently created an allow HIPS rule for a process for all activity which would include AIMP.exe startup activity. Also you were complaining about like behavior when using ver. 10. So I don't think this is a ver. 11 "bug." Edited October 28, 2017 by itman Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 28, 2017 Author Share Posted October 28, 2017 (edited) It doesn't matter where!tried from every drive. 1 hour ago, itman said: created an allow HIPS rule for a process for all activity which would include AIMP.exe startup activity. No no no there is a bug you can try yourself and I have only one rule in Hips!I didn't have this problem in version 10! Pls Dw Aimp player install it(turnoff hips) then create these rules like me! and start an mp3 from your desktop then you will see the hips won't trigger an alert.but if you start aimp.exe from C( or wherever you installed it) it will alert you! Edited October 28, 2017 by persian-boy Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 28, 2017 Author Share Posted October 28, 2017 I rate HIPS 7.5/10 there are some minor bugs that need Attention but Overall, a good product Keep up the good work Eset xD Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 28, 2017 Share Posted October 28, 2017 48 minutes ago, persian-boy said: No no no there is a bug you can try yourself and I have only one rule in Hips!I didn't have this problem in version 10! Pls Dw Aimp player install it(turnoff hips) then create these rules like me! and start an mp3 from your desktop then you will see the hips won't trigger an alert.but if you start aimp.exe from C( or wherever you installed it) it will alert you! Appears by default the HIPS will only check program startup from the drive the OS is installed on. Create a HIPS rule for each drive you want to monitor startup activity by specifying for Applications -> Specific applications -> D:\*.* etc.. I tested this and it does detect any program startup on the specified drive. Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 28, 2017 Author Share Posted October 28, 2017 (edited) Thnx for the rule, you gave me but still doesn't work P.s: it works for other tools or applications but only for media players! maybe smth is wrong with video and audio formats. Edited October 28, 2017 by persian-boy Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 28, 2017 Share Posted October 28, 2017 (edited) 9 minutes ago, persian-boy said: P.s: it works for other tools or applications but only for media players! maybe smth is wrong with video and audio formats Then something you have allowed in the HIPS is allowing the startup of the video player. For example, does the video player install a service? Did you allow svchost.exe or services.exe to start the program associated with the service? Edited October 28, 2017 by itman Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 28, 2017 Author Share Posted October 28, 2017 I have only one rule(the one I posted) and there are no other rules! no, I didn't. Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 28, 2017 Author Share Posted October 28, 2017 OK, fixed! idk how but the issue has gone :) sometimes if you change the hips rules in a row then it will not work properly till you restart the pc! Right now gettings an alert when I start the Mp3 file. Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 29, 2017 Author Share Posted October 29, 2017 Enabled game mode(for first time) then played my game like 4 hours and again disabled it but Hips won't alert anymore and thinking I'm still in game mode Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 29, 2017 Author Share Posted October 29, 2017 Eset fix this issue! or remove game mode because it's more dangerous than useful! Link to comment Share on other sites More sharing options...
Daedalus 16 Posted October 29, 2017 Share Posted October 29, 2017 I think it is better to submit bugs through the contact forms: https://www.eset.com/int/support/contact/ Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted October 29, 2017 Administrators Share Posted October 29, 2017 Do you have automatic activation of gamer mode for applications running in fullscreen mode enabled or disabled? Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 30, 2017 Author Share Posted October 30, 2017 (edited) No, I don't have it(its disabled)!I just enabled it manually to see how it goes!when I was in the game Eset didn't alert for anything and this is good but when I disabled the gamer mode then Hips was not working till I restarted the pc! this issue exists for both firewall(interactive mode) and Hips(interactive mode) Edited October 30, 2017 by persian-boy Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted October 30, 2017 Most Valued Members Share Posted October 30, 2017 (edited) 4 minutes ago, persian-boy said: No, I didn't!I just enabled it manually to see how it goes!when I was in the game Eset didn't alert for anything and this is good but when I disabled the gamer mode then Hips was not working till I restarted the pc! this issue exists for both firewall(interactive mode) and Hips(interactive mode) Sounds like one of the bugs mentioned on here https://forum.eset.com/topic/13480-eset-internet-security-11-interactive-firewall-pop-ups-missing-ssltsl-protocol-filtering-seems-to-not-work/ Edited October 30, 2017 by peteyt Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 30, 2017 Author Share Posted October 30, 2017 I suggest Eset provide costume installation and let the user choose what he wants to install and what he doesn't want to install. Some ppl don't need Anti-spam, gamer mode, Anti-theft, webcam protection and banking protection:P Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted October 30, 2017 Most Valued Members Share Posted October 30, 2017 22 minutes ago, persian-boy said: I suggest Eset provide costume installation and let the user choose what he wants to install and what he doesn't want to install. Some ppl don't need Anti-spam, gamer mode, Anti-theft, webcam protection and banking protection:P Yeah I have suggested this in the past - One of the things I have noticed is a lot of Security Suites have became bloatware because like phones they just try and put everything into it - most security suites do this, and add a lot of unwanted stuff e.g. toolbars. The problem is that lots of people don't want this but some sadly do. I've always wondered if the idea of a truly customisable security program could work - kind of like a modular security suite where the user could choose exactly what they wanted. Probably a lot of work needed however and many would instal everything by default then wonder why it became slow. I do find Eset is very lightweight so I'm not bothered about extra stuff as it doesn't effect the computer. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted November 2, 2017 Most Valued Members Share Posted November 2, 2017 I don't use HIPS manually having it set to automatic but occasionally get the error "User rules file contains invalid data" which appears to be HIPS related as its in the HIPS log. What would this mean. It's random and might not happen for ages. Link to comment Share on other sites More sharing options...
itman 1,659 Posted November 2, 2017 Share Posted November 2, 2017 59 minutes ago, peteyt said: I don't use HIPS manually having it set to automatic but occasionally get the error "User rules file contains invalid data" which appears to be HIPS related as its in the HIPS log. What would this mean. It's random and might not happen for ages. Odd. I have only see that error appear when creating HIPS rules when the HIPS doesn't like the user created rule. It appears in ver. 9, 10, and 11 after normal exit of HIPS rule editing when the HIPS attempts to save the new/edited rule. This is a major "irritant" to me since a number of rule changes may have been made which will all be lost if only one rule is invalid. In ver. 8, you would received the error message immediately after creating a rule. Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 2, 2017 Author Share Posted November 2, 2017 (edited) Sometimes It happens if you don't have a right path for your file, application or registry entry. like you want to have C driver on your list but you type C not C:\ Edited November 2, 2017 by persian-boy Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 2, 2017 Author Share Posted November 2, 2017 This is the story: Hips showed me Explorer want to access X application!I didn't allow it and just waited to see what will happen. After 2 mins Hips allowed it without my permission!I thought smth is wrong with my rules but I removed all of them! It can happen for everything not only this rule! pls, try yourself! set some rules that you can see the changes!like set a rule for Explorer.exe and tell Hips if explorer wants to access an application then alert me ok? Don't answer the question just wait also don't touch the mouse and don't do anything!you will see the operation will allow without your permission. Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 2, 2017 Author Share Posted November 2, 2017 ITman pls test what I said! if you got an alert from the hips just don't allow it an wait 2 min!idk if it's only my problem?! tried it in interactive mode an also smart mod but the same story... Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 2, 2017 Author Share Posted November 2, 2017 (edited) Tried it again, Set my rules and ran Sophos clean which is my on-demand scanner! Hips asked me to allow or deny I didn't answer! waited 2 min and Hips auto allow the access?! Just do the same thing for yourself and watch the results! Eset if I prove that there is such bug in Hips then you must give me a free lifetime license for Eset IS:D Edited November 2, 2017 by persian-boy Link to comment Share on other sites More sharing options...
itman 1,659 Posted November 2, 2017 Share Posted November 2, 2017 39 minutes ago, persian-boy said: Hips showed me Explorer want to access X application!I didn't allow it and just waited to see what will happen. After 2 mins Hips allowed it without my permission!I Explorer is a bugger since it can allow shell execution of itself. That shell can also be run in "temporary" mode such that it will startup, run, and terminate itself w/o you ever noticing it ever run. CCleaner is any example of a process that does this; at least it did in earlier vers.. I haven't used it in some time. What you can do is create a HIPS ask rule for explorer.exe that will alert on any startup of itself. I believe that is what I used to detect this situation. I believe what is going on here is that the HIPS detects explorer.exe attempted startup of SophosClean. However, explorer.exe has already spawned a shell startup of itself that is actually used to run SophosClean. When you do the deny action, it is applied to the initial explorer.exe instance but not the shell instance of explorer.exe. Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 2, 2017 Author Share Posted November 2, 2017 (edited) This is not only about the Explorer and its true for other alerts as well!if you get an alert and don't answer it then it will auto allow it! Also, the Hips alert shouldn't disappear!because I didn't allow or deny it! !but as you see the alert will disappear!why? because Eset allowed it! Edited November 2, 2017 by persian-boy Link to comment Share on other sites More sharing options...
itman 1,659 Posted November 2, 2017 Share Posted November 2, 2017 (edited) 30 minutes ago, persian-boy said: This is not only about the Explorer and its true for other alerts as well!if you get an alert and don't answer it then it will auto allow it! OMG - did I not comment on this previously? Eset HIPS does auto allow if a response is not received within a specified interval. As far as I am aware of, there is no way to control how long the alerts remain on the desktop. Nor is there any way to change the behavior to auto deny. This is one reason why I stated that you should be running in Policy mode which will auto block anything for which an allow rule doesn't exist. Remember my PM comment? Eset HIPS is not an anti-exec and frankly speaking there is no way to make it so. Edited November 2, 2017 by itman Link to comment Share on other sites More sharing options...
Recommended Posts