effi74 0 Posted November 30, 2013 Share Posted November 30, 2013 Hi I have returned to Eset after using Kaspersky for a year (Bloatware...). I am using Smartsecurity 7 and have some questions regarding HIPS (running in interactive mode): Is there a way to add rules for a group of files (e.g. a complete folder or a path with wildcards like c:\MyApp\All*.exe)? Is there a way to trust signed executables like e.g. "Trust all apps signed by Microsoft"? When Microsoft is installing updates you are prompted with tons of request from temporary installers and you have to confirm all the time (creating rules does not help because the temp-files keep changing). What is the best way to handle this? Thanks! Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted December 2, 2013 ESET Insiders Share Posted December 2, 2013 (edited) I would feel completely safe only to have enabled Advanced Memory Scanner Now if you decide to use the filtering rules you ought to make you think any rule with the action "Ask" ----- leaving the mode to "Automatic" Full documentation here hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2908 Edited December 2, 2013 by toxinon12345 Link to comment Share on other sites More sharing options...
FlyingHorse 0 Posted December 2, 2013 Share Posted December 2, 2013 Now if you decide to use the filtering rules you ought to make you think any rule with the action "Ask" ----- leaving the mode to "Automatic" Can someone please translate this into English? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted December 2, 2013 Share Posted December 2, 2013 Dont forget this is not an English only forum, but of all nationalities and any customer for ESET. The chosen default language is English. We have people from all over the globe That being said, i have no clue what he meant. Link to comment Share on other sites More sharing options...
effi74 0 Posted December 3, 2013 Author Share Posted December 3, 2013 Sorry toxinon12345, I did not completely understand what you mean. What I am trying to achieve is simply to reduce the number of popups by HIPS. When Windows ist installing updates I get dozens of popups because some temporay setup files are trying to perform actions. I won't help to create rules for them as their name (temporary!) is constantly changing. I am looking for something like "trust all files signed by microsoft" or "trust all files in this folder". Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted December 7, 2013 ESET Insiders Share Posted December 7, 2013 What I am trying to achieve is simply to reduce the number of popups by HIPS. I am looking for something like "trust all files signed by microsoft" or "trust all files in this folder". Just switch t0 Aut0matic M0de, Checksums/Digital Signatures are n0t supp0rted Thats why I have created s0me few "Ask" - Rules similar t0 Wind0ws UAC Link to comment Share on other sites More sharing options...
effi74 0 Posted December 12, 2013 Author Share Posted December 12, 2013 OK, I'll try. What is the behaviour of "Automatic"? What rules are applied or what behaviors are prohibited or prompted? Link to comment Share on other sites More sharing options...
TomFace 539 Posted December 12, 2013 Share Posted December 12, 2013 (edited) effi74, look at thishxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3190&actp=search&viewlocale=en_US&searchid=1386861593971 also this is from the help section in SS7:"Filtering can be performed in one of four modes:Automatic mode – The default mode. This mode is suitable for users who prefer easy and convenient use of the firewall with no need to define rules. Automatic mode allows all outbound traffic for the given system and blocks all new connections initiated from the network side." Hope this helps. I guess another thing you could do is uncheck the notify changes to start up applications in the HIPS advanced set up menu. Edited December 12, 2013 by TomFace Link to comment Share on other sites More sharing options...
effi74 0 Posted December 12, 2013 Author Share Posted December 12, 2013 Sorry, my question was about the HIPS Automatic Mode, not the Firewall Automatic Mode. Link to comment Share on other sites More sharing options...
SweX 871 Posted December 12, 2013 Share Posted December 12, 2013 Perhaps this KB Article will answer some question and you can read about the different HIPS modes. hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2908&actp=search&viewlocale=en_US&searchid=1386877083389 Link to comment Share on other sites More sharing options...
TomFace 539 Posted December 12, 2013 Share Posted December 12, 2013 (edited) Sorry, my question was about the HIPS Automatic Mode, not the Firewall Automatic Mode. Sorry, my mistake effi74. I was using the wrong side of my brain earlier (that happens from time to time). But as usual, SweX to the rescue! Edited December 12, 2013 by TomFace Link to comment Share on other sites More sharing options...
SweX 871 Posted December 13, 2013 Share Posted December 13, 2013 (edited) Sorry, my question was about the HIPS Automatic Mode, not the Firewall Automatic Mode. Sorry, my mistake effi74. I was using the wrong side of my brain earlier (that happens from time to time). But as usual, SweX to the rescue! Haha well, I can admit that I also use the wrong side of my brain at least once or twice everyday. Edited December 13, 2013 by SweX Link to comment Share on other sites More sharing options...
effi74 0 Posted December 14, 2013 Author Share Posted December 14, 2013 Thanks for the link Swex. In the KB-article it says Automatic mode with rules: This is the default setting. In this mode operations are enabled except when they violate the pre-defined rule set included with ESET Smart Security and ESET NOD32 Antivirus 5. But what is the pre-defined rule set?? What will it allow and what not? Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted December 23, 2013 ESET Insiders Share Posted December 23, 2013 Dont know what that means with predefined rules But you can count Self-Defense as a set of predefined rules for sure Link to comment Share on other sites More sharing options...
Recommended Posts