Jump to content

HIPS Questions


Recommended Posts

Hi

 

I have returned to Eset after using Kaspersky for a year (Bloatware...). I am using Smartsecurity 7 and have some questions regarding HIPS (running in interactive mode):

 

  • Is there a way to add rules for a group of files (e.g. a complete folder or a path with wildcards like c:\MyApp\All*.exe)?
  • Is there a way to trust signed executables like e.g. "Trust all apps signed by Microsoft"?
  • When Microsoft is installing updates you are prompted with tons of request from temporary installers and you have to confirm all the time (creating rules does not help because the temp-files keep changing). What is the best way to handle this?

 

Thanks!

Link to comment
Share on other sites

  • ESET Insiders

I would feel completely safe only to have enabled Advanced Memory Scanner

 

Now if you decide to use the filtering rules you ought to make you think any rule with the action "Ask" ----- leaving the mode to "Automatic"

 

Full documentation here  hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2908

Edited by toxinon12345
Link to comment
Share on other sites

Now if you decide to use the filtering rules you ought to make you think any rule with the action "Ask" ----- leaving the mode to "Automatic"

 

 

Can someone please translate this into English?

Link to comment
Share on other sites

:lol:

 

Dont forget this is not an English only forum, but of all nationalities and any customer for ESET.

The chosen default language is English.

 

We have people from all over the globe :)

 

That being said, i have no clue what he meant. ;)

Link to comment
Share on other sites

Sorry toxinon12345, I did not completely understand what you mean.

What I am trying to achieve is simply to reduce the number of popups by HIPS.

 

When Windows ist installing updates I get dozens of popups because some temporay setup files are trying to perform actions. I won't help to create rules for them as their name (temporary!) is constantly changing.

 

I am looking for something like "trust all files signed by microsoft" or "trust all files in this folder".

Link to comment
Share on other sites

  • ESET Insiders

What I am trying to achieve is simply to reduce the number of popups by HIPS.

 

I am looking for something like "trust all files signed by microsoft" or "trust all files in this folder".

Just switch t0 Aut0matic M0de,

  Checksums/Digital Signatures are n0t supp0rted

 

Thats why I have created s0me few "Ask" - Rules similar t0 Wind0ws UAC

Link to comment
Share on other sites

effi74, look at this

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3190&actp=search&viewlocale=en_US&searchid=1386861593971
 
also this is from the help section in SS7:
"Filtering can be performed in one of four modes:

Automatic mode – The default mode. This mode is suitable for users who prefer easy and convenient use of the firewall with no need to define rules. Automatic mode allows all outbound traffic for the given system and blocks all new connections initiated from the network side."

 

 

Hope this helps. I guess another thing you could do is uncheck the notify changes to start up applications in the HIPS advanced set up menu.

Edited by TomFace
Link to comment
Share on other sites

Sorry, my question was about the HIPS Automatic Mode, not the Firewall Automatic Mode.

Sorry, my mistake effi74. I was using the wrong side of my brain :wacko: earlier (that happens from time to time).  But as usual, SweX to the rescue! :P

Edited by TomFace
Link to comment
Share on other sites

 

Sorry, my question was about the HIPS Automatic Mode, not the Firewall Automatic Mode.

Sorry, my mistake effi74. I was using the wrong side of my brain :wacko: earlier (that happens from time to time).  But as usual, SweX to the rescue! :P

 

Haha well, I can admit that I also use the wrong side of my brain at least once or twice everyday. :P  ;)

Edited by SweX
Link to comment
Share on other sites

Thanks for the link Swex. In the KB-article it says

 

 

Automatic mode with rules: This is the default setting. In this mode operations are enabled except when they violate the pre-defined rule set included with ESET Smart Security and ESET NOD32 Antivirus 5.

 

But what is the pre-defined rule set?? What will it allow and what not?

Link to comment
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...