Jump to content

Recommended Posts

Search, no definitive answer.  What is most secure

•Automatic mode – Operations are enabled with the exception of those blocked by pre-defined rules that protect your system.

•Smart mode – The user will only be notified about very suspicious events.

 

Second, are rules I create, saved and used in both these modes?

Share this post


Link to post
Share on other sites

Use smart mode. And yes, you can create custom rules in any mode; in learning mode rules will be created automatically. If you want to improve protection against ransomware, you can also create HIPS rules as per https://support.eset.com/kb6119/.

Share this post


Link to post
Share on other sites
4 hours ago, Marcos said:

Use smart mode. And yes, you can create custom rules in any mode; in learning mode rules will be created automatically. If you want to improve protection against ransomware, you can also create HIPS rules as per https://support.eset.com/kb6119/.

Is smart mode okay for an average user? Same for the hips rules in the link?

Share this post


Link to post
Share on other sites
12 minutes ago, peteyt said:

Is smart mode okay for an average user? Same for the hips rules in the link?

Personally, I believe Smart mode is nothing more than a HIPS "placebo" setting. I and many others have never seen a HIPS alert in either Auto or Safe mode assuming no user rules have been created.

Share this post


Link to post
Share on other sites

I got one alert in smart-mode: User rule: allow PrivateVpn.exe, the only one.

So what's the verdict are they the same, useless, or what?

No definitive answer.

 

This question was not answered,  "Second, are rules I create, saved and used in all of the modes???

Thanks

Edited by SRT

Share this post


Link to post
Share on other sites
1 hour ago, SRT said:

This question was not answered,  "Second, are rules I create, saved and used in all of the modes???

@Marcos already answered this. The answer is yes!

Share this post


Link to post
Share on other sites

Thanks, missed that.

If I have rules written by me and changed to learning mode would they be over written?

Still confused about difference between auto and smart modes.

I take from Marcos, that smart might be a little bit more secure?

Share this post


Link to post
Share on other sites

In learning mode permissive rules are created for operations for which no rule exists yet. Rules are not overwritten.

The difference between various HIPS modes is that:
- in automatic mode the user is never prompted for an action and basically all but self-defense internal rules are applied
- in smart mode, HIPS works like in automatic mode but may ask you if very suspicious operations are attempted
- in interactive mode, the user is prompted for an action whenever an operation is attempted for which no rule exists
- in learning mode permissive rules are created automatically for every operation.

Share this post


Link to post
Share on other sites
13 hours ago, SRT said:

If I have rules written by me and changed to learning mode would they be over written?

They won't be overridden but could conflict with or negate the user rules you created manually. The most important thing to remember is allow rules always take precedence over ask or block rules. For example, you created a rule manually to block some process activity. However a rule was created in learning mode to allow the same activity. The learning mode rule will always take precedence over your manually created block rule and your block rule will never be executed.

My own opinion is if the HIPS was set to learning mode initially, it should be switched to interactive mode thereafter with all new rules created from that mode. If you need to run a program installer thereafter, you have two choices:

1. Switch to learning mode again and run the program installer. This is really not secure since the installer may do whatever it wants in regards to system modification activities.

2. Stay in interactive mode and answer HIPS alerts as they appear. Again, you would need advanced system knowledge to be able to determine what is or is not acceptable system modification activity.

My own opinion is the best HIPS option is when Eset is installed is to switch to Smart mode. Then manually create your HIPS rules from that point on.

The most important point to remember is the Eset HIPS is not a "full featured" HIPS along the lines of Comodo's Defense+, the now defunct Outpost HIPS, etc.. These HIPS's provided features such as "Installer" mode one could easily switch to when performing program installations. This installer mode could be conditioned for example by specifying "Trusted Publishers" to prevent installations from untrusted sources.

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...