HIPS "Notify User" Not Working

MarcFL · June 9, 2021

When a HIPS Deny rule is created, and "Notify User" is turned on, a display a notification does NOT appear when the rule is triggered. Bug? Thanks.

See: https://help.eset.com/eav/14/en-US/idh_hips_editor_single_rule.html?idh_hips_editor_single_rule.html

MarcFL · June 9, 2021

Here are some screenshots. The rules work fine, just no Eset Notifications. I've tested this on a few different systems with NOD32 - same results - no Eset notification. Bug or am I missing something? Thanks for your input.

Edited June 9, 2021 by MarcFL

SeriousHoax · June 9, 2021

This is not a solution to your problem but I think you should put the allow rule above the block one for Macrium. For firewall, the rules on top gets prioritize over the bottom ones. The same is probably true for HIPS. I'm not sure though so correct me if I'm wrong.

Marcos · June 9, 2021

I was unable to reproduce it. With a blocking rule created and notification enabled, I got this pop up notification both with regular and pre-release modules:

MarcFL · June 9, 2021

Found the Bug!
Desktop Notifications, Minimum Verbosity of events to display: If Set to Warning, no notifications appear.
If set to Informative, notifications appear.

HOWEVER, if you look at my HIPS rules above, they are set to Warning. Therefore, if Minimum Verbosity is set to Warning, notifications should display - but they don't. This is bug.

Edited June 9, 2021 by MarcFL

MarcFL · June 9, 2021

Reported this bug to Eset:

BUG REPORT

Details: My custom HIPS rules are set to "Notify User" and Logging Severity set to Warning. Under Desktop Notifications, Minimum Verbosity of events to display - It is also Set to "Warning".

Bug: No desktop notifications appear when a HIPS rule is triggered.
But they should appear because "Desktop Notifications, Minimum Verbosity" is set to Warning AND the HIPS rule is also set to Warning.

Note: If Desktop Notifications, Minimum Verbosity is set to Informative, HIPS notifications appear.

See Attached Screenshots and Forum post with all the details of this bug:
https://forum.eset.com/topic/28730-hips-notify-user-not-working/

Jarod Stultz · June 9, 2021

Thank you for this. I have been pulling my hair out for days trying to figure out why notifications were not displaying when both Desktop Notifications and HIPS blocking verbosity were set to Warning. Once I dropped desktop notifications to informative they started functioning properly. This is definitely a bug.

itman · June 9, 2021

As far as desktop notifications go, refer to the following per Eset on-line help:

Quote

Minimum verbosity of events to display – From the drop-down menu, you can select the starting severity level of notifications to be displayed:

•Diagnostic – Logs information needed to fine-tune the program and all records above.

•Informative – Records informative messages such as non-standard network events, including successful update messages, plus all records above.

•Warnings – Records critical errors and warning messages (Antistealth is not running properly or update failed).

•Errors – Errors (document protection not started) and critical errors will be recorded.

•Critical – Logs only critical errors error starting antivirus protection or infected system.

I have mine set to "Diagnostic" and have no issue with Eset HIPS rule desktop notifications appearing.

Edited June 9, 2021 by itman

MarcFL · June 9, 2021

Thanks for your reply. The notifications should display when minimum verbosity is set to Warning as I explained. I have no desire to set it to Diagnostic or Informative as a workaround. I hope Eset fixes it.

MarcFL · June 10, 2021

20 hours ago, Jarod Stultz said:

Thank you for this. I have been pulling my hair out for days trying to figure out why notifications were not displaying when both Desktop Notifications and HIPS blocking verbosity were set to Warning. Once I dropped desktop notifications to informative they started functioning properly. This is definitely a bug.

It would be a very good idea for you to report the bug as well. The more they get, the more likely they will fix it. You can report the bug in two ways: 1. Through Eset: Just open Eset NOD32 and click on Help & Support, Submit Support Request; or 2. At this website: https://www.eset.com/int/support/contact/
Thanks.

Marcos · June 10, 2021

It is not a bug; it was confirmed that it's a desired behavior. The setting in the rule editor reads "Logging severity" so it concerns only logging, not notifications. Any notifications are of informative severity, ie. they always appear in a blue pop-up. The pop-up would have to be yellow or red if the setting would also apply to the notification severity which is not how it's currently designed.

MarcFL · June 10, 2021

Thanks Marcos. That's a bummer. I guess it's a feature request or perhaps a design flaw.
Our goal: Not be annoyed by informative popups, such as definition updates, BUT be notified when a custom HIPS rule blocks something.

Edited June 10, 2021 by MarcFL

Marcos · June 11, 2021

By default no notifications pop up after a module update. You can control these separately for the engine and for other modules in the notification setup:

MarcFL · June 11, 2021

Thanks, I realized that after I posted. I guess I was being annoyed with notifications about startup item changes, which can be disabled separately. I appreciate your help.

Sign In

HIPS "Notify User" Not Working

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics