Jump to content

HIPS "Notify User" Not Working


MarcFL

Recommended Posts

Here are some screenshots. The rules work fine, just no Eset Notifications.  I've tested this on a few different systems with NOD32 - same results - no Eset notification.  Bug or am I missing something?  Thanks for your input.

 

 

1.jpg

2.jpg

Edited by MarcFL
Link to comment
Share on other sites

This is not a solution to your problem but I think you should put the allow rule above the block one for Macrium. For firewall, the rules on top gets prioritize over the bottom ones. The same is probably true for HIPS. I'm not sure though so correct me if I'm wrong. 

Link to comment
Share on other sites

  • Administrators

I was unable to reproduce it. With a blocking rule created and notification enabled, I got this pop up notification both with regular and pre-release modules:

image.png

Link to comment
Share on other sites

Found the Bug!
Desktop Notifications, Minimum Verbosity of events to display:  If Set to Warning, no notifications appear. 
If set to Informative, notifications appear.  

HOWEVER, if you look at my HIPS rules above, they are set to Warning.  Therefore, if Minimum Verbosity is set to Warning, notifications should display - but they don't.  This is bug.

3a.jpg

Edited by MarcFL
Link to comment
Share on other sites

Reported this bug to Eset:

BUG REPORT

Details: My custom HIPS rules are set to "Notify User" and Logging Severity set to Warning.   Under Desktop Notifications, Minimum Verbosity of events to display - It is also Set to "Warning".

Bug:  No desktop notifications appear when a HIPS rule is triggered.  
But they should appear because "Desktop Notifications, Minimum Verbosity" is set to Warning AND the HIPS rule is also set to Warning.    

Note: If Desktop Notifications, Minimum Verbosity is set to Informative, HIPS notifications appear.    

See Attached Screenshots and Forum post with all the details of this bug:
https://forum.eset.com/topic/28730-hips-notify-user-not-working/

Link to comment
Share on other sites

Thank you for this. I have been pulling my hair out for days trying to figure out why notifications were not displaying when both Desktop Notifications and HIPS blocking verbosity were set to Warning. Once I dropped desktop notifications to informative they started functioning properly. This is definitely a bug.

Link to comment
Share on other sites

As far as desktop notifications go, refer to the following per Eset on-line help:

Quote

Minimum verbosity of events to display From the drop-down menu, you can select the starting severity level of notifications to be displayed:

Diagnostic – Logs information needed to fine-tune the program and all records above.

Informative – Records informative messages such as non-standard network events, including successful update messages, plus all records above.

Warnings – Records critical errors and warning messages (Antistealth is not running properly or update failed).

Errors – Errors (document protection not started) and critical errors will be recorded.

Critical – Logs only critical errors error starting antivirus protection or infected system.

I have mine set to "Diagnostic" and have no issue with Eset HIPS rule desktop notifications appearing.

Edited by itman
Link to comment
Share on other sites

Thanks for your reply.   The notifications should display when minimum verbosity is set to Warning as I explained.  I have no desire to set it to Diagnostic or Informative as a workaround.   I hope Eset fixes it.

Link to comment
Share on other sites

20 hours ago, Jarod Stultz said:

Thank you for this. I have been pulling my hair out for days trying to figure out why notifications were not displaying when both Desktop Notifications and HIPS blocking verbosity were set to Warning. Once I dropped desktop notifications to informative they started functioning properly. This is definitely a bug.

It would be a very good idea for you to report the bug as well.  The more they get, the more likely they will fix it.   You can report the bug in two ways:  1. Through Eset: Just open Eset NOD32 and click on Help & Support, Submit Support Request; or 2. At this website: https://www.eset.com/int/support/contact/
Thanks.

 

 

Link to comment
Share on other sites

  • Administrators

It is not a bug; it was confirmed that it's a desired behavior. The setting in the rule editor reads "Logging severity" so it concerns only logging, not notifications. Any notifications are of informative severity, ie. they always appear in a blue pop-up. The pop-up would have to be yellow or red if the setting would also apply to the notification severity which is not how it's currently designed.

Link to comment
Share on other sites

Thanks Marcos.  That's a bummer.  I guess it's a feature request or perhaps a design flaw.
Our goal:  Not be annoyed by informative popups, such as definition updates, BUT be notified when a custom HIPS rule blocks something.

Edited by MarcFL
Link to comment
Share on other sites

  • Administrators

By default no notifications pop up after a module update. You can control these separately for the engine and for other modules in the notification setup:

image.png

image.png

Link to comment
Share on other sites

Thanks, I realized that after I posted.  I guess I was being annoyed with notifications about startup item changes, which can be disabled separately.  I appreciate your help.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...