MarcFL 28 Posted June 9, 2021 Share Posted June 9, 2021 When a HIPS Deny rule is created, and "Notify User" is turned on, a display a notification does NOT appear when the rule is triggered. Bug? Thanks. See: https://help.eset.com/eav/14/en-US/idh_hips_editor_single_rule.html?idh_hips_editor_single_rule.html Link to comment Share on other sites More sharing options...
MarcFL 28 Posted June 9, 2021 Author Share Posted June 9, 2021 (edited) Here are some screenshots. The rules work fine, just no Eset Notifications. I've tested this on a few different systems with NOD32 - same results - no Eset notification. Bug or am I missing something? Thanks for your input. Edited June 9, 2021 by MarcFL Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted June 9, 2021 Share Posted June 9, 2021 This is not a solution to your problem but I think you should put the allow rule above the block one for Macrium. For firewall, the rules on top gets prioritize over the bottom ones. The same is probably true for HIPS. I'm not sure though so correct me if I'm wrong. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted June 9, 2021 Administrators Share Posted June 9, 2021 I was unable to reproduce it. With a blocking rule created and notification enabled, I got this pop up notification both with regular and pre-release modules: Link to comment Share on other sites More sharing options...
MarcFL 28 Posted June 9, 2021 Author Share Posted June 9, 2021 (edited) Found the Bug! Desktop Notifications, Minimum Verbosity of events to display: If Set to Warning, no notifications appear. If set to Informative, notifications appear. HOWEVER, if you look at my HIPS rules above, they are set to Warning. Therefore, if Minimum Verbosity is set to Warning, notifications should display - but they don't. This is bug. Edited June 9, 2021 by MarcFL Link to comment Share on other sites More sharing options...
MarcFL 28 Posted June 9, 2021 Author Share Posted June 9, 2021 Reported this bug to Eset: BUG REPORT Details: My custom HIPS rules are set to "Notify User" and Logging Severity set to Warning. Under Desktop Notifications, Minimum Verbosity of events to display - It is also Set to "Warning". Bug: No desktop notifications appear when a HIPS rule is triggered. But they should appear because "Desktop Notifications, Minimum Verbosity" is set to Warning AND the HIPS rule is also set to Warning. Note: If Desktop Notifications, Minimum Verbosity is set to Informative, HIPS notifications appear. See Attached Screenshots and Forum post with all the details of this bug:https://forum.eset.com/topic/28730-hips-notify-user-not-working/ Jarod Stultz 1 Link to comment Share on other sites More sharing options...
Jarod Stultz 1 Posted June 9, 2021 Share Posted June 9, 2021 Thank you for this. I have been pulling my hair out for days trying to figure out why notifications were not displaying when both Desktop Notifications and HIPS blocking verbosity were set to Warning. Once I dropped desktop notifications to informative they started functioning properly. This is definitely a bug. MarcFL 1 Link to comment Share on other sites More sharing options...
itman 1,748 Posted June 9, 2021 Share Posted June 9, 2021 (edited) As far as desktop notifications go, refer to the following per Eset on-line help: Quote Minimum verbosity of events to display – From the drop-down menu, you can select the starting severity level of notifications to be displayed: •Diagnostic – Logs information needed to fine-tune the program and all records above. •Informative – Records informative messages such as non-standard network events, including successful update messages, plus all records above. •Warnings – Records critical errors and warning messages (Antistealth is not running properly or update failed). •Errors – Errors (document protection not started) and critical errors will be recorded. •Critical – Logs only critical errors error starting antivirus protection or infected system. I have mine set to "Diagnostic" and have no issue with Eset HIPS rule desktop notifications appearing. Edited June 9, 2021 by itman Link to comment Share on other sites More sharing options...
MarcFL 28 Posted June 9, 2021 Author Share Posted June 9, 2021 Thanks for your reply. The notifications should display when minimum verbosity is set to Warning as I explained. I have no desire to set it to Diagnostic or Informative as a workaround. I hope Eset fixes it. Jarod Stultz 1 Link to comment Share on other sites More sharing options...
MarcFL 28 Posted June 10, 2021 Author Share Posted June 10, 2021 20 hours ago, Jarod Stultz said: Thank you for this. I have been pulling my hair out for days trying to figure out why notifications were not displaying when both Desktop Notifications and HIPS blocking verbosity were set to Warning. Once I dropped desktop notifications to informative they started functioning properly. This is definitely a bug. It would be a very good idea for you to report the bug as well. The more they get, the more likely they will fix it. You can report the bug in two ways: 1. Through Eset: Just open Eset NOD32 and click on Help & Support, Submit Support Request; or 2. At this website: https://www.eset.com/int/support/contact/ Thanks. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted June 10, 2021 Administrators Share Posted June 10, 2021 It is not a bug; it was confirmed that it's a desired behavior. The setting in the rule editor reads "Logging severity" so it concerns only logging, not notifications. Any notifications are of informative severity, ie. they always appear in a blue pop-up. The pop-up would have to be yellow or red if the setting would also apply to the notification severity which is not how it's currently designed. Link to comment Share on other sites More sharing options...
MarcFL 28 Posted June 10, 2021 Author Share Posted June 10, 2021 (edited) Thanks Marcos. That's a bummer. I guess it's a feature request or perhaps a design flaw. Our goal: Not be annoyed by informative popups, such as definition updates, BUT be notified when a custom HIPS rule blocks something. Edited June 10, 2021 by MarcFL Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted June 11, 2021 Administrators Share Posted June 11, 2021 By default no notifications pop up after a module update. You can control these separately for the engine and for other modules in the notification setup: Link to comment Share on other sites More sharing options...
MarcFL 28 Posted June 11, 2021 Author Share Posted June 11, 2021 Thanks, I realized that after I posted. I guess I was being annoyed with notifications about startup item changes, which can be disabled separately. I appreciate your help. Link to comment Share on other sites More sharing options...
Recommended Posts