LabVIEW707 13 Posted August 5, 2014 Share Posted August 5, 2014 I have used other programs with a HIPS module (Comodo/OA). By default the HIPS module in Smart Security is on auto. But to be most effective is it necessary for it to be on "interactive" mode? Will it be to chatty? Thanks. Link to comment Share on other sites More sharing options...
SweX 871 Posted August 6, 2014 Share Posted August 6, 2014 Hello, Yes you will probably feel that it is too chatty if you switch directly from Auto to Interactive. But you could use Learning Mode for a while wich will create rules automatically. Also see this for more info about how each mode works: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2908&actp=search&viewlocale=en_US&searchid=1407295141752 Link to comment Share on other sites More sharing options...
LabVIEW707 13 Posted August 7, 2014 Author Share Posted August 7, 2014 But is it necessary to be fully effective against things such as randsomware? Link to comment Share on other sites More sharing options...
rugk 397 Posted August 9, 2014 Share Posted August 9, 2014 That's a difficult question. In every case it's additionally protection. But maybe a moderator or someone else can say more about this. (Especially I don't really know what HIPS blocks in auto mode.) Link to comment Share on other sites More sharing options...
SweX 871 Posted August 9, 2014 Share Posted August 9, 2014 There is different answers to this as it all depends on how you use the HIPS, but necessary no. All I can say is we don't have the HIPS in the product to block ransomware malware specifically. Re: the default auto-mode ESET's Host-based Intrusion Prevention System (HIPS) is included in ESET NOD32 Antivirus and ESET Smart Security 5 and newer versions. HIPS monitors system activity and uses a pre-defined set of rules to recognize suspicious system behavior. When this type of activity is identified, the HIPS self-defense mechanism stops the offending program or process from carrying out potentially harmful activity. And those "pre-defined" rules are afaik updated once in a while when needed. However, it is possible with the right knowledge to set the HIPS up very tight... Users can define a custom set of rules to be used instead of the default rule set, however this requires advanced knowledge of applications and operating systems and is not recommended in most situations. But keep in mind that the threats need to pass the other layers before they reach the HIPS. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted August 9, 2014 Administrators Share Posted August 9, 2014 There is different answers to this as it all depends on how you use the HIPS, but necessary no. All I can say is we don't have the HIPS in the product to block ransomware malware specifically. Although we don't use HIPS rules to deal with ransomware, Advanced memory scanner detects and blocks a lot of new variants upon execution thanks to HIPS that it utilizes Link to comment Share on other sites More sharing options...
rugk 397 Posted August 9, 2014 Share Posted August 9, 2014 Good answers. It was also informative for me. Thanks. Link to comment Share on other sites More sharing options...
SweX 871 Posted August 9, 2014 Share Posted August 9, 2014 There is different answers to this as it all depends on how you use the HIPS, but necessary no. All I can say is we don't have the HIPS in the product to block ransomware malware specifically. Although we don't use HIPS rules to deal with ransomware, Advanced memory scanner detects and blocks a lot of new variants upon execution thanks to HIPS that it utilizes Interesting thanks. I was unaware of the connection between AMS and HIPS in that way, we learn something new everyday. Link to comment Share on other sites More sharing options...
LabVIEW707 13 Posted August 10, 2014 Author Share Posted August 10, 2014 Thanks for the update. Link to comment Share on other sites More sharing options...
rugk 397 Posted August 10, 2014 Share Posted August 10, 2014 (edited) AMS is a part of HIPS. But, by the way: Are AMS and Exploit Blocker disabled for default in ESS v7? By me it was. (Or can I don't remember to disable it manually? But why should I do this...?) Anyway I enabled it now... Edited August 10, 2014 by rugk Link to comment Share on other sites More sharing options...
SweX 871 Posted August 10, 2014 Share Posted August 10, 2014 AMS is a part of HIPS. But, by the way: Are AMS and Exploit Blocker disabled for default in ESS v6? By me it was. (Or can I don't remember to disable it manually? But why should I do this...?) Anyway I enabled it now... If I remember correctly then AMS and Exploit Blocker was introduced in V7 not V6. And they are both enabled by default yes. Link to comment Share on other sites More sharing options...
rugk 397 Posted August 10, 2014 Share Posted August 10, 2014 (edited) Oh what's going on with me today. Of course v7. It was a literal error. And they are both enabled by default yes. I asked whether they are both disabled by default... Edited August 10, 2014 by rugk Link to comment Share on other sites More sharing options...
Recommended Posts