Jump to content

Recommended Posts

I have used other programs with a HIPS module (Comodo/OA). By default the HIPS module in Smart Security is on auto. But to be most effective is it necessary for it to be on "interactive" mode? Will it be to chatty? Thanks. 

Link to post
Share on other sites

Hello,

 

Yes you will probably feel that it is too chatty if you switch directly from Auto to Interactive. 

 

But you could use Learning Mode for a while wich will create rules automatically. 

 

Also see this for more info about how each mode works: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2908&actp=search&viewlocale=en_US&searchid=1407295141752

 

 

Link to post
Share on other sites

That's a difficult question. In every case it's additionally protection.

 

But maybe a moderator or someone else can say more about this. (Especially I don't really know what HIPS blocks in auto mode.)

Link to post
Share on other sites

There is different answers to this as it all depends on how you use the HIPS, but necessary no. All I can say is we don't have the HIPS in the product to block ransomware malware specifically.

 

Re: the default auto-mode

 

ESET's Host-based Intrusion Prevention System (HIPS) is included in ESET NOD32 Antivirus and ESET Smart Security 5 and newer versions. HIPS monitors system activity and uses a pre-defined set of rules to recognize suspicious system behavior. When this type of activity is identified, the HIPS self-defense mechanism stops the offending program or process from carrying out potentially harmful activity.

 

 

And those "pre-defined" rules are afaik updated once in a while when needed. 

 

However, it is possible with the right knowledge to set the HIPS up very tight...

 

Users can define a custom set of rules to be used instead of the default rule set, however this requires advanced knowledge of applications and operating systems and is not recommended in most situations.

 

 

But keep in mind that the threats need to pass the other layers before they reach the HIPS.

Link to post
Share on other sites
  • Administrators

There is different answers to this as it all depends on how you use the HIPS, but necessary no. All I can say is we don't have the HIPS in the product to block ransomware malware specifically.

 

Although we don't use HIPS rules to deal with ransomware, Advanced memory scanner detects and blocks a lot of new variants upon execution thanks to HIPS that it utilizes :)

Link to post
Share on other sites

 

There is different answers to this as it all depends on how you use the HIPS, but necessary no. All I can say is we don't have the HIPS in the product to block ransomware malware specifically.

 

Although we don't use HIPS rules to deal with ransomware, Advanced memory scanner detects and blocks a lot of new variants upon execution thanks to HIPS that it utilizes :)

 

Interesting thanks. I was unaware of the connection between AMS and HIPS in that way, we learn something new everyday.  :)

Link to post
Share on other sites

AMS is a part of HIPS.

 

But, by the way: Are AMS and Exploit Blocker disabled for default in ESS v7?

By me it was. (Or can I don't remember to disable it manually? But why should I do this...?)

Anyway I enabled it now...

Edited by rugk
Link to post
Share on other sites

AMS is a part of HIPS.

 

But, by the way: Are AMS and Exploit Blocker disabled for default in ESS v6?

By me it was. (Or can I don't remember to disable it manually? But why should I do this...?)

Anyway I enabled it now...

If I remember correctly then AMS and Exploit Blocker was introduced in V7 not V6. And they are both enabled by default yes.

Link to post
Share on other sites

Oh what's going on with me today. :wacko: Of course v7. It was a literal error.

 

 

And they are both enabled by default yes.

I asked whether they are both disabled by default... :)

Edited by rugk
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...