orangenbaumblatt 0 Posted August 21, 2014 Share Posted August 21, 2014 Hello, I am very exited to see that the HIPS got a new mode called "Smart Mode". I also heard that it's placed between automatic and inactive mode, and that it asks on suspicious actions. But what are these suspicious actions exactly ESET will notify about? Thank you very much for your help! Link to comment Share on other sites More sharing options...
Arakasi 549 Posted August 21, 2014 Share Posted August 21, 2014 Trying out smart mode now. Did not notice that addition. Wow im slow. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,710 Posted August 22, 2014 Administrators Share Posted August 22, 2014 Smart mode should be interactive mode with user's interactions reduced to the bare minimum. Currently it works more-less the same way as automatic mode but this will be continually improved by module updates. Link to comment Share on other sites More sharing options...
orangenbaumblatt 0 Posted August 22, 2014 Author Share Posted August 22, 2014 Thank you, Arakasi and Marcos, for your answers! It's nice to hear, that it will be continually updated. But is there a kind of "list" on what actions are considered as suspicious (eg. loading driver from AppData,...) Link to comment Share on other sites More sharing options...
rugk 397 Posted August 25, 2014 Share Posted August 25, 2014 OK, good to know this. But another question: Will this Smart Mode the default mode in ESET v8 products or not? And what about something like this "rule"?"If a program is registered to autorun (in registry, autorun folder or the autorun.inf of removable devices etc.) and it is completely unknown (= 0 users used it) in ESET LiveGrid (so that it can't be confirmed that this file is secure) then ask the user whether he wants to allow this action." Maybe you should also add an ESET LiveGrid option (used by X users in ESET LiveGrid or risk is low/medium/ok in ESET LiveGrid) as an factor for HIPS rules, so that a user can create rules with adherence to ESET LiveGrid. Link to comment Share on other sites More sharing options...
SweX 871 Posted August 25, 2014 Share Posted August 25, 2014 And what about something like this "rule"? "If a program is registered to autorun (in registry, autorun folder or the autorun.inf of removable devices etc.) and it is completely unknown (= 0 users used it) in ESET LiveGrid (so that it can't be confirmed that this file is secure) then ask the user whether he wants to allow this action." Maybe you should also add an ESET LiveGrid option (used by X users in ESET LiveGrid or risk is low/medium/ok in ESET LiveGrid) as an factor for HIPS rules, so that a user can create rules with adherence to ESET LiveGrid. FYI I gave a similar suggestion here but only for on-execution: https://forum.eset.com/topic/51-future-changes-to-eset-smart-security/?p=17761 Though my idea is NOT meant as a reputation function / x amount of users, as they can "flag" perfectly safe files based on how many that has that particular file. Wich causes unnecessary notifications for the user. Even if only 1 user has a file it can be perfectly safe so there would be no need to flag it only because of that. ESET have said several times in the past that they do not want to go down the file reputation route because of the FP's it can cause. Link to comment Share on other sites More sharing options...
rugk 397 Posted August 25, 2014 Share Posted August 25, 2014 (edited) @SweX Yes your suggestion is similar. But my idea is "connected" to a suspicious activity (autorun). And this is why I said it should be using LIveGrid to find out if the file is known. And I agree that you shouldn't flag a file only because it has too less users. I want to know if a file is known and this it is if 1 user uses it... So I want the same, but in this suggestion it's not only executing an unknown file that is potentially dangerous, I "connect" it to a suspicious activity to even more reduce the number of messages/questions the user will see. But the second part is more generally: Maybe you should also add an ESET LiveGrid option (used by X users in ESET LiveGrid or risk is low/medium/ok in ESET LiveGrid) as an factor for HIPS rules, so that a user can create rules with adherence to ESET LiveGrid. I would like if the user has also the ability to "work" with the data from ESET LiveGrid in self-defined rules. So if a user would like to be asked for an action of every process with less than 50 users then he would be able to add this rule. But if he is such an advanced user who can add this rule (and if he knows what he does) then he surly can also deal with these FP. But maybe I have to change this suggestion a bit and much more generalize it, because there are of course more parts with rules than just HIPS: Maybe you should also add an ESET LiveGrid option ( used by X users in ESET LiveGrid or risk is low/medium/ok in ESET LiveGrid or file is known (1 or more user(s) is/are using it) / file is unknown (0 users are using it) ) as an factor for HIPS/firewall/... rules, so that a user can create rules with adherence to ESET LiveGrid. If this could be implemented, ESET LiveGrid would get much more powerful for advanced users that want to create rules with ESET LiveGrid statistics. Edited September 1, 2014 by rugk Link to comment Share on other sites More sharing options...
orangenbaumblatt 0 Posted August 31, 2014 Author Share Posted August 31, 2014 Hello, thanks for your answers! I also think that rugk's idea could be very useful for advanced users. I really hope it'll be implemented. Link to comment Share on other sites More sharing options...
rugk 397 Posted September 1, 2014 Share Posted September 1, 2014 (edited) I also think that rugk's idea could be very useful for advanced users. I really hope it'll be implemented. Thanks. I hope the same. Edited September 1, 2014 by rugk Link to comment Share on other sites More sharing options...
Recommended Posts