mark.fox7768 0 Posted September 14, 2014 Share Posted September 14, 2014 In the final version of smart security 8 the HIPS needs to be set to smart mode so if you run an unknown file that eset does not no about it will block it and ask the user what to do instead of just allowing it to run then it will perform much better against zero day malware. Link to comment Share on other sites More sharing options...
surfer1000 6 Posted September 15, 2014 Share Posted September 15, 2014 So how does that differ from current setting "automatic with rules" ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted September 15, 2014 Administrators Share Posted September 15, 2014 So how does that differ from current setting "automatic with rules" ? Unlike interactive mode, in Smart mode HIPS evaluates operations based on various criteria and asks for action selection only if a suspicious operation is attempted. Smart mode will partially be implemented in v8 and improved by module updates. In v9, it should be enhanced even more. Link to comment Share on other sites More sharing options...
surfer1000 6 Posted September 15, 2014 Share Posted September 15, 2014 So is it best to change to smart mode then Marcos in V8? Link to comment Share on other sites More sharing options...
mark.fox7768 0 Posted September 15, 2014 Author Share Posted September 15, 2014 (edited) The way the HIPS is setup by default it will just allow all unknown files to run and they might infect your system even if it's a false positive it still should ask the user what to do instead of just allowing it to run so people are not going to realise that they will have to change it to interactive mode or learning mode in smart security 7 and to smart mode in smart security 8 beta smart mode is better then interactive mode because with it set like that (it will ask the user for an action if no action is taken it will allow it this is the best option as it gives you more control of what happens on your computer. In the final version of smart security 8 it should be set to smart mode by default. I hope this makes it clear to you but if not please feel free to sent me another message. Edited September 15, 2014 by mark.fox7768 Link to comment Share on other sites More sharing options...
SweX 871 Posted September 15, 2014 Share Posted September 15, 2014 The way the HIPS is setup by default it will just allow all unknown files to run and they might infect your system even if it's a false positive it still should ask the user what to do instead of just allowing it to run so people are not going to realise that they will have to change it to interactive mode or learning mode in smart security 7 and to smart mode in smart security 8 beta smart mode is better then interactive mode because with it set like that (it will ask the user for an action if no action is taken it will allow it this is the best option as it gives you more control of what happens on your computer. In the final version of smart security 8 it should be set to smart mode by default. I hope this makes it clear to you but if not please feel free to sent me another message. The problem with asking the user is that few users know how to respond to a prompt correctly, and whether allow, deny, quarantine etc..would be the best answer in a particular situation. And that's why ESET's products works as automatic as possible to not bother the user with popup notifications unless absolutely necessary, as then many people would feel that it asks too many questions that they don't know how to answer, and may even consider to change to a more "silent" product. I'm sure the "Smart Mode" will be good enough as its becoming more mature as time goes by. Link to comment Share on other sites More sharing options...
mark.fox7768 0 Posted September 15, 2014 Author Share Posted September 15, 2014 (edited) Hi Thanks for your message I really hope they set it to smart mode by default in the final version of smart security 8 I don't think it will be but if was it would perform much better against zero malware and you will actually see the HIPS working. The HIPS doesn't really perform very well in it's default setting automatic mode with rules. _____________________________________________________________________________________________________________________ They need to work a lot on PUP Detection as well. Edited September 15, 2014 by mark.fox7768 Link to comment Share on other sites More sharing options...
SweX 871 Posted September 15, 2014 Share Posted September 15, 2014 (edited) Hello, How come ? Most users find that ESET is extremely good when it comes to PUA and PUP detections, and maybe even think that ESET almost have a too strong stance against them sometimes. Personally I like and appreciate that very much. FYI, I made a similar suggestion some time ago, though it's not meant as being connected to the HIPS like your idea seems to be, but use Live Grid file information: https://forum.eset.com/topic/51-future-changes-to-eset-smart-security/?p=17761 Edited September 15, 2014 by SweX Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted September 16, 2014 Administrators Share Posted September 16, 2014 How come ? Most users find that ESET is extremely good when it comes to PUA and PUP detections, and maybe even think that ESET almost have a too strong stance against them sometimes. Yeah, I don't understand this statement either Many users praise ESET for detecting PUAs not recognized by other vendors. Anyways, it always involves legal aspect when it comes to PUA detection so vendors must be careful about that. Link to comment Share on other sites More sharing options...
mark.fox7768 0 Posted September 16, 2014 Author Share Posted September 16, 2014 Hi Thanks for your message all of the security software company's need to improve their PUP detection because there is always going to be a pup or pup's that are not in the software's database which make's them easy to install but sometimes a pain to remove without the right tools. PUP's in my view are malware because they come under Spyware/Adware. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted September 16, 2014 Administrators Share Posted September 16, 2014 PUP's in my view are malware because they come under Spyware/Adware. But don't say that to PUA lawyers or they'll kill you : ) Link to comment Share on other sites More sharing options...
mark.fox7768 0 Posted September 16, 2014 Author Share Posted September 16, 2014 Very funny what's your point? Link to comment Share on other sites More sharing options...
SweX 871 Posted September 16, 2014 Share Posted September 16, 2014 Very funny what's your point? "Hello, it has come to our attention that our software is being detected by >insert vendor<, and it is a false positive. Please remove the detection or we will have to take legal action." Link to comment Share on other sites More sharing options...
ESET Moderators Aryeh Goretsky 390 Posted September 17, 2014 ESET Moderators Share Posted September 17, 2014 Hello, If you have come across any potentially unwanted applications which are (1) not detected by ESET; but (2) you believe should be detected, please submit them to ESET's researchers for analysis. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
GeorgeW 0 Posted November 13, 2014 Share Posted November 13, 2014 This conversation goes off track dealing with " PUP Detection", but I never see a clear explanation for what to do about this.Posted 15 September 2014 - 09:25 PMSweX replies:The problem with asking the user is that few users know how to respond to a prompt correctly, and whether allow, deny, quarantine etc..would be the best answer in a particular situation.So is this the final solution?In the final version of smart security 8 it should be set to smart mode by default. Link to comment Share on other sites More sharing options...
rugk 397 Posted November 16, 2014 Share Posted November 16, 2014 (edited) Yes it's the final solution, because the majority of the users are not so much technical informed and would complain when ESS would ask "questions I don't know how to react". Additionally the final version of ESS 8 is already released. Edited November 16, 2014 by rugk Link to comment Share on other sites More sharing options...
Recommended Posts