Jump to content

Hips Mode

mark.fox7768
 Share

Recommended Posts

mark.fox7768

mark.fox7768 0

Posted
Posted

In the final version of smart security 8 the HIPS needs to be set to smart mode so if you run an unknown file that eset does not no about it will block it and ask the user what to do instead of just allowing it to run then it will perform much better against zero day malware. 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

So how does that differ from current setting "automatic with rules" ?

 

Unlike interactive mode, in Smart mode HIPS evaluates operations based on various criteria and asks for action selection only if a suspicious operation is attempted. Smart mode will partially be implemented in v8 and improved by module updates. In v9, it should be enhanced even more.

Link to comment
Share on other sites
mark.fox7768

mark.fox7768 0

Posted
  • Author
Posted (edited)

The way the HIPS is setup by default it will just allow all unknown files to run and they might infect your system even if it's a false positive it still should ask the user what to do instead of just allowing it to run so people are not going to realise that they will have to change it to interactive mode or learning mode in smart security 7 and to smart mode in smart security 8 beta smart mode is better then interactive mode because with it set like that (it will ask the user for an action if no action is taken it will allow it this is the best option as it gives you more control of what happens on your computer.

 

In the final version of smart security 8 it should be set to smart mode by default.

 

I hope this makes it clear to you but if not please feel free to sent me another message.       

Edited by mark.fox7768
Link to comment
Share on other sites
SweX

SweX 871

Posted
Posted

The way the HIPS is setup by default it will just allow all unknown files to run and they might infect your system even if it's a false positive it still should ask the user what to do instead of just allowing it to run so people are not going to realise that they will have to change it to interactive mode or learning mode in smart security 7 and to smart mode in smart security 8 beta smart mode is better then interactive mode because with it set like that (it will ask the user for an action if no action is taken it will allow it this is the best option as it gives you more control of what happens on your computer.

 

In the final version of smart security 8 it should be set to smart mode by default.

 

I hope this makes it clear to you but if not please feel free to sent me another message.       

The problem with asking the user is that few users know how to respond to a prompt correctly, and whether allow, deny, quarantine etc..would be the best answer in a particular situation. And that's why ESET's products works as automatic as possible to not bother the user with popup notifications unless absolutely necessary, as then many people would feel that it asks too many questions that they don't know how to answer, and may even consider to change to a more "silent" product. I'm sure the "Smart Mode" will be good enough as its becoming more mature as time goes by.

Link to comment
Share on other sites
mark.fox7768

mark.fox7768 0

Posted
  • Author
Posted (edited)

Hi Thanks for your message I really hope they set it to smart mode by default in the final version of smart security 8 I don't think it will be but if was it would perform much better against zero malware and you will actually see the HIPS working.

 

The HIPS doesn't really perform very well in it's default setting automatic mode with rules. 

 

_____________________________________________________________________________________________________________________

 

They need to work a lot on PUP Detection as well.

Edited by mark.fox7768
Link to comment
Share on other sites
SweX

SweX 871

Posted
Posted (edited)

Hello,

 

How come ? Most users find that ESET is extremely good when it comes to PUA and PUP detections, and maybe even think that ESET almost have a too strong stance against them sometimes. Personally I like and appreciate that very much.

 

FYI, I made a similar suggestion some time ago, though it's not meant as being connected to the HIPS like your idea seems to be, but use Live Grid file information: https://forum.eset.com/topic/51-future-changes-to-eset-smart-security/?p=17761

Edited by SweX
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

How come ? Most users find that ESET is extremely good when it comes to PUA and PUP detections, and maybe even think that ESET almost have a too strong stance against them sometimes.

 

Yeah, I don't understand this statement either :) Many users praise ESET for detecting PUAs not recognized by other vendors. Anyways, it always involves legal aspect when it comes to PUA detection so vendors must be careful about that.

Link to comment
Share on other sites
mark.fox7768

mark.fox7768 0

Posted
  • Author
Posted

Hi Thanks for your message all of the security software company's need to improve their PUP detection because there is always going to be a pup or pup's that are not in the software's database which make's them easy to install but sometimes a pain to remove without the right tools.

 

PUP's in my view are malware because they come under Spyware/Adware.

Link to comment
Share on other sites
SweX

SweX 871

Posted
Posted

Very funny what's your point?

 

"Hello, it has come to our attention that our software is being detected by >insert vendor<, and it is a false positive. Please remove the detection or we will have to take legal action."

Link to comment
Share on other sites
  • ESET Moderators
Aryeh Goretsky

Aryeh Goretsky 378

Posted
  • ESET Moderators
Posted

Hello,

If you have come across any potentially unwanted applications which are (1) not detected by ESET; but (2) you believe should be detected, please submit them to ESET's researchers for analysis.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites
  • 1 month later...
GeorgeW

GeorgeW 0

Posted
Posted

This conversation goes off track dealing with " PUP Detection", but I never see a clear explanation for what to do about this.

Posted 15 September 2014 - 09:25 PM
SweX replies:

The problem with asking the user is that few users know how to respond to a prompt correctly, and whether allow, deny, quarantine etc..would be the best answer in a particular situation.

So is this the final solution?

In the final version of smart security 8 it should be set to smart mode by default.

Link to comment
Share on other sites
rugk

rugk 397

Posted
Posted (edited)

Yes it's the final solution, because the majority of the users are not so much technical informed and would complain when ESS would ask "questions I don't know how to react".

Additionally the final version of ESS 8 is already released.

Edited by rugk
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...