JoeBlack40 0 Posted November 6, 2014 Share Posted November 6, 2014 Hello, As the titles says,I installed 2 days ago last version of ESET AV and i found out that i cannot longer change Windows themes with TuneUp Utilities 2013,it remains always the native one.I have snapshots with both Avast free and AVG Pro and this issue doesn't occur.Any idea what's going on? (already tried to disable NOD32 protection and its HIPS). When TuneUp tries to change the theme,ESET's icon is changing for a second or so in a yellow triangle. Windows 7 Ultimate x86,i have installed Sandboxie and Privatefirewall on my laptop.(ESET has all the green light it needs from Privatefirewall btw). Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted November 6, 2014 Administrators Share Posted November 6, 2014 Does renaming C:\Windows\System32\drivers\eamonm.sys and ehdrv.sys in safe mode, one at a time, make a difference? Link to comment Share on other sites More sharing options...
JoeBlack40 0 Posted November 7, 2014 Author Share Posted November 7, 2014 I didn't try it yet,but i just wanted to try again with the HIPS disabled.And guess what,after restart this time it worked.Just wondering with the HIPS disabled the protection of NOD is not affected overall...?(i have Privatefirewall's HIPS anyway...).I just re-enabled Self Defence...don't know why it's disabled automatically with the HIPS,and then must be re-enabled. Thank you Marcos for the help. Link to comment Share on other sites More sharing options...
zhekdia 3 Posted November 7, 2014 Share Posted November 7, 2014 The best thing you can do with fallible placebo junkware like PC TuneUp Utilities is uninstall it, and never look back. Software such as this designed to prey on the naivity of Windows users. Such tools are highly frowned upon in the IT industry.Anything that claims to boost, tune, optimize, clean or fix your computer is at best, making false claims, at worst damaging your system. Link to comment Share on other sites More sharing options...
JoeBlack40 0 Posted November 7, 2014 Author Share Posted November 7, 2014 The best thing you can do with fallible placebo junkware like PC TuneUp Utilities is uninstall it, and never look back. Software such as this designed to prey on the naivity of Windows users. Such tools are highly frowned upon in the IT industry. Anything that claims to boost, tune, optimize, clean or fix your computer is at best, making false claims, at worst damaging your system. I'm using TuneUp since 2007 and never faced a problem.It's your opinion,i respect it,but don't make the assumption that who is using this software is naive.Cause you are wrong.Very wrong. Link to comment Share on other sites More sharing options...
SweX 871 Posted November 7, 2014 Share Posted November 7, 2014 Hi JoeBlack40, Right so it works while the HIPS is disabled. If you haven't tried already then maybe you could try to put the HIPS into the Learning Mode, and while in Learning Mode use your tuneup program and maybe change some themes to see if the HIPS will create all necessary rules automatically. After that, turn off Learning mode, and put the HIPS back into the automatic mode and once again try to use tuneup to see if it works properly this time with HIPS enabled. Link to comment Share on other sites More sharing options...
rugk 397 Posted November 7, 2014 Share Posted November 7, 2014 We don't want to discuss here how useful or useless such software. The user has a problem and we are here to help him. @JoeBlack40 The triangle you saw is surely from the Gamer Mode. It's nothing bad and in your case it has to say quite nothing. If you want to know more about this look at this knowledge base articles: What is Gamer mode in ESET Smart Security / ESET NOD32 Antivirus? How do I enable/disable Gamer mode in ESET Smart Security or NOD32 Antivirus? Link to comment Share on other sites More sharing options...
rugk 397 Posted November 7, 2014 Share Posted November 7, 2014 (edited) @JoeBlack40 No HIPS doesn't disable all the protection. It's only one protection module - however it's an important one. @all So, I was able to reproduce the issue. TuneUp 2013 and Windows 7 too, but ESS 8.0.304. The theme is just not changing (correctly). In the example I tried it changed a few things, e.g. the color of the text in the title, but the main things weren't changed and TuneUp Styler (that's the "module" with which you do this) keeps telling that the default is active. Before each try I reset the theme to Windows default with the normal Windows function to change the design. Now to troubleshooting. I tried it with HIPS completely disabled and it worked. I tried it with learning mode and it doesn't worked. So I tried to narrow it down. I disabled the HIPS modules, one at a time, and I found the "bad guy". The self-protection is blocking the process. Later I tried Marcos instructions too and they seem to confirm it. Does renaming C:\Windows\System32\drivers\eamonm.sys and ehdrv.sys in safe mode, one at a time, make a difference? Here are the results: Both renamed: OKOnly eamonm.sys renamed (so that realtime protection won't work): NOOnly ehdrv.sys renamed (so that HIPS won't work): OK BTW I noticed some other strange things too: When HIPS is disabled or it can't work (because of renamed ehdrv.sys) the tray icon isn't warning. When HIPS is disabled (but not if it can't work) there is even not showed a red dot in the GUI, but just a white (empty) one (like the dot when Gamer Mode is deactivated). When I disable HIPS, and click OK to confirm I know I have to restart (I can only click OK), the self-protection will be greyed out, but all the other things (Advanced Memory Scanner and Exploit Blocker) still seems to be activated. After a restart after disabling HIPS or when HIPS can't work, some of the above mentioned "modules" of HIPS were just gone (There were only 2 checkboxes anymore I think).When I re-enabled HIPS the checkboxes only appeared after a restart. Edit: Now I enabled "log all blocked events" in the HIPS setup, tried to change the theme and checked the HIPS log after this. But there were no entries. Edited November 7, 2014 by rugk Link to comment Share on other sites More sharing options...
JoeBlack40 0 Posted November 8, 2014 Author Share Posted November 8, 2014 Thank you SweX and rugk,very helpful guys .As i already said,i leave the HIPS disabled as i have Privatefirewall which is more suited for this job.As far as i'm concerned,the issue is solved for me. Link to comment Share on other sites More sharing options...
rugk 397 Posted November 8, 2014 Share Posted November 8, 2014 (edited) No it isn't solved at all. And you even can't say that a firewall makes HIPS useless. And as I wrote you don't have to disable the complete HIPS - just enable all modules except of the self-protection. Edited November 8, 2014 by rugk Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted November 8, 2014 Administrators Share Posted November 8, 2014 The tool likely uses some aggressive techniques that are blocked by Self-defense which is aimed to protect crucial system processes as well. Not sure if it'd be safe to make an exception for this particular software but we can investigate the possibilities. Link to comment Share on other sites More sharing options...
rugk 397 Posted November 8, 2014 Share Posted November 8, 2014 (edited) I can't image what changes it could make to ESET. Normally it should just make changes to the Windows system, but the self-protection is only protection changes to ESET. Maybe we would have to test it with ESS or NO32 7 to look whether it will blocked there too. Edited November 8, 2014 by rugk Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted November 8, 2014 Administrators Share Posted November 8, 2014 I can't image what changes it could make to ESET. Normally it should just make changes to the Windows system, but the self-protection is only protection changes to ESET. This is not true. Self-defense also protects crucial system processes. Link to comment Share on other sites More sharing options...
JoeBlack40 0 Posted November 8, 2014 Author Share Posted November 8, 2014 No it isn't solved at all. And you even can't say that a firewall makes HIPS useless. And as I wrote you don't have to disable the complete HIPS - just enable all modules except of the self-protection. I really don't care about ESET's HIPS.Really.Because I'm using Privatefirewall for this and that's all. Link to comment Share on other sites More sharing options...
JoeBlack40 0 Posted November 8, 2014 Author Share Posted November 8, 2014 The tool likely uses some aggressive techniques that are blocked by Self-defense which is aimed to protect crucial system processes as well. ... And why the other AV doesn't block this "aggressive techniques"??? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted November 8, 2014 Administrators Share Posted November 8, 2014 And why the other AV doesn't block this "aggressive techniques"???Probably because they don't prevent malware from performing these critical operations over system processes or they have already added an exception for that particular application. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted November 8, 2014 Administrators Share Posted November 8, 2014 I really don't care about ESET's HIPS.Really.Because I'm using Privatefirewall for this and that's all.By disabling HIPS you don't only disable Self-defense but Advanced memory scanner as well. Advanced memory scanner is another protection layer that scans memory when a suspicious file is executed and terminates suspicious processes. I strongly doubt that this is something that Privatefirewall does as well Link to comment Share on other sites More sharing options...
rugk 397 Posted November 8, 2014 Share Posted November 8, 2014 (edited) I can't image what changes it could make to ESET. Normally it should just make changes to the Windows system, but the self-protection is only protection changes to ESET. This is not true. Self-defense also protects crucial system processes. Okay, I didn't knew this. I though this would do the "normal" HIPS. Edited November 8, 2014 by rugk Link to comment Share on other sites More sharing options...
rugk 397 Posted November 8, 2014 Share Posted November 8, 2014 But why don't there are log files about this? Edit: Now I enabled "log all blocked events" in the HIPS setup, tried to change the theme and checked the HIPS log after this. But there were no entries. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted November 8, 2014 Share Posted November 8, 2014 (edited) Hello My suggestion, which is usually taken highly, would be not to disable self-defense, but create exceptions for Tuneup. Create firewall exceptions, and/or HIPS exceptions which will tell "ESET" to allow the Tuneup to make changes it needs to make to the system. As far as my opinion on system utilities is concerned, if you are an IT Tech, you don't require these utilities due to the fact we already know how to do all of it without the tool. Also there are a plethora of fake tune utils. However , i can speak highly for Tuneup Utilities as a very good program for system maintenance outside of the normal windows operations, but it may be the only one i recommend aside from CCleaner which is still a preference. Good luck, glad your issue is "explained and understood as not a problem". Edited November 8, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted November 8, 2014 Administrators Share Posted November 8, 2014 I was unable to reproduce it on Windows XP. Downloading and applying a theme worked alright. If HIPS (Self-defense) has actually blocked something, it should have been logged in the HIPS log as long as logging blocked operations is enabled. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted November 8, 2014 Share Posted November 8, 2014 I think the break is when you utilize another 3rd party app to change the theme. @Marcus : Were you unable to reproduce using Tuneup Utilities to change the theme, or did you go through control panel ? Link to comment Share on other sites More sharing options...
rugk 397 Posted November 8, 2014 Share Posted November 8, 2014 (edited) @Arakasi You don't need a firewall exception. (I see no reason why you should need this. Especially not for changing the Windows style.) Marcos. The thing with the HIPS exception I will try later. @MarcosI think this could be a kind of incompatibility of the programs.So you surely have to use the same program (TuneUp Styler), possibly the same ESET version (8) and maybe even the same OS (Windows 7). If HIPS (Self-defense) has actually blocked something, it should have been logged in the HIPS log as long as logging blocked operations is enabled. Yeah, that's the reason why I'm asked.And that's also the reason why I'm assuming it's not wanted/expected behaviour of HIPS. Edited November 8, 2014 by rugk Link to comment Share on other sites More sharing options...
Arakasi 549 Posted November 8, 2014 Share Posted November 8, 2014 @Arakasi You don't need a firewall exception. (I see no reason why you should need this. Especially not for changing the Windows style.) Marcos. 1. Read quote carefully, i was speaking in general: "Create firewall exceptions, and/or HIPS exceptions" 2. Thanks. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted November 8, 2014 Share Posted November 8, 2014 Keep in mind Marcos is a handle/alias. Marcos isn't even correct. Link to comment Share on other sites More sharing options...
Recommended Posts