Jump to content

HIPS config options lists?


Recommended Posts

Anyone got settings that one can import/use? It seems by default with automatic mode there are no rules set so it won't block any 0-day malware and has to be setup manually.

Edited by Morisato
Link to comment
Share on other sites

  • Administrators

Try Smart mode. However, HIPS itself is not meant to protect you from running malware. It's Advanced memory scanner and Exploit blocker that utilize HIPS to detect and block malicious processes from running and I've found them very effective against new malware.

Link to comment
Share on other sites

Yeah AMS performed very good yesterday when I did a small test.

 

Some people seem to be used to how HIPS works in other products and expect it to be the same in ESET, but the HIPS role and purpose in ESET is a bit different since it works like a team player in the product together with the other features, so it's not meant for the HIPS to take the malware fight alone. 

 

By enabling the HIPS Smart Mode it will be more proactive but still be a convenient product to use. You can also work with HIPS rules if you want of course, but the product will be less convenient to use if you go down that route.

Edited by SweX
Link to comment
Share on other sites

Excuse me, regarding the HIPS smart mode, may I know how much user intervention is needed? Cause I would actually like to use this mode as "set it and forget it" for my family and friends who know little about security. Thank You.

Edited by yongsua
Link to comment
Share on other sites

  • Administrators

Excuse me, regarding the HIPS smart mode, may I know how much user intervention is needed? Cause I would actually like to use this mode as "set it and forget it" for my family and friends who know little about security. Thank You.

 

For instance, it means that if an application attempts to modify hosts file, you will be prompted to allow or deny the action.

Link to comment
Share on other sites

 

Excuse me, regarding the HIPS smart mode, may I know how much user intervention is needed? Cause I would actually like to use this mode as "set it and forget it" for my family and friends who know little about security. Thank You.

 

For instance, it means that if an application attempts to modify hosts file, you will be prompted to allow or deny the action.

 

 

So what is the best mode for "set it and forget it"? Thanks.

Link to comment
Share on other sites

Sua, I use HIPS smart mode because I am lazy! :P

Smart mode: Only suspicious system events  :ph34r: trigger a notification beyond the set of pre-defined rules in Automatic mode

(operations such as system registry, active processes and programs).

 

It works fine for me. :)

Link to comment
Share on other sites

Smart Mode works great as a "set it and forget it" mode, I use it myself too and I've never had an issue with it.

Link to comment
Share on other sites

 

Excuse me, regarding the HIPS smart mode, may I know how much user intervention is needed? Cause I would actually like to use this mode as "set it and forget it" for my family and friends who know little about security. Thank You.

 

For instance, it means that if an application attempts to modify hosts file, you will be prompted to allow or deny the action.

 

 

Thanks for the advice and those that contributed as well. Also, does it also protect against MBR direct access to disk, system registry entries, injections,  and autoruns or are those only through manual addition to the hips rules?

 

Ie:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx

Link to comment
Share on other sites

  • Administrators

The above mentioned registry keys are standard run keys and are mainly used by legitimate applications. However, you can turn on notifications about modifications of the run keys in the advanced HIPS setup.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...