Bjourne 0 Posted July 13, 2013 Share Posted July 13, 2013 Also I have an issue with the HIPS Logs also. I have checked/enabled HIPS>Advanced setup> -Log all blocked applications -Notify when changes occur in startup applications See image below. hxxp://i.imgur.com/QksL658.png Now kindly see the images below of Block rule for CCleaner. Rules were done that both applications will not trigger to launch any browser once a shell link is clicked. Block rule for Brickshooter Egypt.exe was placed to deny the application launching a browser everytime it is exited. hxxp://i.imgur.com/74d3UBu.png hxxp://i.imgur.com/KU1L746.png hxxp://i.imgur.com/z853Xhp.png hxxp://i.imgur.com/SVXW2ru.png Above images was also posted here hxxp://tweakbytes.com/Thread-Eset-Smart-Security-7-Beta-Test as part of a thread at said forum (dates are 06/28 and 07/02). The HIPS Logs is functioning properly. Kindly see rules set to block browser launch which were the same rules placed previously. Name: User rule: Block Brickshooter Egypt start browser Action: Block Source applications: C:\Program Files\MyPlayCity.com\Brickshooter Egypt\Brickshooter Egypt.exe Target applications: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Opera\opera.exe C:\Users\Jason Xxxxx\\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\SRWare Iron\iron.exe Name: User rule: Block Around the World In 80 Days start browser Action: Block Source applications: C:\Program Files\MyPlayCity.com\Around The World in 80 Days\Around The World in 80 Days.exe Target applications: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Opera\opera.exe C:\Users\Jason Xxxxx\\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\SRWare Iron\iron.exe Name: User rule: Block Around the World In 80 Days game.exe start browser Action: Block Source applications: C:\Program Files\MyPlayCity.com\Around The World in 80 Days\game.exe Target applications: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Opera\opera.exe C:\Users\Jason Xxxxx\\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\SRWare Iron\iron.exe Now kindly see images showing the HIS Logs is not functioning. Browsers were blocked from launching but no HIPS Logs seen. hxxp://i.imgur.com/3Bw42uX.png hxxp://i.imgur.com/6DhqySV.png hxxp://i.imgur.com/mhgnjiA.png hxxp://i.imgur.com/6CnDltK.png hxxp://i.imgur.com/DISwa9X.png hxxp://i.imgur.com/jciGEuk.png Name: User rule: Block CCleaner start browsers Action : Block Source applications: C:\Program Files\CCleaner Target applications (Start new application): C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Opera\opera.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SRWare Iron\iron.exe C:\Program Files\Comodo\Dragon\dragon.exe C:\Program Files\Comodo\IceDragon\icedragon.exe C:\Users\Jason Xxxxx\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\zBrowser Portables\*.* hxxp://i.imgur.com/OmXWrZF.png Tried to uncheck the rule created for Brickshooter Egypt so as to see if there will be at least a pop-up to ask me if I will Allow/Deny the trigger to start browser. hxxp://i.imgur.com/ZbPPukr.png There was no pop-up and there was log as usual. But browser still did not launch. The disabling through the uncheck action should have sticked as I have restarted after I did that. What's happening here...? Will I uninstall and install again or what...? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,915 Posted July 15, 2013 Administrators Share Posted July 15, 2013 The rules should work as long as the browsers are not already running. Could you confirm or deny my assumption? Link to comment Share on other sites More sharing options...
Bjourne 0 Posted July 17, 2013 Author Share Posted July 17, 2013 The rules should work as long as the browsers are not already running. Could you confirm or deny my assumption? Hi sorry for late reply. Yes I agree that the rule should work but it ain't working. Default browser is Firefox so there should have been a log there as with the previous examples I have when I started the beta trial. It was okay up until a week or so when I noticed that all my HIPS log disappeared. During my first week when ESS 7 Beta made me smile because of the glaring improvements on the HIPS even when the default browser was running and I exited the game.exe of both 'Around the World In 80 Days' and 'Brickshooter Egypt' access to the home site is blocked and the logs will reflect it. Seems the HIPS is still functioning but there are no logs. To date it's only the Events / Scan that has logs. Even the firewall seems to have been affected. All I could see is a no port connection even I am connected to the internet and am surfing the net. Blocked sites too. I visited a site that ESS 7 Beta blocked and logged the first time I tried the beat version. There was no setting placed for it. But now no blocks and no logs also. Along this line, I did a repair install finished it and rebooted. When I got to the partition all I could see is a blank blue screen as if it was waiting to get to the "Welcome screen". It has been about 10 minutes until I rebooted and did this on the XP partition so I can post my reply. I fear I will recover a saved image of the ESS 7 Beta partition to make it running again.... Link to comment Share on other sites More sharing options...
Bjourne 0 Posted July 17, 2013 Author Share Posted July 17, 2013 I tried to do a repair-install 2x but it was still the same. Kindly see a video I made of the HIPS Logs issue here, hxxp://videobam.com/pZuDR I hope there would be some remedy to this other than just uninstalling like I did when I first tried out ESS ver5(as mentioned ended up using NOD32 AV instead + Outpost Firewall Pro). Link to comment Share on other sites More sharing options...
Administrators Marcos 4,915 Posted July 23, 2013 Administrators Share Posted July 23, 2013 Unfortunately, in the video you didn't click on the rule so we don't know if you actually had logging enabled or not. If logging when the rule is applied is disabled, HIPS behaves as expected and it won't log a thing unless you enable it for the particular rule. Link to comment Share on other sites More sharing options...
Recommended Posts