Eset Smart Security HIPS... use recommendations?

[Jota.Ce]

I don't know how to set that.

• Automatic -> If there's no rule against an action, then allow anything (useless, cause you have to create rules to deny behavious for each program)
  
• Directives -> If there's no rule to allow an action, then deny (useless, cause you have to create rules to allow behavious for each program)
  
• Learning mode -> Allow everything for 14 days (or what you like). After that time, you choose a new method. Horribly imperfect, and after that period, new processes will keep appearing, forcing you to create rules for them, or answering questions about them.
  
• Interactive -> This is painfully annoying, having to allow thousands of questions. Even when you think all is set, then a new warning appears. Windows updates are really like a kick in the ass, as permissions for every update.exe file are not set, and never will be (they all are new processes).
  

How do you people use a HIPS? All those Comodo users, proud of its HIPS, how do you configure it?

I think ESET should put a context menu option to run a program with permissions, or without permissions (just like a sandbox, but without a sandbox), then rules are set to your last chioce for that program.

[HX1]

I use it on Interactive.. I have taken the time.. Much like the interactive Firewall.. to set these permissions.. I feel this is the best way to get to know my system and become familiar with average settings and access of programs that may come along in the future.. For example asking access to something I know nothing of... :dunno: I feel ESS has done a good job with the HIPS Module.. BUT feel it may need a little work.. though even when it isn't 'working' it is disallowing access to things.. ( a bug in the module ).. Once you get most of the rules down and for the programs you use the most it is really not bothersome.. I love the fact that it protects these aspects of the systems and makes you aware of them.. I have also noticed that a few types of rules for a few programs will show a rule yet they do not get applied.. Like starting PeerBlock.... I do also love the fact you can Temporarily allow items.. great.. Just like the Firewall..

I do believe that ESET could more than likely.. optimize the logging and rule making process to become more efficient... I also feel that other settings while making things easier really leave it way to open and you might as well disable it. The other for denying everything would be a nice system freeze BUT I know from what I have seen of the Rule Making side.. that to some degree rules would need to be set for OS and program operation...

EDIT: Running a program with permissions would seem to almost be a bad idea and habit forming.. allowing programs which you might not see as a threat yet will pose one..

[DKT27]

I've set it to Automatic. Used Comodo for 2 years. And now I feel, if there's really a need for HIPS, ESET will block that thing, no use allowing each and everything. And even in auto, I've seen HIPS asking me what to do, twice, both the times it felt it was serious, but it was fine.

[Jota.Ce]

I must insist... i did a Windows Update, and i got thousand of popups, cause each update.exe process needed registry/disk read/write access, so it would be nice if they make an "allow everything for this process temporally"

And i don't think it's bad allowing your favourite programs to hace full access in 1 click, it's what they have when you don't use a HIPS. I know dumb people would see that warning and allow everything. But i seriously don't want 4 rules for my browser. I just want 1 in 1 step: allow everything.

Assigning rules on warning popup will drive you to 4 rules per process, it's a huge list to maintain.

So this case is very different from firewall, where you can have no more than 20 rules, for 20 programs (i merge DL and UL rules for each program in only 1 rule).

Thanks for your POV. I have to say... though i don't like this behaviour, i think Interactive is the only reasonable way to safety.

[Jota.Ce]

I've set it to Automatic...

And even in auto, I've seen HIPS asking me what to do, twice, both the times it felt it was serious, but it was fine.

I'm curious: is ESET HIPS intended to ask in Automatic mode with 0 rules???

[DKT27]

I've set it to Automatic...

And even in auto, I've seen HIPS asking me what to do, twice, both the times it felt it was serious, but it was fine.

I'm curious: is ESET HIPS intended to ask in Automatic mode with 0 rules???

Not really. Most of time it wont ask you anything unless it feels there's some sort of attack, then it will show a fat rectangle on the center of the screen with just two small buttons allow and block, with a checkmark probably. This, again, will only happen when it feels there's some sort of attack.

[LeetPirate]

I've been telling you guys for years that hips in its current implementation is just a marketing gimmick to trick you into thinking there is some imminent threat that will destroy you unless you use hips protection. It will never block any real threat and the day you get infected is the day you clicked the button to allow the threat to eat your computer. LOL And trust me that day will come, because you will see it trying to block something that you become curious about and either out of curiosity or that you are just fedup of screening your apps you will click that button to kill your pc.

[mrkool123]

Don't mean to interrupt your topic Jota.Has anyone been experiencing probs with ess 5.It's causing firefox to load slowly and freeze somtimes, and also causing my system to freeze during scans.When i uninstalled ess 5 all these problems stopped. seems to be a bit buggy, thinking about downgrading to version 4.2

[Bizarre™]

@Jota.Ce:

I believe COMODO has an option to temporarily or permanently allow a process when HIPS is set to Safe Mode.

Putting that aside, I rarely use HIPS now. I always use VirtualBox whenever I install some programs.

[AlienForce1]

Don't mean to interrupt your topic Jota.Has anyone been experiencing probs with ess 5.It's causing firefox to load slowly and freeze somtimes, and also causing my system to freeze during scans.When i uninstalled ess 5 all these problems stopped. seems to be a bit buggy, thinking about downgrading to version 4.2

Here , at work , I have a comp. with nod32 4.2.71 . Last week I decided to upgrade it :

1) disabled self-defence nod32 -> reboot

2) removed fix (in safe mode) - I was using Box.4.30A

3) uninstalled nod32 (still in safe mode , with ESET`s uninstaller)

4) reboot -> cleaned registry and files remnants -> reboot

5) installed newest vers. nod32 5.0.94 with TNOD

Now , the computer is working much better / faster ... :)

I have seen a lot of complaints about nod32 v.5.xx , but for me , on every computer I upgraded from v.4.2 -> to v.5.xx ->

-> ALL ARE WORKING BETTER ...

So , the only thing I can think of is that maybe you don`t do the propper cleaning of the previous AV ...

[Jota.Ce]

So... i don't know what to do...

I currently have it as DKT27 said... Automatic mode with 0 rules.

But i wonder if it would be a hell of work denying ALL, and when a program does not work, adding an "allow" rule for it. I mean... is it hard to manage Directives mode?

[barbados]

i can't get the pure fix disable even in safe mode. it is not giving me the disable option only enable...WHAT CAN I DO 2 GET DISABLE THIS PROGRAM?

[unknownasphyxiated]

its mean that you don't install it yet

[jedi_dr]

I think the best way is "Interactive mode" when you use NOD for the first time. When you use "interactive mode" at the first time, you should answer many "permit" or "deny" questions. But after you set them into rules, they don't bother you again. When any new session came into your computer, you should make decisions. Afterwards, when you are in a safe condition, you can use automatic mode. When you are exposed to a suspicious condition, you can change the mode to directory.

But when you turn off HIPS mode, what's the rule to protect your computer???

[jedi_dr]

I called the NOD local company and they told me NOD 5.0.93.10 is still not the final vertion, which will come out at the end of this month. In my country, I cannot download the 5.0.94.0 version.

[TheBestOFN05]

I Just choice Avira Internet Security and Sandboxie Pro only