Raiden

Level 18
Verified
Content Creator
Hallelujah I got it to work!

So I double checked everything with Powershell when it comes to WD and everything was back to normal. I then decided to create the rule again and see what happens. No issues! I created the second rule again and the same issue popped up, I was like what the heck, that rule was fine last time. After closer inspection it seems like the last option switched from "specific processes" to "all applications." I found this strange as I was 100% certain that I selected specific applications, but then it dawned on me. Since I was doing this on my laptop, I guess I must have in inadvertently switched the option with the touch pad, as I was clicking through the options. There doesn't seem to be an explanation for the issues, other than that.:emoji_flushed:

Thanks for the help, I'm glad I got it working again!
 

blackice

Level 28
Verified
Hallelujah I got it to work!

So I double checked everything with Powershell when it comes to WD and everything was back to normal. I then decided to create the rule again and see what happens. No issues! I created the second rule again and the same issue popped up, I was like what the heck, that rule was fine last time. After closer inspection it seems like the last option switched from "specific processes" to "all applications." I found this strange as I was 100% certain that I selected specific applications, but then it dawned on me. Since I was doing this on my laptop, I guess I must have in inadvertently switched the option with the touch pad, as I was clicking through the options. There doesn't seem to be an explanation for the issues, other than that.:emoji_flushed:

Thanks for the help, I'm glad I got it working again!
Glad you got it working!!
 

L0ckJaw

Level 12
Verified
Content Creator
Implemented the rules and if someone is interested i added the xml file in English.

 

Windows_Security

Level 23
Verified
Trusted
Content Creator
Good morning mortals! I hereby share with you some amazing HIPS rules for ESET that will work as default-deny to prevent infections such as ransomware. You can check the source here.

This mortal can do the same with the free and build-in Windows Defender Attack Surface Reduction and Exploit Protection ;) The nice thing about WD is that hese features even work when you are using a third-party anti-virus. So totally free and build-in Windows Security.
 
Last edited:

marcopaone

Level 4
Verified
Implemented the rules and if someone is interested i added the xml file in English.

If I use these settings for hips it will erase mine setting for all eset module :( :(
 
  • Like
Reactions: oldschool

blackice

Level 28
Verified
@Robbie - Are you still using ESET? Do you recommend any changes for the latest update to ESET? Thanks in advance. I always use your rules :)
From what I’ve seen the HIPS module still works the same as far as custom rules go. I imported my old rules from v12 and they all seem to work.
 

blackice

Level 28
Verified
Dudes, if you go full paranoid default-deny, add most of the LOLbins present on windows, you have around an hundred. :)
That’s when I know I’ve reached my limit on paranoia, I don’t have any time for that! I used MSE for years and never caught a nasty. Whether I’m vanilla in my behavior or lucky, going overboard doesn’t seem worth it.
 
F

ForgottenSeer 823865

Serious Default-Deny is for people with very static system (means few apps installed and almost never add any) and corporate mindset.
if a user doesn't fit in these 2 categories, he will be better of with classic blacklisting solutions and learn how to have good and safe practices.
Malware aren't Dr Strange, opening a portal directly in your system, they all have the same entry points which can be covered by a bit of brain.
 
Top