ESET Internet Security 10 : Recommended settings

viktik

Level 25
Thread author
Verified
Well-known
Sep 17, 2013
1,492
General Settings


  • Click “Advanced setup
2043772.jpg


  • Enable “integrate into system
2043773.jpg

HIPS RULE SETTINGS

  • HIPS rule can be created to protect user files stored in certain folders.
  • Click “Edit” next to Rules


2043774.jpg


  • Click “Add
2043775.jpg


  • Set “Rule name” as “PROTECTED FILES
  • Set “Action” as “Ask
  • Under “Operations affecting“, enable “Files
  • Click “Next


2043776.jpg


  • Select “All applications
2043777.jpg


  • Enable “Delete file“, “Write to File” and “Direct access to disk” as shown below
ESET INTERNET SECURITY 10  HIPS SETTINGS_28-12-2016_19-36-58.jpg


  • Select “Specific files” as shown below
  • Click “Add
2043779.jpg


  • Click “” as shown below
2043780.jpg


  • Select D:\ partition
  • Click “OK
2043781.jpg


  • Click “OK
eset-internet-security-10-hips-settings_28-12-2016_19-37-24.jpg


ESET INTERNET SECURITY 10  HIPS SETTINGS_28-12-2016_19-37-30.jpg


  • Similarly add other partitions in which files has been stored, as shown below
  • Don’t add C: partition in which Windows OS is installed
  • Click “Finish
ESET INTERNET SECURITY 10  HIPS SETTINGS_28-12-2016_19-38-19.jpg


  • Click “OK
2043785.jpg


  • Click “OK
ESET INTERNET SECURITY 10  HIPS SETTINGS_28-12-2016_19-38-34.jpg

HIPS Alerts


  • When an application tries to access files, ESET HIPS generates alerts as shown below.
  • Allow only safe applications. Deny if you don’t want application to modify protected files.
  • To permanently allow safe application access to files, select “Create rule and remember permanently
  • Tick “Only for operation” and select “All file operations
ESET INTERNET SECURITY 10  HIPS ALERT_28-12-2016_19-40-55.jpg




  • To check the reputation of the application, click “Details
eset-internet-security-10-hips-alert_28-12-2016_20-29-57.jpg


  • Next to “Reputation:” you can see the Eset rating of the application.
  • Green color means the application is safe.
  • Yellow color means application is unknown
  • Red color means Application unsafe
eset-internet-security-10-hips-alert_28-12-2016_20-30-08.jpg

FIREWALL INTERACTIVE MODE

  • Set “Filtering mode” to “Interactive Mode
  • Click “OK
ESET INTERNET SECURITY 10  INTERACTIVE FIREWALL SETTINGS_28-12-2016_19-59-55.jpg


  • When an application tries to connect to Internet (network), Eset Firewall shows this alert.
  • If application is safe then click “Allow“, otherwise “Deny
  • If you want to permanently allow a safe application to have access to internet, then select “create rule and remember permanently
  • Click “Allow
ESET INTERNET SECURITY 10  INTERACTIVE FIREWALL ALERT_28-12-2016_20-02-02.jpg


ESET INTERNET SECURITY 10  INTERACTIVE FIREWALL ALERT_28-12-2016_20-03-24.jpg



  • If you want to block access to the Internet for an application click “Deny” when Firewall alert is shown.
ESET INTERNET SECURITY 10  INTERACTIVE FIREWALL ALERT_28-12-2016_20-22-54.jpg


  • To see Reputation of an application click “details
ESET INTERNET SECURITY 10  INTERACTIVE FIREWALL ALERT_28-12-2016_20-29-18.jpg




  • When installing an application, if application tries to connect to internet, then select “Remember until application quits
  • Click “allow” or “deny” as you wish
ESET INTERNET SECURITY 10  INTERACTIVE FIREWALL ALERT_28-12-2016_21-39-16.jpg
 

cryogent

Level 7
Verified
Well-known
Oct 1, 2016
310
@viktik Thanks for sharing with us such good info.
I only have one problem , in my ESET IS 10 HIPS section i don't have "Enable Protected Service" !!!

And other problem although HIPS remain in Automatic Mode I can not delete any folder created even in the C partition.
I don't no why is doing that, but does that after i make this settings in HIPS rules.
I had to reset ESET to default.
Remained the only settings for firewall and document protection.

Ok...its a complet mistery for me but after 4 times trying to make the HIPS settings now its working.:eek:
I'm sure i have done the right settings from the first time.
 
Last edited by a moderator:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,139
Thanks

I'm late but I'll catch up :)

One question. I'm not using any desktop email client (using only web based emails) so should I disable EVERYTHING under the 'Email Client Protection' section. This will include the

Email Clients
Email Protocols
Threatsense Parameters
Alerts and Notifications
Antispam Protection
Antispam Address Book

My thinking is that disabling all those not needed will help to speed up ESET. Parental Control is another example which I disabled since I'm the only one using my tablet

Thanks again
 
Last edited:

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
@viktik
Your rules are not correct! with such rule, every 30 sec you have an ugly alert from HIPS.
1-Because the windows stuff tries to write To C.
2-When you browse the web the browser want to write to his folders(Again C).
3-It will make a lot of alerts If you want to install an App!Also a lot of pain for user:notworthy:
I have no idea why did you create such rules!?
If someone wants the right way to protect his files with Eset Hips:
Place your important files on somewhere and inside a folder then set a block rule for all file operation! like I put my Text files on D:\new folder\example.rtf and set block rules for this file via HIPS. don't forget that Eset Hips will not protect your files from access or copy.it only protect from writing to file or delete the file(doesn't work/probably bug?!).
There is another bug in Eset Hips that Auto allow an operation if you don't answer the alert in provided time(around 45 sec)!So an ask rule for your files is the worst thing that you can do lol! it should be a block rule not ask because the asks rule will auto allow the access so ransomware will encrypt your files if you don't answer the alert fast(as I said about 45 sec) I used to answer Eset alerts fast!
I use Easy File Locker(but also Eset hips) which protects my files in a better way than Eset!
i just gave you another reason that why you shouldn't pay for any Av :giggle::cautious:
 
Last edited:
F

ForgottenSeer 58943

Speaking as a network security guy, ESET has a REALLY GOOD Firewall if you tweak it. I don't run ESET, but there is no denying it's efficacy.

I'll have to put it in a VM and go through the settings. But the ability to block WSD polling, LLMNR, UPNP, SMB, IGMP, RD, Bridging, Metro Apps and other crap is priceless really.. ARP request blocking outside of trusted zones is also awesome to avoid ARP spoofing or poisons. It makes me feel like I should use ESET if my network wasn't already well protected. I'd certainly recommend it based on the firewall alone to be honest.

Oh, the ability to disable some of the logging, disable sending in files and turning off the 'sharing with community' stuff is icing on the cake. Good stuff.
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
ForgottenSeer 58943 I also Love Eset and the Hips in policy mode is strong(lockdown mode for HIPS) I have no problem with it because I learned how to handle the bugs! Ofc it has the best firewall among others, A smart hips and its the lightest av in the world! but there are HIPS bugs that Eset doesn't care much about them(because no one uses their hips maybe rare ppl)! that's why I say you shouldn't pay for any Av because the developers don't fix bugs fast or even ignore you :) its true for all other Avs as well! the good thing is Eset fix the bugs but so late...Eset is my first choice! but I will not pay for any Av never xd
For fixing bugs you need to run it in interactive mode+some custom rules +asnwer the alert fast or bb protection:D it needs learning curve like I wasted about 4 months of my life on it haha.anyway I like it:D
is priceless really.
For you but not for Asian countries!
 
Last edited:

dja2k

New Member
Mar 6, 2018
2
Thanks viktik for the setup guide!

Can all these services can be disabled and not compromise security. My internet is working fine with everything off, just want to confirm. Thanks!
 

Attachments

  • ESET 4.png
    ESET 4.png
    46.9 KB · Views: 1,536
  • ESET 3.png
    ESET 3.png
    44 KB · Views: 1,416
Last edited:
  • Like
Reactions: jadinolf
F

ForgottenSeer 58943

Thanks viktikfor the setup guide!

Can all these services can be disabled and not compromise security. My internet is working fine with everything off, just want to confirm. Thanks!

It depends on the network. I'd recommend keeping TCP connections open or you may truncate some app communications. Everything else like WSD, LLMNR and RPC are probably not needed, especially if you have no servers or a local DNS resolver and don't use WSD assigned printers. ARP outside of trusted zone could in theory, totally wipe out your network if you have multiple subnets and they aren't assigned as trusted zones inside of Eset.

Otherwise? Probably good to go.
 

dja2k

New Member
Mar 6, 2018
2
It depends on the network. I'd recommend keeping TCP connections open or you may truncate some app communications. Everything else like WSD, LLMNR and RPC are probably not needed, especially if you have no servers or a local DNS resolver and don't use WSD assigned printers. ARP outside of trusted zone could in theory, totally wipe out your network if you have multiple subnets and they aren't assigned as trusted zones inside of Eset.

Otherwise? Probably good to go.
Perfect and thanks! (y)
 
  • Like
Reactions: Nevi and jadinolf

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top