- Sep 17, 2013
- 1,492
- Very easy to use for novice users
- Can become very cumbersome for advanced users
Strengthening the Security
To get better security it recommended that users do these settings
- Enable scanning of document files by ticking "Integrate into system" as shown below
- Enable filtering of https traffic by selecting "Always scan SSL protocol"
- For HIPS setting select "Smart mode" as filtering mode
Block an application from accessing the internet
To block internet access of an application user need to add a firewall rule
- Click "setup" of "Zone and rule Editor"
- Give a name to the firewall rule
- For Direction select "Out" so that all outgoing connection will be subjected to selected Action
- For Action select "Deny" so that connection in selected direction will be blocked
- For protocol select "TCP & UDP"
- In "Local" tab select the application which you want to block accessing the internet
- If you want to block internet access of the application completely then leave it empty
- Click "OK" to add the firewall rule
ESET HIPS Settings
Advanced users can set HIPS to interactive mode. Use with caution.
Host-based Intrusion Prevention System (HIPS) protects your system from malware and unwanted activity attempting to negatively affect your computer. HIPS utilizes advanced behavioral analysis coupled with the detection capabilities of network filtering to monitor running processes, files and registry keys. HIPS is separate from Real-time file system protection and is not a firewall; it monitors only processes running within the operating system.
HIPS Filtering can be performed in one of four modes:
• Automatic mode with rules – Operations are enabled and a set of pre-defined rules are used protect your system.
• Smart mode – User will be notified only about very suspicious events.
• Interactive mode – User will be prompted to confirm operations.
• Policy-based mode – Operations not defined by a rule can be blocked. Use this mode very carefully because ESET will block all the file, process and registry request of applications that not defined in the rules.
• Learning mode – Operations are enabled and a rule is created after each operation. Rules created in this mode can be viewed in the Rule editor, but their priority is lower than the priority of rules created manually or rules created in automatic mode. After selecting Learning mode, the Notify about learning mode expiration in X days option becomes active. After the time period defined in the Notify about learning mode expiration in X days is over, learning mode is disabled again. The maximum time period is 14 days. After this time period is over, a pop-up window will open in which you can edit the rules and select a different filtering mode.
Interactive mode
Creating all HIPS rules in Interactive mode can be extremely lengthy process. So you should use learning mode for a week or two. When you are using learning mode ESET will automatically creates HIPS rules. After two weeks you can switch to interactive mode.
HIPS Interactive mode messages
When a safe applications asks for permission then you should allow it. Be careful while denying the request of safe application, it may hinder the proper operation of the safe application.
When unknown/unsafe application asks for permission then you need to Deny the request.
HIPS Rule Editor
HIPS Filtering can be performed in one of four modes:
• Automatic mode with rules – Operations are enabled and a set of pre-defined rules are used protect your system.
• Smart mode – User will be notified only about very suspicious events.
• Interactive mode – User will be prompted to confirm operations.
• Policy-based mode – Operations not defined by a rule can be blocked. Use this mode very carefully because ESET will block all the file, process and registry request of applications that not defined in the rules.
• Learning mode – Operations are enabled and a rule is created after each operation. Rules created in this mode can be viewed in the Rule editor, but their priority is lower than the priority of rules created manually or rules created in automatic mode. After selecting Learning mode, the Notify about learning mode expiration in X days option becomes active. After the time period defined in the Notify about learning mode expiration in X days is over, learning mode is disabled again. The maximum time period is 14 days. After this time period is over, a pop-up window will open in which you can edit the rules and select a different filtering mode.
Interactive mode
Creating all HIPS rules in Interactive mode can be extremely lengthy process. So you should use learning mode for a week or two. When you are using learning mode ESET will automatically creates HIPS rules. After two weeks you can switch to interactive mode.
HIPS Interactive mode messages
When a safe applications asks for permission then you should allow it. Be careful while denying the request of safe application, it may hinder the proper operation of the safe application.
When unknown/unsafe application asks for permission then you need to Deny the request.
- To create permanent HIPS rules tick "Create rule"
- For registry related HIPS select "All registry operations"
- Click "Allow"
- To create permanent HIPS rules tick "Create rule"
- For file related HIPS select "All file operations"
- Click "Allow"
- To create permanent HIPS rules tick "Create rule"
- For process related HIPS select "All process operations"
- Click "Allow"
HIPS Rule Editor
- here you can edit the HIPS rules applied on an application
- "Action" allows user to set whether to allow or block the selected operation
- Source applications tab is the list of application on which HIPS rule will be applied
- Target files tab allows the settings of HIPS rule concerning operations on files in storage media
- Allow operations let user set select which File operation is allowed or blocked.
- Over these files allows user to select the target files on which selected operation is allowed to occur
- Ticking "use for all operations" causes allowing of all types of file operation on target files
- Target applications tab allows the settings of HIPS rule concerning operations on applications
- Allow operations allows user to select operations that is allowed or clocked on target applications
- Over these applications allows user to select target applications on which selected operations is allowed to occur
- Ticking "use for all operations" causes allowing of all types of application operation on target applications
- Target registry tab allows the settings of HIPS rule concerning operations on registry database
- Allow operations allows user to select operations that is allowed or blocked on the registry
- Over these registry allows user to select target registry entry on which selected operations is allowed to occur
- Ticking "use for all operations" causes allowing of all types of registry operation on target registry entry
FIREWALL
Filtering can be performed in one of four modes:
Automatic mode – The default mode. This mode is suitable for users who prefer easy and convenient use of the firewall with no need to define rules. However, you can also add custom, user-defined rules. Automatic mode allows all outbound traffic for the given system and blocks all new connections initiated from the network side.
Interactive mode – Allows you to build a custom configuration for your Personal firewall. When a communication is detected and no existing rules apply to that communication, a dialog window reporting an unknown connection will be displayed. The dialog window gives the option of allowing or denying the communication, and the decision to allow or deny can be remembered as a new rule for the Personal firewall. If you choose to create a new rule at this time, all future connections of this type will be allowed or blocked according to the rule.
Policy-based mode – Blocks all connections which are not defined by a specific rule that allows them. This mode allows advanced users to define rules that permit only desired and secure connections. All other unspecified connections will be blocked by the Personal firewall. Use this mode carefully because ESET will block all firewall request of applications that are not defined in the rules.
Learning mode – Automatically creates and saves rules; this mode is suitable for initial configuration of the Personal firewall. No user interaction is required, because ESET Smart Security saves rules according to predefined parameters. Learning mode is not secure, and should only be used until all rules for required communications have been created.
Firewall interactive mode alert messages
If you want more control on outgoing traffic then you can set Firewall to interactive mode.
Applications that require internet connection will request ESET firewall to allow outgoing connection. Then ESET will generate this messages asking user to take the decision.
User needs to take allow or deny decision carefully.
User should allow firewall request to only safe application.
User may Deny firewall request of some safe applications if they don't want those application to connect to internet.
User should Deny firewall request of unknown applications.
ESET provides Application publisher info and the reputation if the application which is very helpful in taking proper decision.
Automatic mode – The default mode. This mode is suitable for users who prefer easy and convenient use of the firewall with no need to define rules. However, you can also add custom, user-defined rules. Automatic mode allows all outbound traffic for the given system and blocks all new connections initiated from the network side.
Interactive mode – Allows you to build a custom configuration for your Personal firewall. When a communication is detected and no existing rules apply to that communication, a dialog window reporting an unknown connection will be displayed. The dialog window gives the option of allowing or denying the communication, and the decision to allow or deny can be remembered as a new rule for the Personal firewall. If you choose to create a new rule at this time, all future connections of this type will be allowed or blocked according to the rule.
Policy-based mode – Blocks all connections which are not defined by a specific rule that allows them. This mode allows advanced users to define rules that permit only desired and secure connections. All other unspecified connections will be blocked by the Personal firewall. Use this mode carefully because ESET will block all firewall request of applications that are not defined in the rules.
Learning mode – Automatically creates and saves rules; this mode is suitable for initial configuration of the Personal firewall. No user interaction is required, because ESET Smart Security saves rules according to predefined parameters. Learning mode is not secure, and should only be used until all rules for required communications have been created.
Firewall interactive mode alert messages
If you want more control on outgoing traffic then you can set Firewall to interactive mode.
Applications that require internet connection will request ESET firewall to allow outgoing connection. Then ESET will generate this messages asking user to take the decision.
User needs to take allow or deny decision carefully.
User should allow firewall request to only safe application.
User may Deny firewall request of some safe applications if they don't want those application to connect to internet.
User should Deny firewall request of unknown applications.
ESET provides Application publisher info and the reputation if the application which is very helpful in taking proper decision.
- To create a permanent firewall rule to allow internet connection to an application tick "Remember action" and click "Allow"
- To create a permanent firewall rule tick "Remember action" and click "Allow"
- User may allow outgoing requests for some application until it will be running in memory by ticking "temporary remember action for this process".
- You can set rule to allow outgoing connect to only specified remote ip address & port by ticking "remote computer" & "remote port".
Firewall Rule Editor
- Firewall Rule editor can be accessed from "Zone and rule editor"
- Here you can edit, add or delete firewall rules
- You may click "Toggle detailed view of all rules" to even more detailed view
- Select a firewall rule and click "Edit" to edit it
- Directions can be Out,In,Both
- Actions can be Deny or Allow
- Protocol can be TCP, UDP or TCP & UDP
- In Additional action you can tick "Log" to log all the instance of actions taken by firewall
- Local port allows user to set local port numbers which will be allowed to connect to internet by the application
- Remote port allows user to set the remote port on which application is allowed to connect
- Remote address allows user to set the remote ip address on which application is allowed to connect
PARENTAL CONTROL
The Parental control module allows you to configure parental control settings, which provide parents with automated tools to help protect their children and set restrictions for using devices and services. The goal is to prevent children and young adults from accessing pages with inappropriate or harmful content.
- To enable parental control tick "integrate into system"
- Parental Control is applied on Windows user accounts
- Click "Add" to add an user account that will be subjected to parental control
- Click "choose"
- click "advanced"
- click "Find now"
- Select the user account name
- Click "OK"
- click "OK"
- Set the age of user
- Click "OK"
- User account added and enabled
- In Parental Control -> Accounts -> Categories you can set the website categories that will be blocked
- Ticking a category will cause allowing of access to websites in that category
- Un-ticking a category will cause blocking of access to websites in that category
Adding websites in exception list
- User can add website in exception list which will be allowed or blocked, regardless of settings done in "Categories"
Last edited:
