App Review NOD32 Antivirus 10.0 HIPS Re-test using all HIPS modes (Still no good)

[RejZoR]

LINK TO THE ORIGINAL NOD32 TEST VIDEO:


Ok, I've made a disclaimer that using NOD32 in such a way doesn't represent a typical usage scenario, but NOD32's HIPS system still failed to impress me. Smart Mode did slightly better, at least showing some popups, but still not really doing much. Policy-based Mode and Interactive basically entirely locked up the VM, making test impossible. Think whatever you want, but this didn't impress me at all and even if such usage isn't intended, the program allows it and it's very bad at it (especially considering it made system unbootable and in second instance unusable).

 

[LoveGamers]

Interesting, I'm a nooby when it comes to this stuff, but if this is the case why did it score so high in the AV comparatives test?

https://www.av-comparatives.org/wp-content/uploads/2016/12/avc_prot_2016b_en.pdf

 

[RejZoR]

Interesting, I'm a nooby when it comes to this stuff, but if this is the case why did it score so high in the AV comparatives test?

https://www.av-comparatives.org/wp-content/uploads/2016/12/avc_prot_2016b_en.pdf

As explained in the video, I was focusing on HIPS alone. Clearly, HIPS isn't a stand alone protection system, it's more of a helper to the rest of protection modules. We already know NOD32 has one of the most advanced file heuristics and it had them for ages. But we didn't know anything about HIPS and that's what I've tested. This doesn't mean NOD32 is bad, it just means HIPS in particular isn't exactly strong or smart solution.

 

[LoveGamers]

As explained in the video, I was focusing on HIPS alone. Clearly, HIPS isn't a stand alone protection system, it's more of a helper to the rest of protection modules. We already know NOD32 has one of the most advanced file heuristics and it had them for ages. But we didn't know anything about HIPS and that's what I've tested. This doesn't mean NOD32 is bad, it just means HIPS in particular isn't exactly strong or smart solution.

Ah! thanks for elaborating more!

Sorry, I'm still new to this security stuff

 

[jamescv7]

@LoveGamers

Simply because the test in AV-Comparatives is mainly focus on static and dynamic using signatures, heuristics and generic detections.

HIPS, BB and others are not counted due to user interactions.

But regardless, ESET should inspire to see the whitepaper of Comodo on how HIPS should beuave effectively.

 

[Deleted member 2913]

Eset modules/features are kinda tightly rely on each other.

If I remember correctly, on Wilders, users were talking about Eset LiveGrid And it seems if you disable web protection or HTTPS scan, you lose some cloud functions or advantage for realtime protection (File Shield).

 

[Stas]

He should have used learning mode first to automatically create rules and run all installed programs like Process Explorer and Internet Explorer then reboot and test Interactive mode or Policy-based mode.