- Jul 3, 2015
- 8,153
The dev says he is very close to a stable release. There is no ETA, and even if there was, Andreas is notorious for not keeping his ETAs...
Oops, I see that @Chimaira already answered this question...
NoVirusThanks OSArmor
- Thread starter Evjl's Rain
- Start date
Oops, I see that @Chimaira already answered this question...
- Sep 26, 2014
- 2,973
- Apr 1, 2017
- 1,782
There was a conflict between OSarmor and Eset hips(interactive mode) but fixed.
I only have one problem:
Time;Application;Operation;Target;Action;Rule;Additional information
11/02/2018 06:51:05;C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevSvc.exe;Get access to another application;C:\Program Files\ESET\ESET Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
This issue still exists.
I only have one problem:
Time;Application;Operation;Target;Action;Rule;Additional information
11/02/2018 06:51:05;C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevSvc.exe;Get access to another application;C:\Program Files\ESET\ESET Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
This issue still exists.
- Sep 26, 2014
- 2,973
@Sunshine-boy thank you for the information.
I hope in the next releases this will be solved.
I hope in the next releases this will be solved.
- Jul 3, 2015
- 8,153
I think the issue will only affect you if you are in ESET interactive mode. Most people don't use that mode. @Sunshine-boy can tell you better, he is an ESET expert.
- Apr 1, 2017
- 1,782
No, i don't use Eset hips anymore! tired
its on automatic mode.
its on automatic mode.
- Sep 26, 2014
- 2,973
Right now i am using HIPS in Interactive Mode.
But i think i will switch to Policy Based Mode, lees pop ups from Interactive Mode
But i think i will switch to Policy Based Mode, lees pop ups from Interactive Mode
- May 8, 2017
- 536
From my experience, after running ESET HIPS in interactive mode, ended up reinstalling Windows
- Dec 23, 2014
- 8,510
In fact, the apples and bananas have much in common from the biologist point of view. So, you gave a good example how VoodooShield and OSArmor can be compared (on the low level).
- Jan 16, 2017
- 1,469
Do you need Eset HIPS when you use ReHIPS? ReHIPS' HIPS is said to be different from other HIPS software, is there conflicts when you used both Eset HIPS and ReHIPS together?No, i don't use Eset hips anymore! tired
Edit: Rather than the word "need", I should say if its worth running both ReHIPS and Eset HIPS together.
Last edited:
- Apr 1, 2017
- 1,782
You surely did some mistakes cuz i never had such problem.
I use SUA Acc with UAC max plus Andy tool so for every alert I have to enter that ugly admin password:notworthy: but everything works well. no crash, bug, and BSOD.
tonibalas policy mode is good and you can lock down the windows with it but it only works if you train the hips in learning mode and the learning mode is broken.
like the browser wants to access C:\folder xxx but the Hips allow the whole harddisk access for the browser in learning mode! I meant it doesn't create particular rules for the process and just allows everything
idk if there is a hip that creates rules like the way I want? guess no...later when someone wants to hack your browser from outside of your computer he is allowed to do whatever he wants
maybe I'm an idiot xd but this is how I think:/
- Aug 17, 2014
- 11,101
All people seems to have always different opinions in the forums, it would be nice if you want to explain why we cannot comparing both products ?
- Sep 26, 2014
- 2,973
@Sunshine-boy i don't this how Learning Mode works.
A few months back when i had Eset on Policy Mode and i tried to access something i went HIPS to allow it because
there wasn't an Allow Rule for it.
If you don't like Learning mode you can set from the Beggining Policy Mode and everything you want to access you have to allow it first.
It's like Interactive Mode but with less pop ups.
Anyway as i said this issue with the HIPS will be solved so i can use OSA alongside Eset
A few months back when i had Eset on Policy Mode and i tried to access something i went HIPS to allow it because
there wasn't an Allow Rule for it.
If you don't like Learning mode you can set from the Beggining Policy Mode and everything you want to access you have to allow it first.
It's like Interactive Mode but with less pop ups.
Anyway as i said this issue with the HIPS will be solved so i can use OSA alongside Eset
- Jul 3, 2015
- 8,153
Instead of ugly admin password, on Windows 10 you can set a 4 digit pin.You surely did some mistakes cuz i never had such problem.
I use SUA Acc with UAC max plus Andy tool so for every alert I have to enter that ugly admin password:notworthy: but everything works well. no crash, bug, and BSOD.
tonibalas policy mode is good and you can lock down the windows with it but it only works if you train the hips in learning mode and the learning mode is broken.
like the browser wants to access C:\folder xxx but the Hips allow the whole harddisk access for the browser in learning mode! I meant it doesn't create particular rules for the process and just allows everything
later when someone wants to hack your browser from outside of your computer he is allowed to do whatever he wants
- Jul 3, 2015
- 8,153
Voodooshield includes anti-exe, so that makes it very different from OSA.
OSA rules are highly customizable, so that makes it a little bit different from Voodoo.
Well, it shines a light on the weakness of VooodooShield.
Even with the alert, the Ai score will be in the good area, hardly anything. Yet the binary will be malicious.
VoodooShield cannot detect everything bad but it at-least demonstrated how static Ai scanning can be fooled/circumvented.
You're right about VirusTotal, I remember doing this with my previous testing with it.
- Jul 3, 2015
- 8,153
Good points. So even if Voodoo is in smart mode or always on mode, thus it will show a prompt in this case, the user should think twice before allowing it, and not blindly rely on the low Ai result. Ai can be fooled. And if the malware sample is totally new, even the VirusTotal score will be zero. Caveat user.
Last edited:
- Jul 3, 2015
- 8,153
If you use ReHIPS as intended, there is no reason to use another HIPS along with it. Maybe it will conflict, and maybe not, but it is surely unnecessary.
Yeah! That is exactly my point
VoodooAi still works though, and a lot of malicious software nowadays is packed, I've seen a lot of UPX lately over other packers like Themida in the wild... VoodooAI takes into account factors like the entropy level, so it will still flag a lot of malware.
On that note, a lot of malware authors are not just going to change overnight and adapt to fooling static Ai systems, because they prefer to rely on techniques like packing. The logic behind it is that they will be trying to fool AV solutions, which while are vulnerable to static scan evading via techniques like packing (prevent hash checksum and standard generic signatures), although they don't understand that some AVs have good memory scanning anyway so it will be defeated regardless. VoodooShield isn't a priority to malware authors, so the only time you're likely to see such Ai fool tricks is in PoC testing for the next 1-2 or more years. AVs are the goal of interest to malware authors, not projects like VoodooShield. Which is also a benefit to those who currently use it.
Last edited by a moderator:
- Apr 1, 2017
- 1,782
Deletedmessiah Rehips HIPS is very light and don't cover many operations While Eset HIPS is a very paranoid tool.:notworthy: the time I was using them together Eset couldn't monitor the command lines but I asked this feature and they added this to Hips module!now Eset can monitor commands(only monitor).
The good thing with Eset is they listen to their users(but also ignore you)
I don't need Rehips anymore but if you want a sandbox then Rehips can works with Eset without any problem.
The good thing with Eset is they listen to their users(but also ignore you
)I don't need Rehips anymore but if you want a sandbox then Rehips can works with Eset without any problem.
Similar threads
