- Apr 25, 2013
- 5,356
Petrovic config
- Thread starter Petrovic
- Start date
- Apr 25, 2013
- 5,356
Eset Smart Security 7 (Advanced settings HIPS)
Setting change request HOSTS file
Open antivirus, go to Settings
Select Computer - HIPS. Next - Configure rules - Create.
Create the following rule: The final files - Operations - Delete the file, write to file - notify the user checked, the rule is active, Action - request.
On these files:
C: \ Windows \ System32 \ drivers \ etc \ hosts
Protecting hard disk MBR
Action - "Request"
On the "destination file":
- In the "Operations" to include a tick "Direct access to the disk."
On these files
Valid for all
Other parameters
Notify Users
Click "OK".
Protecting System registry entries.
Name - any
Action - "Request" (or "Block" if, immediately configure all the exceptions for trusted applications; exceptions are added to the tab "Source Applications"
In the "final roster":
- In the "Operations" to include a tick "Use for all operations";
- In the "Above these registry entries" click "Add" and then alternately add to the list the following registry path:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ userinit.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ explorer.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ *
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ DataBasePath
HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ *
HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce \ *
HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ *
To lock / change request settings TCP / IP:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ Interfaces \ *
To protect the security policy IP:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ IPSec \ *
To lock / write request blocking static routes:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ PersistentRoutes \ *
To lock / query run blocking ESET through debuggers:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ egui.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ ekrn.exe \ *
Click "OK".
To protect against winlock
Configure rules - Create.
Must in turn create the following rules (final roster - Operations - Use for all operations
checked to notify the user, the rule is active, Action - block)
Above these registry entries:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Userinit
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Shell
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ userinit.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ explorer.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe \ *
- Nov 15, 2012
- 1,765
Nice HIPS Config, I like it, Really untill now i am not good at configuring HIPS, but now i will try this out.
- Apr 25, 2013
- 5,356
Will be plenty of pop-ups, requires an understanding for a decision.
These settings can be supplemented its rules.
- Nov 15, 2012
- 1,765
Petrovic, Can you make a video on how to configure HIPS detailed.
- Apr 25, 2013
- 5,356
- Oct 23, 2012
- 12,527
Love ESS 7 on Windows 8.1 !! Thanks for sharing your config 
- Apr 25, 2013
- 5,356
Mazhar
New Member
- Jun 30, 2014
- 9
Petrovic ESS config is like loading the dice against all the possible bad things that can happen to your system. Hope they work.
But in reality, ESET firewall has not passed the leak tests though it's good against port scans. I'm testing Agnitum Outpost Firewall versus ESS and still not able to reconcile to the public acclaim for ESS firewall. Outpost Firewall seems to have an edge over ESS. If you really wanna harden ESS, I suggest you also install seconfig.exe and configure according to your choice so that system and port vulnerabilities missed by ESS are plugged properly.
Seconfig XP is a damn good FREE network hardening tool for configuring mostly hidden Windows 2000/XP/2003 (and probably up) settings. With this tool it is easy to adjust Windows to relatively VERY SECURE hacker-proof network security level.It's got these:
1. Restrict Microsoft Networks
2. Services settings
3. TCP/IP settings
4. Disable NetBIOS over TCP/IP (all adapters)
5. Disable SMB over TCP/IP
6. Disable RPC over TCP/IP
7. NetBIOS Scope ID
8. Disable Remote Registry service
9. Disable Messenger service
[Note: The Messenger service is not related to Windows Messenger or MSN Messenger].
10. Disable SSDP Discovery Service service
11. Do not start IPSEC Services service automatically
12. Drop all incoming IP source routed packets
13. Disable automatic detection of "dead" gateways
14. Disable IRDP (all interfaces)
15. Disable ICMP redirect
16. Enable strict ARP table update
17. Accept responses only from queried DNS servers
18. Disable ports 1025 to N
Configure the app to suit your VPN or home/network use settings and lock it up Seconfig XP in
Easy File Locker v1.5.0, which is yet another FREE folder and file locking application. Now, no malware can touch your TCP/IP settings and browse happily with gusto. I closed all my TCP and UDP 135-139 ports,especially NetBios ones and these two apps have really hardened my ESS. Try!
- Apr 25, 2013
- 5,356
Back to the Future?
LAST UPDATED - November 1st, 2006
This is not true
You have configure it
Mazhar
New Member
- Jun 30, 2014
- 9
ESET FAILS FIREWALL LEAK TEST
Please go to https://www.grc.com/lt/leaktest.htm and test ESS firewall.
Alternatively, one can download 'Firewall leak Test' at https://www.grc.com/files/leaktest.exe
Except Zonealarm Firewall, all other firewalls including ESS 8 FAILED the firewall leak test in the auto pilot mode.
Here is my result for ESS 8 in auto configured mode:
In the auto configured mode, which most of the ESET users tick for, the RPC DCom, NetBios and UPnP ports are OPEN, thereby spurring the hacker to probe further even if the firewall shows it as STEALTH or CLOSED. Hackers by instinct dig further to really see you are CLOSED or SEEMINGLY CLOSED.
ESS auto configured mode is FLAWED!
I plugged my ESS 8 fortress with Seconfig XP though the ESS 8 was configured by me for max shield following tips given in this website forums.
Please go to https://www.grc.com/lt/leaktest.htm and test ESS firewall.
Alternatively, one can download 'Firewall leak Test' at https://www.grc.com/files/leaktest.exe
Except Zonealarm Firewall, all other firewalls including ESS 8 FAILED the firewall leak test in the auto pilot mode.
Here is my result for ESS 8 in auto configured mode:
In the auto configured mode, which most of the ESET users tick for, the RPC DCom, NetBios and UPnP ports are OPEN, thereby spurring the hacker to probe further even if the firewall shows it as STEALTH or CLOSED. Hackers by instinct dig further to really see you are CLOSED or SEEMINGLY CLOSED.
ESS auto configured mode is FLAWED!
I plugged my ESS 8 fortress with Seconfig XP though the ESS 8 was configured by me for max shield following tips given in this website forums.
- Sep 22, 2016
- 211
Hi Petrovic, I know your post is 3 years old but maybe you still use ESET and have tweaked your HIPS settings?
- Nov 15, 2016
- 867
Gotta love the low impact of Webroot. Might not be the best but for someone that knows what their doing then its good enough.
Nice Config.
Nice Config.
Looks good! I use Webroot and Voodooshield! Impenetrable and light
Similar threads
