- Mar 23, 2015
- 555
version: ESET Antivirus 9.0.349.15 (32-bit)
HIPS mode: Automatic Mode
Now I have established a all-ask rule like this:
Rule Name: 1 - Ask All
Source: All Applications
Target: All Applications
Action: Ask
Application Operation: Modify state of another application
I have also created another rule which allows chrome.exe to modify itself:
Rule Name: 2 - Example Allow Chrome
Source: %ChromePath%\chrome.exe
Target: %ChromePath%\chrome.exe
Action: Allow
Application Operation: Modify state of another application
Note that without Rule 2, I will get an alert generated by Rule 1 each time when I open chrome. So, it is easy to verify whether Rule 2 works or not.
Now the problem is that, in some cases, with Rule 2 enabled, ESET still alerts me that chrome.exe is trying to modify the state of chrome.exe. This implies that in a few cases, Rule 2 does not work.
This is only one example. In fact, ESET also generates such kind of alerts for applications that have also been whitelisted with rules similar with Rule 2. Please note that this problem also happens to the Block rules.
To sum up, I think, in some cases, some of the ESET HIPS rules do not work. I have not found a way to definitely reproduce this issue, so I have not submitted it to the customer service.
Have anyone here also seen this problem ever?
HIPS mode: Automatic Mode
Now I have established a all-ask rule like this:
Rule Name: 1 - Ask All
Source: All Applications
Target: All Applications
Action: Ask
Application Operation: Modify state of another application
I have also created another rule which allows chrome.exe to modify itself:
Rule Name: 2 - Example Allow Chrome
Source: %ChromePath%\chrome.exe
Target: %ChromePath%\chrome.exe
Action: Allow
Application Operation: Modify state of another application
Note that without Rule 2, I will get an alert generated by Rule 1 each time when I open chrome. So, it is easy to verify whether Rule 2 works or not.
Now the problem is that, in some cases, with Rule 2 enabled, ESET still alerts me that chrome.exe is trying to modify the state of chrome.exe. This implies that in a few cases, Rule 2 does not work.
This is only one example. In fact, ESET also generates such kind of alerts for applications that have also been whitelisted with rules similar with Rule 2. Please note that this problem also happens to the Block rules.
To sum up, I think, in some cases, some of the ESET HIPS rules do not work. I have not found a way to definitely reproduce this issue, so I have not submitted it to the customer service.
Have anyone here also seen this problem ever?