User guide
36
as delivered by the vendor.
Tip: In order to figure out the parameters of a device, create an allowing rule for the appropriate type of devices,
connect the device to your computer and then check the device details in the Device control log.
Rules can be limited to certain users or user groups by adding them to the User list:
Add – Opens the Object type: Users or Groups dialog window that allows you to select desired users.
Delete – Removes the selected user from the filter.
Note that not all devices can be limited by user rules, (for example imaging devices do not provide information
about users, only about invoked actions.)
4.1.4 HIPS
Host-based Intrusion Prevention System (HIPS) protects your system from malware and unwanted activity
attempting to negatively affect your computer. HIPS utilizes advanced behavioral analysis coupled with the
detection capabilities of network filtering to monitor running processes, files and registry keys. HIPS is separate
from Real-time file system protection and is not a firewall; it monitors only processes running within the operating
system.
HIPS settings are located in Advanced setup (F5). To access HIPS in the Advanced setup tree, click Computer > HIPS.
The HIPS state (enabled/disabled) is displayed in the ESET Smart Security main window, in the Setup pane on the
right side of the Computer section.
Warning: Changes to HIPS settings should only be made by an experienced user.
ESET Smart Security has built-in Self-defense technology that prevents malicious software from corrupting or
disabling your antivirus and antispyware protection. Self-defense protects files and registry keys considered crucial
to the function of ESET Smart Security and ensures that potentially malicious software has no privileges to make any
modifications to these locations.
Changes to the Enable HIPS and Enable Self-defense settings will take effect after Windows is restarted. Disabling
the HIPS system also requires a computer restart to take effect.
Exploit Blocker is designed to fortify commonly exploited application types such as web browsers, PDF readers,
email clients and MS Office components. Read more about this type of protection in the glossary.
Advanced memory scanner works in combination with Exploit Blocker to strengthen protection against malware that
has been designed to evade detection by antimalware products through the use of obfuscation and/or encryption.
Read more about this type of protection in the glossary.
HIPS Filtering can be performed in one of four modes:
Automatic mode with rules – Operations are enabled and a set of pre-defined rules are used protect your system.
Smart mode – User will be notified only about very suspicious events.
Interactive mode – User will be prompted to confirm operations.
Policy-based mode – Operations not defined by a rule can be blocked.
Learning mode – Operations are enabled and a rule is created after each operation. Rules created in this mode can
be viewed in the Rule editor, but their priority is lower than the priority of rules created manually or rules created
in automatic mode. After selecting Learning mode, the Notify about learning mode expiration in X days option
becomes active. After the time period defined in the Notify about learning mode expiration in X days is over,
learning mode is disabled again. The maximum time period is 14 days. After this time period is over, a pop-up
window will open in which you can edit the rules and select a different filtering mode.
The HIPS system monitors events inside the operating system and reacts accordingly based on rules similar to the
rules used by the personal firewall in ESET Smart Security. Click Configure rules... to open the HIPS rule
management window. Here you can select, create, edit or delete rules.
In the following example, we will demonstrate how to restrict unwanted behavior of applications: