User guide
Table Of Contents
- ESET NOD32 Antivirus 6
- Installation
- Beginner's guide
- Work with ESET NOD32 Antivirus
- Computer
- Web and email
- Updating the program
- Tools
- User interface
- Advanced user
- Glossary
32
Note: Filtering parameters in all text fields are handled case-sensitive and no wildcards (*, ?) are supported. They have
to be written exactly as delivered by the vendor. Click the Populate with connected device parameters... option to
choose/fill with removable media device parameters for devices connected to your computer.
Rights
Deny access – Access to the device will not be granted. A device blocking information window will appear when an
attempt to access a device will be performed.
Read – User can read files from a given removable media.
Read and write – Full control over the removable media.
User
Add – Opens the Object type: Users or Groups dialog window, that allows you to select desired users.
Remove – Removes the selected user from the filter.
4.1.3 Host-based Intrusion Prevention System (HIPS)
Host-based Intrusion Prevention System (HIPS) protects your system from malware and unwanted activity
attempting to negatively affect your computer. HIPS utilizes advanced behavioral analysis coupled with the detection
capabilities of network filtering to monitor running processes, files and registry keys. HIPS is separate from Real-time
file system protection and is not a firewall; it monitors only processes running within the operating system.
HIPS settings are located in Advanced setup (F5). To access HIPS in the Advanced setup tree, click Computer > HIPS.
The HIPS state (enabled/disabled) is displayed in the ESET NOD32 Antivirus main window, in the Setup pane on the
right side of the Computer section.
Warning: Changes to HIPS settings should only be made by an experienced user.
ESET NOD32 Antivirus has built-in Self-defense technology that prevents malicious software from corrupting or
disabling your antivirus and antispyware protection.
Changes to the Enable HIPS and Enable Self-defense settings will take effect after Windows is restarted. Disabling the
HIPS system also requires a computer restart to take effect.
HIPS Filtering can be performed in one of four modes:
Automatic mode with rules – Operations are enabled and a set of pre-defined rules are used protect your system.
Interactive mode – User will be prompted to confirm operations.
Policy-based mode – Operations not defined by a rule can be blocked.
Learning mode – Operations are enabled and a rule is created after each operation. Rules created in this mode can
be viewed in the Rule editor, but their priority is lower than the priority of rules created manually or rules created in
automatic mode. After selecting Learning mode, the Notify about learning mode expiration in X days option
becomes active. After the time period defined in the Notify about learning mode expiration in X days is over,
learning mode is disabled again. The maximum time period is 14 days. After this time period is over, a pop-up
window will open in which you can edit the rules and select a different filtering mode.
The HIPS system monitors events inside the operating system and reacts accordingly based on rules similar to the rules
used by the personal firewall in ESET Smart Security. Click Configure rules... to open the HIPS rule management
window. Here you can select, create, edit or delete rules.
In the following example, we will demonstrate how to restrict unwanted behavior of applications:
1. Name the rule and select Block from the Action drop-down menu.
2. Open the Target applications tab. Leave the Source applications tab blank to apply your new rule to all
applications attempting to perform any of the selected operations in the Operations list on applications in the Over
these applications list.
3. Select Modify state of another application (all operations are described in product help, which can be accessed by
pressing F1).
4. Add one or several applications you wish to protect.
5. Select the Notify user check box to display a notification any time that a rule is applied.
6. Click OK to save the new rule.