Author Topic: HIPS sensitivity levels differences?  (Read 5271 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
HIPS sensitivity levels differences?
« on: June 16, 2015, 03:33:16 PM »
Any info on how new HIPS sensitivity settings affect the HIPS engine? Are they rather easily separated/defined or it's really hard to explain it?

I'd like to know more so I'd know what level to use and all that...
Visit my webpage Angry Sheep Blog

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS sensitivity levels differences?
« Reply #1 on: June 16, 2015, 03:57:49 PM »
And which system modifications exactly does it monitor for ?

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: HIPS sensitivity levels differences?
« Reply #2 on: June 16, 2015, 05:24:51 PM »
I also hope malicious behavior works if you uncheck unauthorized modifications checkbox. I remember avast! 5 having a bug where first one became entirely inactive if you've unchecked the second one...

I prefer this one with max sensitivity, but only with first option enabled that only monitors actual malware behavior and not potentially malicious actions that are usually mostly legit.
Visit my webpage Angry Sheep Blog

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS sensitivity levels differences?
« Reply #3 on: June 17, 2015, 02:55:39 PM »
Hi guys:)

MartinZ prommised me that one of the enigneers will provide more details about the HIPS soon.

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: HIPS sensitivity levels differences?
« Reply #4 on: June 18, 2015, 10:41:17 AM »
So far I am quite confused with this entire HIPS functionality in avast.It looks like a revived behaviour shield to me.I threw some malware at it just for fun's sake even though it's still a beta.I only saw a very few HIPS alert.I know its just a beta and they will get it working in the final.

It would be interesting to read the explaination of how this HIPS works? I don't see any advanced options for it.It monitors actual malware behaviour not suspicious ones??

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: HIPS sensitivity levels differences?
« Reply #5 on: June 18, 2015, 03:41:43 PM »
Can you test it using such settings? I think this makes the most sense as a default widely used option. I want it to only react to malware behavior and not to every suspicious thing.
Visit my webpage Angry Sheep Blog

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: HIPS sensitivity levels differences?
« Reply #6 on: June 19, 2015, 06:00:26 AM »
OK tested with beta 1 with default settings.Now I am seeing alerts.So it's not exactly a passive HIPS.It's just the old behaviour shield revisited.The only difference is around this time,it works.

ReZ,the new beta seems to be doing fine with the HIPS in default settings.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: HIPS sensitivity levels differences?
« Reply #7 on: June 19, 2015, 08:49:41 AM »
I'm interested in the above configuration. I want it to only trigger itself when malware like behavior is encountered, not on every suspicious thing...
Visit my webpage Angry Sheep Blog