Author Topic: HIPS sensitivity levels differences?  (Read 4057 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9336
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
HIPS sensitivity levels differences?
« on: June 16, 2015, 03:33:16 PM »
Any info on how new HIPS sensitivity settings affect the HIPS engine? Are they rather easily separated/defined or it's really hard to explain it?

I'd like to know more so I'd know what level to use and all that...
Visit my webpage Angry Sheep Blog

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS sensitivity levels differences?
« Reply #1 on: June 16, 2015, 03:57:49 PM »
And which system modifications exactly does it monitor for ?

Greetz, Red.
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9336
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: HIPS sensitivity levels differences?
« Reply #2 on: June 16, 2015, 05:24:51 PM »
I also hope malicious behavior works if you uncheck unauthorized modifications checkbox. I remember avast! 5 having a bug where first one became entirely inactive if you've unchecked the second one...

I prefer this one with max sensitivity, but only with first option enabled that only monitors actual malware behavior and not potentially malicious actions that are usually mostly legit.
Visit my webpage Angry Sheep Blog

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS sensitivity levels differences?
« Reply #3 on: June 17, 2015, 02:55:39 PM »
Hi guys:)

MartinZ prommised me that one of the enigneers will provide more details about the HIPS soon.

Greetz, Red.
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: HIPS sensitivity levels differences?
« Reply #4 on: June 18, 2015, 10:41:17 AM »
So far I am quite confused with this entire HIPS functionality in avast.It looks like a revived behaviour shield to me.I threw some malware at it just for fun's sake even though it's still a beta.I only saw a very few HIPS alert.I know its just a beta and they will get it working in the final.

It would be interesting to read the explaination of how this HIPS works? I don't see any advanced options for it.It monitors actual malware behaviour not suspicious ones??
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9336
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: HIPS sensitivity levels differences?
« Reply #5 on: June 18, 2015, 03:41:43 PM »
Can you test it using such settings? I think this makes the most sense as a default widely used option. I want it to only react to malware behavior and not to every suspicious thing.
Visit my webpage Angry Sheep Blog

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: HIPS sensitivity levels differences?
« Reply #6 on: June 19, 2015, 06:00:26 AM »
OK tested with beta 1 with default settings.Now I am seeing alerts.So it's not exactly a passive HIPS.It's just the old behaviour shield revisited.The only difference is around this time,it works.

ReZ,the new beta seems to be doing fine with the HIPS in default settings.
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9336
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: HIPS sensitivity levels differences?
« Reply #7 on: June 19, 2015, 08:49:41 AM »
I'm interested in the above configuration. I want it to only trigger itself when malware like behavior is encountered, not on every suspicious thing...
Visit my webpage Angry Sheep Blog