Author Topic: HIPS pop-up  (Read 5166 times)

0 Members and 1 Guest are viewing this topic.

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
HIPS pop-up
« on: June 19, 2015, 01:39:19 PM »
I have changed the HIPS sensitivity to two bars, and got my first pop-up screen.
But :

- There is no choice to make.
- You can't pin the pop-up.

And where can we find the log ?

Greetz, Red.
« Last Edit: June 19, 2015, 02:05:23 PM by Rednose »
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: HIPS pop-up
« Reply #1 on: June 19, 2015, 01:56:11 PM »
This is really weird.I had the same problem.Did avast block it? I seriously don't understand what's going on?

I think if this is going to be another behaviour shield then its going to be another useless addition if it doesn't help in protection.
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS pop-up
« Reply #2 on: June 19, 2015, 02:08:49 PM »
Did avast block it?

Sorry, I didn't realise the pop-up was is Dutch, but Avast blocked it.
I changed the language to English, and now got a second pop-up.

Greetz, Red.

« Last Edit: June 19, 2015, 02:10:45 PM by Rednose »
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS pop-up
« Reply #3 on: June 19, 2015, 02:19:12 PM »
Wow ... really :o :-\

Greetz, Red.
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: HIPS pop-up
« Reply #4 on: June 19, 2015, 02:24:18 PM »
Its really confusing? First it was user-interactive and now it becomes automated.Now what's next? The thing becomes silent and passive like the old behavour shield.  ???
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS pop-up
« Reply #5 on: June 19, 2015, 02:33:16 PM »
Yes, it is very confusing.

But I made a  system image before I installed the Beta. And also one this morning before I changed the sensitivity.
So I don't matter what happens ;)

Greetz, Red.
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS pop-up
« Reply #6 on: June 20, 2015, 05:07:22 AM »
Testing with HIPS sensitivity on three bars now.

The difference in pop-ups :

Greetz, Red.
« Last Edit: June 20, 2015, 05:17:13 AM by Rednose »
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: HIPS pop-up
« Reply #7 on: June 20, 2015, 05:26:33 AM »
This is weird.Were the pop-ups asking you questions? Or was it straight forward blocking?
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS pop-up
« Reply #8 on: June 20, 2015, 05:36:04 AM »
The first pop-up on level 2 is staight forward blocking.
The second pop-up on level 3 is asking. "Allow" is the default choice, and you can also choose "Deny".

Greetz, Red.

« Last Edit: June 20, 2015, 01:21:43 PM by Rednose »
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9328
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: HIPS pop-up
« Reply #9 on: June 20, 2015, 09:21:11 AM »
So, levels aren't sensitivity, they just signify how avast! deals with fixed detections. I mean, same thing gets detected, it's just how it presents that to the user. On lower levels it blocks it directly, on higher levels, it asks the user what to do. Though sensitivity could still be hidden below all that...
Visit my webpage Angry Sheep Blog

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS pop-up
« Reply #10 on: June 20, 2015, 01:18:35 PM »
Strange is also that there is no option to "remember" your decision.
So you get the same pop-up(s) over and over again.

Greetz, Red.

OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline warlock

  • Jr. Member
  • **
  • Posts: 45
Re: HIPS pop-up
« Reply #11 on: June 20, 2015, 02:33:50 PM »
Blocking consent.exe huh? Bright idea. I would have expected it to be smart enough to ignore important system processes, at least if they have a valid digital signature. And with no option to remember user decisions, it looks like another useless addition that I will have to turn off.

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: HIPS pop-up
« Reply #12 on: June 22, 2015, 01:52:30 AM »
Hi guys :)

I am definitely no expert, and I am only posting my observations.
I am testing here with HIPS sensitivity on three bars.

When I run "HostMan" ( a program to update/edit the HOSTS file ), I get the first pop-up ( and Allow it ).
When I run "HostMan" as Administrator, I get the second pop-up ( and Allow it ).

Now when I exit "Hostman" ( checked in Task Manager ) and run it again, I don't get the first pop-up again.
But when I run it as Administrator again, I also get the second pop-up again.

Untill ( regarding the first pop-up ) I reboot.

Greetz, Red.


« Last Edit: June 22, 2015, 02:01:44 AM by Rednose »
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor