Jump to content

Marcos

Administrators
  • Content Count

    16,464
  • Joined

  • Last visited

  • Days Won

    703

Everything posted by Marcos

  1. It makes no sense to display current PID for a process in the rule editor as it's different each time a process starts.
  2. Exactly. Because my experience is quite different and I see ESET protecting users from zero-day threats perfectly (btw, many of them are usually not detected by other AVs at VT). I'd like to comment on concrete malware samples that ESET didn't protect you from rather than speculate about unknown comments.
  3. Don't know where you heard that but that's obviously not true. HIPS coupled with Advanced memory scanner and Exploit blocker monitors the behavior of running processes. Also Live Grid substantially increases response to new threats. This is something that cannot be seen at Virus Total. Let's take the recent Filecoder.DA (aka CTB Locker) outbreaks. While it's been silence in ESET forums about infections, the forum of another technically advanced product was full of complaints of users who got their systems infected and files irreversibly encrypted. Instead of rumors, please give us some facts that can be verified (e.g. hashes of malware that wasn't properly detected).
  4. There's an internal logic that evaluates rules. E.g. blocking rules are stronger than allowing rules and more specific rules (e.g. bound to a port or IP address) take precedence over general rules. This will change in v9 where rules will be evaluated in the order they appear in the list like it works in the recently released ESET Endpoint Security v6 for business users.
  5. Deny where? It appears only in interactive mode of firewall and HIPS but selecting Deny automatically would not only render interactive mode useless but would also cause too many troubles if every action/communication was denied without asking the user.
  6. There are tons of applications besides the operating system itself which write into that folder. You can redirect the system temporary folder by adjusting the system temp / tmp variables. As for user temporary folders, you'd need to redirect user profiles folder. Personally I don't know anybody with SSD drives who would do that just to minimize writing to a SSD drive. I too use SSD in a notebook and 2 computers with default temp folder settings.
  7. Smart mode in HIPS is indeed what you're looking for. By default, internal self-defense HIPS rules have always blocked potentially dangerous operations. HIPS is not a magic thing that would block 100% of malicious operations and no legitimate operations.
  8. V8 beta already has a Smart mode which will be a sort of interactive mode with prompt windows reduced to the bare minimum once finished as it's still being worked on.
  9. It's still there. If a potentially unsafe or unwanted application is detected, you just unfold the advanced options and check the "Exclude from detection" box.
  10. ESET uses a strong web protection instead of dedicated plugins. Thanks to this, the scanner works independently and can check even the communication of potentially running malware, block the payload and thus prevent further damage.
  11. Enhanced hardrive protection Enhanced motherboard protection ??? Protection against dust or what? I understand we shouldn't take everything seriously and make fun from time to time but please be serious when posting suggestions as this is not the right place for fun.
  12. Ehm, ESET Online Scanner is just a simple on-demand scanner. It won't use sandbox or whatever to protect you from malware in real-time or when browsing on the web. Its purpose is to scan the computer for known malware in the same way as the on-demand scanner integrated in ESET's products does.
  13. It's already there - quick scan of all drives = Smart scan. Quick scan of the stuff loaded in memory = startup scan or selecting Operating memory as a target in the on-demand scanner setup. Boot scan = startup scan. Custom scan=custom scan.
  14. If you want to allow certain PUA, exclude it from detection by unfolding advanced options and checking the appropriate box, then click No action. The PUA won't be detected the next time you access it on a disk.
  15. To name the recently introduced technologies: Advanced memory scanner, Exploit blocker, Vulnerability shield, LiveGrid (instant cloud blocking), continually improved advanced heuristics in terms of detection and performance. As you can see, ESET puts a lot of effort into technologies that bring actual benefits to users. Developing each technology takes a lot of resources and time. The number of features doesn't matter; what matters is how good protection, safety (false positives) and footprint a security product can offer. Introducing 20-30 or more new features not bringing any actual benefits for users would be wasting of time and resources. If you think that ESET lacks protection against some kind of malware or other threats, please let us know and we'll look into it.
  16. There are too many points to answer separately. As you wrote, some things are already in the product (e.g. drivers and ekrn.exe starts as soon as possible, Linux-based LiveRescue not requiring AIK, etc.) and most of the rest are ideas that would make the products unnecessarily bloated or they are not good or safe ideas (e.g. ESET cannot remove PUAs automatically by default for legal and safety reasons) and ESET won't include them in future versions of the products.
  17. Unfortunately, it's not clear what you mean. With Smart optimization and LiveGrid enabled, (automatically) whitelisted files are omitted from scanning.
  18. Still it's not clear what he means. Files bigger than 4 MB are emulated. Whitelisted or cached files are skipped during a scan. Local cache has been in place since v5 Of course, other AVs may scan files faster either because they don't unpack or emulate them as deeply as ESET's advanced heuristics does. On one hand, this approach may result in slightly quicker scans but on the other hand it would either miss a lot of new malware or produce false positives.
  19. It's been known for decades of years that there's nothing like 100% protection against all existing and future threats. Any constructive suggestions or ideas are welcome so please try to be more realistic.
  20. Nobody else has reported this issue. It could be caused by insufficient permissions when saving the configuration to a file.
  21. It's possible to exclude particular urls under Web protection -> URL address management.
×
×
  • Create New...