Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Patch

  1. I use interactive firewall mode. You do not need a large rule set and it does not appreciably slow ESS down. You will get notifications when an application starts accessing the internet (recently installed or otherwise). If this is not what you want, then don't use interactive mode. Rules can be a specific or general as you want. A relatively easy way of generating specific rules is to get ESS to remember and allow each specific attempt during a "training phase". Then look a the rules generated and create general rules covering all likely use requirements (using lists, ranges, and masks as appropriate). You will find similar applicatons need similar access (web browsers, email clients, office applications etc). As I do not have that many applications, it isn't actually as hard as it sounds.
  2. Similar to HIPS smart mode, I use interactive firewall because it increaseses security and lets me know if programs start calling home. It does increase the initial setup time, so is less hassle free though.
  3. I assume you mean if user A is logged onto their account, ESET works in interactive mode but if user B is logged onto their account on the same computer, ESET works in policy mode. I do not think that is going to work as the software firewall filters transmissions over the computer commuinication channels, not users comminicating task. Including system tasks and no application, thus working at a higher level than the subset of tasks a particular user is currently running. Probably the best you can do is leave the computer in policy mode most of the time. When user A logs on to the computer they change ESET to interactive mode and change it back when loggin off (or at least when updating ESET).
  4. I find the ability to control which application have internet access useful. My router has a firewall but I'm not that impressed with it and suspect malware would get through it. So PC level firewall adds some extra protection. No all of my computers remain behind said firewall. The extra protection offered by the suite may help However I don't find ESET spam filtering useful as I don't run outlook and where I do it is more likely to conflict with requirements than help I haven't bothered to set up Anti theft as most my computers do not have a camera.
  5. I doubt this is true. Learning mode expires after 2 weeks However if you want to tighten up the rules and understand what is happening I would also advise interactive mode with a clean install. You can make the rules as specific as you like to start with (open up the advanced tab and limit ports and message type). You can then edit the rules to create generalise rules relatively easily. I have then documented my prefered rules, which makes it easier to apply to other computers or after clean re install for any other reason. I may be wrong but I think some of those rule are used to implement options selected by check boxes elsewhere in ESET setting. eg Blocking all if no specific rule allowing is policy mode Allow multicast address relolution in the trusted zone is IDS and Advanced option Allow UPNP for system services is also IDS and Advanced option I'm not sure its is smart to fight with ESS over the rules it takes a particular interest in. There is probably a reason ESET coded specific control of these rules. One would suspect they are important for the protective function ESET provides
  6. Because that is the best setting (ie most likely to protect ESET users from harm), particularly for those users who are not confident enough to play with the default setting. Scanning real time picks up malware prior to it causing any problem ie whenever it is accessed. If ESET routinely scans the mail archive it will eventually find something and cleaning of some form will be attempted, probably with a user prompt. This would be at some risk to all of your other emails as ESET would have to clean malware from any past and future versions of a third parties program archives where the malware may not have complied with the conventional rules. This is clearly more difficult than Microsoft who only needs to deal with one version of a program and upgrade paths supported at their convenience. An ESET user may not appreciate the risk to their other email when prompted at some random time in the future, especially a user not confident to alter the default ESET settings I assumed the real time scanner will pick up any moved or attached emails, deleting malware as appropriate. Similar recursive scanning of an archive is only done if you change the default settings as described above and accept the risk to other emails in the archive (however small or large that may be at some time in the future)
  7. I thought microsoft puts all email in one .pst file so if you download a virus not detected by ESET (ie ESET not installed at the time or not detected by the virus definition files at that time). Then regularly scan the email file, at some time in the future the virus is likely to be detected with all your other emails. If ESET deletes it then there is a risk your other emails may also be lost. Instead I thought the approach ESET use is to scan any time the email is acessed so at risk of causing damage. Thus not risking all the other email in the .pst file. Yes I know you may feel ESET should just delete the offending malware but microsoft are free to update their file format, and some .pst files are likely to be partly corrupted. Either way using an antivirus program to modify another software vendors file is not risk free.
  8. I'm a little confused. What aspect of ESET use are you having trouble with for which it is appropriate ESET developers get directly involved in answering your questions? It must be having a significant negative impact on many ESET customers. Perhaps if you identified the relavance to ESET they may respond sooner. Currently I can see why a) A programer doing a similar task would be interested how ESET has implemented their solution. b) Malware authours may also be interested in details of ESET user interface implementation to block or simulate it. Please enlighten me as I assume you have a better reason than I have been able to think of.
  9. I had been having problems getting the active directory sync to work properly. It kept failing as the current user didn't have sufficient privilages to sync other users redirection directory. Occured with ESS v6 and v7 in interactive mode. Restarting the computers and trying to redo the sync did not produce any firewall pop ups. Ongoing issue for last 12 months The solution was to add the following rules for Windows Explorer General tab: Out, Allow, TCP. Remote tab: Port 80 General tab: Out, Allow, TCP. Remote tab: Address: Server (or trusted zone). Ports: 135, 389 General tab: Out, Allow, TCP. Remote tab: Address: Server (or trusted zone). Ports:49152-65535 Local tab: Ports 49152-65535 Note while this set appears to work, I have not tried to make it any tighter. The reason I have posted it is 1) It is easy to fix if you realise this is the problem 2) It may represent a wider issue where ESS blocks connections without alerting the user. No sure what is special about this case however. BTW Occures with client computers running windows 7 professional fully updated and clean install of ESS in interactive mode. Server was Windows server 2012E running ESET server AV
  10. ESET scheduled scan have been unreliable for a long time. If you restart the computer you will find it runs the scheduled scan. I gave up trying to fix it. hxxp://www.wilderssecurity.com/showthread.php?t=313679
  11. Continuous product improvement is a requirement for all businesses including AV software. Clearly some code in an AV product needs to run at a native level to achieve the desired functionality. Other code is going to be less critical both for function and performance but may consume considerable resources to produce and maintain. Good design of a product supporting multiple processors and operating systems will involve careful consideration of how each aspect of product functionality is achieved. If they were only supporting 64bit Intel processors then yes all of the code is going to be natively compiled for that target. In reality they have come from, and continue to support a 32 bit environment as well as 64bit processors. As such an implementation with some shared code between 32 and 64bit version maybe better than completely independent implementations. The senior systems analyst at ESET will have reviewed this decision multiple times already. As a user of their code we are not going to have the information required to sensibly make this decision. We know when ESET has got it wrong as their program performs poorly or they go broke. As I do not believe either of these are occurring their systems analysis must actually be quite good.
  12. I suspect items get prominence in the system tray to assist novice users get ESET working reliably. In additon activating ESET is disrectly related to ESET subscription monitoring and thus financial viability so far more important to ESET than manual update checking. You could argue the interface would be clearer to novices if the "Activated your Product" change to "Change product Activation" once activation had occured. It could also be removed post activation but menue options which disapear can waist more time when users search for items that they thought were located in a familiar place. Adding a new item to a menue is a design not coding decision. It decreases the prominence and ease of getting to existing items while making it easer to access the new item. Personally if ESS has any issues I open the full application so I can see at a glance what is going on (when it was last updated, any error conditions etc). Is summary I doubt ESET have not heard your suggesting. Their decision to implement or not, is clealy another matter.
  13. Description: Generic System rescue disk functionality Detail: The current implementation of the Rescue disk requires the user to download and install Microsoft Windows Assessment and Deployment Kit (1.7GB), then build a rescue USB/CD/DVD. The boot image is specific to Computer, ESET licence and ESET software version, Windows version / patch level. For the user to maintain this infection backup protection, this process needs to be repeated for every computer they have and redone every time ESET brings out a new version, Microsoft does a singnificant upgrade or their ESET licence is renewed. That is a lot of ongoing work to have tool we all hope to not need. It would be far better if: The system rescue disk image ran on a wide range of computers, so users with mulitiple computers only need one rescue disk. A bootable image was directly downloadable from ESET so users who omitted to create a rescue disk before they suspected infection could still boot from a safe image and scan their computer (current licence to download current image would be reasonable).
  14. Gave it a try. Not sure I like downloading something which behaves like a virus so I hope it is indeed benign. The file happily triggers ESET virus detection so perhaps a step forward. Has anyone used the email reporting. Does it actually work because I can't get it to do anything. Edit Posted too soon. Looks like I need to restart the computer for setting changes to take effect and outgoing email address has to look like a valid email address for my SMTP server
  15. I have setup email notifications via: Enter advanced setup -> Tools -> Alerts and notificatons Is there a simple way of testing this functionality? A "Send test email" button would be useful as sometimes SMTP servers can behave in an unexpected fashon, firewalls can block transmission etc. How have others adress this problem? Trying to infect myself is a counter intuitive way of setting up an AV system. https://forum.eset.com/topic/535-setting-up-and-testing-alerts-notification/
  16. No date set yet for the final release afaik, keep in mind though that an RC "release candidate" hasn't been released yet, so it will take a while longer. In the past ESET have released only one beta then gone straight to production product. I assume their answer for release is when its ready.
  17. I had assumed the OP was suggesting ESET show live grid information, if available when a user prompted to create a rule in manual firewall or HIPS mode. Sounds to be a reasonable suggestion to me. Performance issues may dictate the user be required to click to request the livegrid status. If a normally safe program had malware injected into it, would it not have a different signature, so have a different live grid recomendation?
  • Create New...