Patch
-
Posts
44 -
Joined
-
Last visited
Posts posted by Patch
-
-
But going into interactive mode to create a big rule set will slow down the system?
I don't like allowing all outgoing connections as I want to see what which apps are "home calling" as well as I like to be notifed when "random.exe" tries to send some data
So my best option for HIPS and FW is to create a big rule set for all my apps. This will slow down the system or not? Also I will get bombed with notifications when ever I install or run a new app for the first time ?
What I like about "online whitelistening" is to simply see if the file I try to run is "known" and "secure" or "original" and not some "setup.exe" which has a trojan bound to it. With ESS I can only hope that the AV knows he threat or that the HIPS will warn me correctly + me understanding and acting correctly?
Thanks for your help. So far I really like the inerface of ESS !
I use interactive firewall mode.
You do not need a large rule set and it does not appreciably slow ESS down.
You will get notifications when an application starts accessing the internet (recently installed or otherwise). If this is not what you want, then don't use interactive mode.
Rules can be a specific or general as you want. A relatively easy way of generating specific rules is to get ESS to remember and allow each specific attempt during a "training phase". Then look a the rules generated and create general rules covering all likely use requirements (using lists, ranges, and masks as appropriate). You will find similar applicatons need similar access (web browsers, email clients, office applications etc). As I do not have that many applications, it isn't actually as hard as it sounds.
-
Being a new Smart Security user I was wondering if there was any settings you changed from the default?
..I have changed.. version ..component updates... Potential Unsafe Applications and Unwanted Applications.... HIPS mode to Smart Mode I was just wondering if there was anything worth changing on the firewall or is Automatic ok?
Similar to HIPS smart mode, I use interactive firewall because it increaseses security and lets me know if programs start calling home. It does increase the initial setup time, so is less hassle free though.
-
Is it possible to set for one Windows user interactive firewall mode and for others policy mode? I'm using Eset Smart Security 7 on Windows 7 Home.
I assume you mean if user A is logged onto their account, ESET works in interactive mode but if user B is logged onto their account on the same computer, ESET works in policy mode.
I do not think that is going to work as the software firewall filters transmissions over the computer commuinication channels, not users comminicating task. Including system tasks and no application, thus working at a higher level than the subset of tasks a particular user is currently running.
Probably the best you can do is leave the computer in policy mode most of the time. When user A logs on to the computer they change ESET to interactive mode and change it back when loggin off (or at least when updating ESET).
-
Just out of interest I was wondering why you chose the full suite.
I find the ability to control which application have internet access useful.
My router has a firewall but I'm not that impressed with it and suspect malware would get through it. So PC level firewall adds some extra protection.
No all of my computers remain behind said firewall.
The extra protection offered by the suite may help
However I don't find ESET spam filtering useful as I don't run outlook and where I do it is more likely to conflict with requirements than help
I haven't bothered to set up Anti theft as most my computers do not have a camera.
-
I had it on Learning mode over half a year I think.
I doubt this is true.
Learning mode expires after 2 weeks
However if you want to tighten up the rules and understand what is happening I would also advise interactive mode with a clean install. You can make the rules as specific as you like to start with (open up the advanced tab and limit ports and message type). You can then edit the rules to create generalise rules relatively easily. I have then documented my prefered rules, which makes it easier to apply to other computers or after clean re install for any other reason.
I thought that it's time to up the security a bit and go for a more strict firewall setting. I switched to Policy-based mode.
After half a day fine-tuning my firewall, adding exceptions to allow stuff that I use, I was quite satisfied with the result. But after I restarted my computer, some rules that are prepackaged, which
you can turn off, but not delete (not that I wanted), will switch back on and mess up my configuration. This is very annoying, since the exceptions that I've made, are still blocked by
Block all unknown outbound traffic in Administrator mode rule.
First, the rules I have added are not unknown and second, if I turn off a setting, it should stay off.
Other rules that I prefer would stay off are:
Block outgoing multicast DNS requests
Block outgoing SSDP (UPNP) requests from svchost.exe
I may be wrong but I think some of those rule are used to implement options selected by check boxes elsewhere in ESET setting. eg
Blocking all if no specific rule allowing is policy mode
Allow multicast address relolution in the trusted zone is IDS and Advanced option
Allow UPNP for system services is also IDS and Advanced option
I'm not sure its is smart to fight with ESS over the rules it takes a particular interest in. There is probably a reason ESET coded specific control of these rules. One would suspect they are important for the protective function ESET provides
-
why is it checked for real time but no on-demand scan even though the option is avail?
Because that is the best setting (ie most likely to protect ESET users from harm), particularly for those users who are not confident enough to play with the default setting.
Scanning real time picks up malware prior to it causing any problem ie whenever it is accessed.
If ESET routinely scans the mail archive it will eventually find something and cleaning of some form will be attempted, probably with a user prompt. This would be at some risk to all of your other emails as ESET would have to clean malware from any past and future versions of a third parties program archives where the malware may not have complied with the conventional rules. This is clearly more difficult than Microsoft who only needs to deal with one version of a program and upgrade paths supported at their convenience.
An ESET user may not appreciate the risk to their other email when prompted at some random time in the future, especially a user not confident to alter the default ESET settings
If you drag an email to your desktop from Outlook, it is stored on disc as .msg. Completely separate from the personal storage table file.
Likewise if you copy 100 emails and archive them or forward them somewhere, or even 1 single email file being forwarded as you add item as an attachment.
However Microsoft uses the pst to store your emails inside outlook in a nice format for reading / filtering.
Does ESET scan a pst in the same method as an archive ? Recursively until all emails inside are scanned ? As well as remove 1 bad email from a pst ?
I assumed the real time scanner will pick up any moved or attached emails, deleting malware as appropriate.
Similar recursive scanning of an archive is only done if you change the default settings as described above and accept the risk to other emails in the archive (however small or large that may be at some time in the future)
-
I get this inquiry from customers from time to time that dig into the advanced setup. When they go to Advanced Setup >> computer >> On demand Computer Scan >> then the ThreatSense engine parameter setup>> from that section on Objects "Email Files" is not checked. I know its checked for real time but not in on-demand scan. I guess my questions is what is the definition of scanning of "email files" and why is it checked for real time but no on-demand scan even though the option is avail?
I thought microsoft puts all email in one .pst file so if you download a virus not detected by ESET (ie ESET not installed at the time or not detected by the virus definition files at that time). Then regularly scan the email file, at some time in the future the virus is likely to be detected with all your other emails. If ESET deletes it then there is a risk your other emails may also be lost.
Instead I thought the approach ESET use is to scan any time the email is acessed so at risk of causing damage. Thus not risking all the other email in the .pst file.
Yes I know you may feel ESET should just delete the offending malware but microsoft are free to update their file format, and some .pst files are likely to be partly corrupted. Either way using an antivirus program to modify another software vendors file is not risk free.
-
Hello developers.
.....question about realization pop-up notifications on desktop
......How notifications are created? In what language? Where i can read example.
I'm a little confused.
What aspect of ESET use are you having trouble with for which it is appropriate ESET developers get directly involved in answering your questions? It must be having a significant negative impact on many ESET customers.
Perhaps if you identified the relavance to ESET they may respond sooner.
Currently I can see why
a) A programer doing a similar task would be interested how ESET has implemented their solution.
b) Malware authours may also be interested in details of ESET user interface implementation to block or simulate it.
Please enlighten me as I assume you have a better reason than I have been able to think of.
-
I had been having problems getting the active directory sync to work properly. It kept failing as the current user didn't have sufficient privilages to sync other users redirection directory. Occured with ESS v6 and v7 in interactive mode. Restarting the computers and trying to redo the sync did not produce any firewall pop ups. Ongoing issue for last 12 months
The solution was to add the following rules for Windows Explorer
General tab: Out, Allow, TCP. Remote tab: Port 80
General tab: Out, Allow, TCP. Remote tab: Address: Server (or trusted zone). Ports: 135, 389
General tab: Out, Allow, TCP. Remote tab: Address: Server (or trusted zone). Ports:49152-65535 Local tab: Ports 49152-65535
Note while this set appears to work, I have not tried to make it any tighter.
The reason I have posted it is
1) It is easy to fix if you realise this is the problem
2) It may represent a wider issue where ESS blocks connections without alerting the user. No sure what is special about this case however.
BTW
Occures with client computers running windows 7 professional fully updated and clean install of ESS in interactive mode.
Server was Windows server 2012E running ESET server AV
-
The problem is the scheduled scan does not start, even when I tell it to scan next available chance. The only way to scan is manually.
ESET scheduled scan have been unreliable for a long time. If you restart the computer you will find it runs the scheduled scan. I gave up trying to fix it. hxxp://www.wilderssecurity.com/showthread.php?t=313679
-
A proper written code for 64bit will run better in a 64bit OS than 32bit code will.
...I bet you will eventually get round to it.
Continuous product improvement is a requirement for all businesses including AV software.
Clearly some code in an AV product needs to run at a native level to achieve the desired functionality.
Other code is going to be less critical both for function and performance but may consume considerable resources to produce and maintain.
Good design of a product supporting multiple processors and operating systems will involve careful consideration of how each aspect of product functionality is achieved.
If they were only supporting 64bit Intel processors then yes all of the code is going to be natively compiled for that target.
In reality they have come from, and continue to support a 32 bit environment as well as 64bit processors. As such an implementation with some shared code between 32 and 64bit version maybe better than completely independent implementations. The senior systems analyst at ESET will have reviewed this decision multiple times already. As a user of their code we are not going to have the information required to sensibly make this decision.
We know when ESET has got it wrong as their program performs poorly or they go broke. As I do not believe either of these are occurring their systems analysis must actually be quite good.
-
Do you really think that "Activate your product" more frequent use than "Check for updates"?
I could remember ESET staff explained why we don't need "check for updates" in tray menu because
ESET products check for updates automatically every one hour.
I suspect items get prominence in the system tray to assist novice users get ESET working reliably.
In additon activating ESET is disrectly related to ESET subscription monitoring and thus financial viability so far more important to ESET than manual update checking.
You could argue the interface would be clearer to novices if the "Activated your Product" change to "Change product Activation" once activation had occured. It could also be removed post activation but menue options which disapear can waist more time when users search for items that they thought were located in a familiar place.
Adding a new item to a menue is a design not coding decision. It decreases the prominence and ease of getting to existing items while making it easer to access the new item. Personally if ESS has any issues I open the full application so I can see at a glance what is going on (when it was last updated, any error conditions etc).
Is summary I doubt ESET have not heard your suggesting. Their decision to implement or not, is clealy another matter.
-
Description: Generic System rescue disk functionality
Detail:
The current implementation of the Rescue disk requires the user to download and install Microsoft Windows Assessment and Deployment Kit (1.7GB), then build a rescue USB/CD/DVD. The boot image is specific to Computer, ESET licence and ESET software version, Windows version / patch level.
For the user to maintain this infection backup protection, this process needs to be repeated for every computer they have and redone every time ESET brings out a new version, Microsoft does a singnificant upgrade or their ESET licence is renewed.
That is a lot of ongoing work to have tool we all hope to not need.
It would be far better if:
- The system rescue disk image ran on a wide range of computers, so users with mulitiple computers only need one rescue disk.
- A bootable image was directly downloadable from ESET so users who omitted to create a rescue disk before they suspected infection could still boot from a safe image and scan their computer (current licence to download current image would be reasonable).
-
Gave it a try.
Not sure I like downloading something which behaves like a virus so I hope it is indeed benign.
The file happily triggers ESET virus detection so perhaps a step forward.
Has anyone used the email reporting. Does it actually work because I can't get it to do anything.
Edit
Posted too soon.
Looks like I need to restart the computer for setting changes to take effect and outgoing email address has to look like a valid email address for my SMTP server
-
I have setup email notifications via:
Enter advanced setup -> Tools -> Alerts and notificatons
Is there a simple way of testing this functionality?
A "Send test email" button would be useful as sometimes SMTP servers can behave in an unexpected fashon, firewalls can block transmission etc.
How have others adress this problem?
Trying to infect myself is a counter intuitive way of setting up an AV system. https://forum.eset.com/topic/535-setting-up-and-testing-alerts-notification/
-
When v7 full version will be out?
No date set yet for the final release afaik, keep in mind though that an RC "release candidate" hasn't been released yet, so it will take a while longer.
In the past ESET have released only one beta then gone straight to production product.
I assume their answer for release is when its ready.
-
I had assumed the OP was suggesting ESET show live grid information, if available when a user prompted to create a rule in manual firewall or HIPS mode.
Sounds to be a reasonable suggestion to me. Performance issues may dictate the user be required to click to request the livegrid status.
Information from LiveGrid might be misleading in case of malware as they would show for the process malware is injected in, ie. not for the malware itself. That said, a user would see ESET recommending them to allow the action based on the data from LiveGrid but in fact they'd allow malware to perform its action.
If a normally safe program had malware injected into it, would it not have a different signature, so have a different live grid recomendation?
Added local & trusted zone as allowed, still getting asked for local ip
in ESET Internet Security & ESET Smart Security Premium
Posted
I also find "Trusted Zone" doesn't work that reliably.
I guess the problem is it is defined dynamically so may not be set up properly when it is initially used. As my computers are mostly on a network with a static IP range, adding this range appears to fix it for me.