novice

ESET is supposed to have an "Anti-ransomware shield" If ESET's ransomware detection is still based on "signatures" (DNA or not), well that may explain the mediocre result in AV Comparatives and the frequency of posts like this : "Ransomware not detected by ESET but 30/70 detection in Virus total" Even Microsoft detected it, with its basic engine.... https://www.virustotal.com/#/file/1f15a3e297b9017c40276ad1c32d606c8beebbf432227b47360f3674bfb60127/detection

I never said that " the majority of firewalls support creation of firewall rules based on the parent application " Based on ESET complexity and excess customization I would expect that this is not overlooked, because creates a false sense of security (from a firewall point of view) . Just 2 firewalls which ,somehow, addressed several flaws: 1. Windows Firewall Control (from Binisoft) : at least the uninstalled applications are marked in the firewall 2. PC Tools firewall Plus : has rules based on FQDN, will automatically group rules per applications; will mark rules for uninstalled applications; and most importantly , will alert you if a "parent application" tries to use a "child application" to connect to the internet , and you can create a rule You are right in your assumption, the list of poorly performing firewalls is large ; if this creates comfort , by all means , you can add ESET to this list

The original discussion was about "HIPS and Firewall in default installation" Even in "interactive mode" the firewall is extremely primitive , if I can say so: 1. the rules are based on IP and not on FQDN ; that means: you have to spend time to figure out what is behind each and every IP , in order to make an informed decision for applications using dynamic addressing, you will get multiple alerts for the same application over and over again, with no end in sight 2. rules for the same application are scattered all over and you manually have to group them 3. rules for uninstalled applications or for temp. application are still present in the firewall and you manually have to figure out which one is still valid or not 4. the firewall is practically useless when a "parent application" will connect to the internet through a "child application" . If the "child application" (let's say "child.exe TCP 443" )was allowed in the firewall, another application , let's say "parent.exe" can start "child.exe" and can connect to the internet without ant warning from ESET firewall, which is a major flaw

So, what's the point of such a test??? Is this the methodology followed by AV Comparatives??? Was ESET disconnected from LiveGrid during AV Comparatives test? So, again this proves nothing... I got it , after many years ESET has a behavior blocker which is working , even offline ; but so does Emsisoft (5 years) , Malwarebytes (dedicated Antiransomware module which worked each and every time I tested)

Is amazing to see how far you would go to look for excuses.... "Assumed is Eset is concentrating on malware with the greatest risk to its customers" sounds like ESET had the undetected samples in hand, but , what the heck , they were not prevalent, so ESET dumped them, focusing on other "prevalent" malware. But on AV Comparatives , surprise-surprise, the dumped samples were on the test, that's why ESET scored only 98.5% On the other hand , MSE decided not to focus on prevalent malware only, and scored 100% I hope you realize how absurd is this scenario....

AV Comparatives did not "cherry picked" malwares purposely for ESET not to be detected... The testing procedure is clearly outlined and the field is leveled for all players. All tested anti-viruses were exposed to exactly the same set of malwares in exactly the same manner , so do not blame the tester for ESET consistent so-so results on a 6 months interval.

To you... rest of the people think differently. True, but do you prefer 98.4% detection rate (August) and less FP or 100% detection rate (August) and more FP ???? A FP can be investigated and "excepted" while a non detection is fatal.

...yet, Windows Defender, old school without anything fancy, scored 99.9% in the latest AV Comparatives (July-November) , compared with 98.9% (same July-November) Additionally, I do not know many people who still do "scans" of their drives. This is a 90's practice.

Thank you for your video. After searching "ESET Virus radar" , it seems like detection for Win32/Filecoder.FS has been added on 2016-08-24, so the fact that definitions are 2 weeks old or ESET not being connected to Live Grid is irrelevant. So in fact ESET detected something "fresh" based on a mechanism added 2 years ago. How is this relevant to HIPS???

Hello Marcos, If this is the case (ESET provides maximum protection without asking and requiring user's interaction) why not have a simple interface on ESET , with an ON-OFF button??? No amount of customization will increase the offered protection beyond "maximum", which is already offered in default mode , as per your statement. As I said before (and many times prior to that) , I never seen any alert HIPS based in almost 3 years running ESET in "Smart mode". What are you saying is very close to "believe and do not doubt" , a religion dogma. I tried hard to trigger an alert from HIPS in "Smart mode" for over 2 years now, disabling various settings , running ransomware simulators, running even a real ransomware (Wannacry) and I got nothing, absolutely nothing from HIPPS. I ran some other software with the same simulators and real "Wannacry" and I got the expected reaction from them (Malwarebytes , the anti-ransomware module or Acronis anti-ransomware) It seems like ESET relies its detection on Live Grid and signature database in almost 100% of the situations and HIPS, in default mode, is just support for various internal mechanisms preventing termination . Please feel free to provide a sample which will trigger HIPS in "Smart mode", if you disagree with my conclusion. Thanks!

Not having a HIPS , to begin off, also will ensure that your machine will be functional... "Less intrusive" doesn't mean ABSOLUTELY NO REACTION from either HIPS and firewall. I ran HIPS in "Smart mode" , for 2 years now; ABSOLUTELY NO ALERT in all this time... Personally, I believe in default mode, HIPS serves ONLY internal ESET shields and doesn't behave like a real HIPS and the firewall is as good as Windows firewall.

Yet, my question stands: "Have you ever seen, with your own eyes, a detection, HIPS related in default mode??? ( let's say suspicious ransomware )??? In over 3 years , testing all kind of malwares I never seen ONCE and alert HIPS related , in default installation. Hence my conclusion that , in fact HIPS is used exclusively for various shields in ESET and nothing more. For a regular user who installed ESET in default configuration, practically there is no HIPS.

Have you ever seen such a detection???? A regular use , who opted for default installation, will never be aware about this; for him will be another connection "not made". From your explanation, in default mode , ESET firewall doesn't seem to add substantial benefits to Win firewall.

Hello, Using ESET for a while (3 years) on an on-again off-again basis. On default installation it is correct to assume that: 1. Firewall does the same thing like Windows firewall. 2. HIPS serves various ESET shields only and other than that an user will not see HIPS presence. I am asking these , because in default installation I NEVER seen any reaction neither from firewall nor from HIPS. Thanks!

The worm should be something like "worm".exe, so the firewall should let me know when an ".exe" is trying to access the internet, not to wide open tcp445. For example TCP80 and TCP443 are used for IE ; this doesn't mean a firewall should be open BY DEFAULT on ports 80 and 443 . Otherwise, in default configuration there is no difference between Win Firewall (built in ) and ESET firewall.

So, what the point in running ESET firewall in default mode if something which is no-no in your security book is allowed out????

ESET did not perform well also in Av Comparatives for Sep 2018 (98.5%) , so why everybody is so surprised now?????

It is not an "accusation" is merely an observation. Nobody said that Itman is an ESET employee. Itman is a valuable member of this community , however I noticed his tendency of defending ESET no matter what and having a biased attitude.

...says somebody who has affiliation with ESET , trying to justify the questionable result .....

I have to agree with this; Just an example about the "Threatsense parameters" : No cleaning/Normal cleaning/Strictly cleaning . An user has to set up this in at least 8 places ; it is very unlikely that somebody will want "no cleaning" in certain situation and "strictly cleaning" in another situation. To be honest, every time I set-up ESET I was in doubt that I did it right or I missed something somewhere....

If you bought it from Ebay, most likely the license is being use on some other PC's (oversold) so just transfer it to another PC and hope for the best...

Usually I sign in instantly when is available; ESET will not update till my third party firewall will allow internet connection (I can see ESET updating and I get a pop up about successful update) Still the time in main GUI is wrong (previous time when ESET updated)

See my post here: If you open "You are protected" screen, on the left lower corner says "last update 12 hours ago". However, if you go to "update" screen , the last update was "29 min ago" When you return to the "You are protected" screen , now the time displays correctly. But on initial check, always the time is wrong. So, an user opening only the "You are protected" screen will automatically assume that ESET never updated.

Still update time doesn't display correctly on the main screen....

In a previous post Marcos said that ESET doesn't perform behavior blocking However, in a MRG-EFFITAS tests ESET performed very well using behavior shield: https://www.mrg-effitas.com/wp-content/uploads/2018/03/MRG-Effitas-360-Assessment_2017_Q4_wm.pdf So, is there any behavior analysis in ESET or not? Thanks!