novice
-
Posts
263 -
Joined
-
Last visited
-
Days Won
1
Posts posted by novice
-
-
3 minutes ago, Marcos said:
I would rather disagree that the majority of firewalls support creation of firewall rules based on the parent application. You can post a list of the firewalls which support this but I assume that a list of firewalls with something that you consider a "major flaw" would be substantially larger.
I never said that " the majority of firewalls support creation of firewall rules based on the parent application "
Based on ESET complexity and excess customization I would expect that this is not overlooked, because creates a false sense of security (from a firewall point of view) .
Just 2 firewalls which ,somehow, addressed several flaws:
1. Windows Firewall Control (from Binisoft) : at least the uninstalled applications are marked in the firewall
2. PC Tools firewall Plus : has rules based on FQDN, will automatically group rules per applications; will mark rules for uninstalled applications; and most importantly , will alert you if a "parent application" tries to use a "child application" to connect to the internet , and you can create a rule
10 minutes ago, Marcos said:list of firewalls with something that you consider a "major flaw" would be substantially larger
You are right in your assumption, the list of poorly performing firewalls is large ; if this creates comfort , by all means , you can add ESET to this list
-
The original discussion was about "HIPS and Firewall in default installation"
Even in "interactive mode" the firewall is extremely primitive , if I can say so:
1. the rules are based on IP and not on FQDN ; that means:
- you have to spend time to figure out what is behind each and every IP , in order to make an informed decision
- for applications using dynamic addressing, you will get multiple alerts for the same application over and over again, with no end in sight
2. rules for the same application are scattered all over and you manually have to group them
3. rules for uninstalled applications or for temp. application are still present in the firewall and you manually have to figure out which one is still valid or not
4. the firewall is practically useless when a "parent application" will connect to the internet through a "child application" . If the "child application" (let's say "child.exe TCP 443" )was allowed in the firewall, another application , let's say "parent.exe" can start "child.exe" and can connect to the internet without ant warning from ESET firewall, which is a major flaw
-
3 hours ago, Marcos said:
Neither was it a real-world test since the machine was disconnected from network
So, what's the point of such a test??? Is this the methodology followed by AV Comparatives??? Was ESET disconnected from LiveGrid during AV Comparatives test?
So, again this proves nothing...
I got it , after many years ESET has a behavior blocker which is working , even offline ; but so does Emsisoft (5 years) , Malwarebytes (dedicated Antiransomware module which worked each and every time I tested)
-
3 hours ago, itman said:
Assumed is Eset is concentrating on malware with the greatest risk to its customers
Is amazing to see how far you would go to look for excuses....
"Assumed is Eset is concentrating on malware with the greatest risk to its customers" sounds like ESET had the undetected samples in hand, but , what the heck , they were not prevalent, so ESET dumped them, focusing on other "prevalent" malware.
But on AV Comparatives , surprise-surprise, the dumped samples were on the test, that's why ESET scored only 98.5%
On the other hand , MSE decided not to focus on prevalent malware only, and scored 100%
I hope you realize how absurd is this scenario....
-
15 minutes ago, Marcos said:
It's easy to cherry pick malware that a chosen AV product won't detect and the machine will get infected.
AV Comparatives did not "cherry picked" malwares purposely for ESET not to be detected... The testing procedure is clearly outlined and the field is leveled for all players.
All tested anti-viruses were exposed to exactly the same set of malwares in exactly the same manner , so do not blame the tester for ESET consistent so-so results on a 6 months interval.
-
44 minutes ago, Tornado said:
Those tests mean nothing to me...
To you... rest of the people think differently.
15 minutes ago, BALTAGY said:ESET is very low in false positive
True, but do you prefer 98.4% detection rate (August) and less FP or 100% detection rate (August) and more FP ????
A FP can be investigated and "excepted" while a non detection is fatal.
-
10 hours ago, Tornado said:
and Windows Defender being on of the worst. It scans everything like an AV from the 90s and completing a full scan on an M.2 SSD takes an eternity
...yet, Windows Defender, old school without anything fancy, scored 99.9% in the latest AV Comparatives (July-November) , compared with 98.9% (same July-November)
Additionally, I do not know many people who still do "scans" of their drives. This is a 90's practice.
-
3 hours ago, Marcos said:
how ESET detects today's fresh Filecoder.FS
Thank you for your video.
After searching "ESET Virus radar" , it seems like detection for Win32/Filecoder.FS has been added on 2016-08-24, so the fact that definitions are 2 weeks old or ESET not being connected to Live Grid is irrelevant.
So in fact ESET detected something "fresh" based on a mechanism added 2 years ago. How is this relevant to HIPS???
-
2 hours ago, Marcos said:
ESET provides maximum protection without asking and requiring user's interaction
Hello Marcos,
If this is the case (ESET provides maximum protection without asking and requiring user's interaction) why not have a simple interface on ESET , with an ON-OFF button???
No amount of customization will increase the offered protection beyond "maximum", which is already offered in default mode , as per your statement.
2 hours ago, Marcos said:HIPS-based feature Behavior monitor which will work silently ...
As I said before (and many times prior to that) , I never seen any alert HIPS based in almost 3 years running ESET in "Smart mode". What are you saying is very close to "believe and do not doubt" , a religion dogma.
2 hours ago, Marcos said:you have not seen any alert from HIPS-based protection modules means that most likely no malware has attempted to run.
I tried hard to trigger an alert from HIPS in "Smart mode" for over 2 years now, disabling various settings , running ransomware simulators, running even a real ransomware (Wannacry) and I got nothing, absolutely nothing from HIPPS. I ran some other software with the same simulators and real "Wannacry" and I got the expected reaction from them (Malwarebytes , the anti-ransomware module or Acronis anti-ransomware)
It seems like ESET relies its detection on Live Grid and signature database in almost 100% of the situations and HIPS, in default mode, is just support for various internal mechanisms preventing termination .
Please feel free to provide a sample which will trigger HIPS in "Smart mode", if you disagree with my conclusion.
Thanks!
-
2 hours ago, cyberhash said:
he inbuilt rules for HIPS will always ensure that your machine will be functional
Not having a HIPS , to begin off, also will ensure that your machine will be functional...
2 hours ago, cyberhash said:Default mode as you describe it, will be less in intrusive
"Less intrusive" doesn't mean ABSOLUTELY NO REACTION from either HIPS and firewall.
I ran HIPS in "Smart mode" , for 2 years now; ABSOLUTELY NO ALERT in all this time...
Personally, I believe in default mode, HIPS serves ONLY internal ESET shields and doesn't behave like a real HIPS and the firewall is as good as Windows firewall.
-
1 hour ago, itman said:
Eset has significantly improved....
Yet, my question stands: "Have you ever seen, with your own eyes, a detection, HIPS related in default mode??? ( let's say suspicious ransomware )???
In over 3 years , testing all kind of malwares I never seen ONCE and alert HIPS related , in default installation. Hence my conclusion that , in fact HIPS is used exclusively for various shields in ESET and nothing more.
For a regular user who installed ESET in default configuration, practically there is no HIPS.
-
35 minutes ago, itman said:
Also when suspicious ransomware and like behavior was attempted.
Have you ever seen such a detection????
36 minutes ago, itman said:any connections blocked are done so silently and one has to refer to the Troubleshooting Wizard
A regular use , who opted for default installation, will never be aware about this; for him will be another connection "not made".
From your explanation, in default mode , ESET firewall doesn't seem to add substantial benefits to Win firewall.
-
Hello,
Using ESET for a while (3 years) on an on-again off-again basis.
On default installation it is correct to assume that:
1. Firewall does the same thing like Windows firewall.
2. HIPS serves various ESET shields only and other than that an user will not see HIPS presence.
I am asking these , because in default installation I NEVER seen any reaction neither from firewall nor from HIPS.
Thanks!
-
9 hours ago, itman said:
If a worm is able to install itself, the first thing it will try to do is connect outbound TCP port 445.
Eset by default doesn't block outbound TCP port 445 since if your on a internal network and share files or printers, it is valid communication. I am not on a network and as such, don't share files or printers.
The worm should be something like "worm".exe, so the firewall should let me know when an ".exe" is trying to access the internet, not to wide open tcp445.
For example TCP80 and TCP443 are used for IE ; this doesn't mean a firewall should be open BY DEFAULT on ports 80 and 443 .
Otherwise, in default configuration there is no difference between Win Firewall (built in ) and ESET firewall.
-
1 hour ago, itman said:
This is a no-no in my security book but the Eset firewall by default rule will allow it.
So, what the point in running ESET firewall in default mode if something which is no-no in your security book is allowed out????
-
3 minutes ago, Marcos said:
I'd like to bring the following write-up by AV-Comparatives into your attention which clarifies why unprofessional tests are flawed: https://www.av-comparatives.org/spotlight-on-security-why-do-av-products-score-so-highly-in-professional-tests/
ESET did not perform well also in Av Comparatives for Sep 2018 (98.5%) , so why everybody is so surprised now?????
-
2 hours ago, Marcos said:
I strongly disagree with this accusation.
It is not an "accusation" is merely an observation.
2 hours ago, Marcos said:Itman is not an employee of ESET and has no other relation to the company
Nobody said that Itman is an ESET employee.
Itman is a valuable member of this community , however I noticed his tendency of defending ESET no matter what and having a biased attitude.
-
1 hour ago, itman said:
TPSC has affiliations with Bitdefender, Kaspersky, and Sophos...
...says somebody who has affiliation with ESET , trying to justify the questionable result .....
-
On 11/29/2018 at 12:07 PM, freesolo said:
I don't understand why there can't be a single settings location where all settings are located.
I have to agree with this;
Just an example about the "Threatsense parameters" : No cleaning/Normal cleaning/Strictly cleaning .
An user has to set up this in at least 8 places ; it is very unlikely that somebody will want "no cleaning" in certain situation and "strictly cleaning" in another situation. To be honest, every time I set-up ESET I was in doubt that I did it right or I missed something somewhere....
-
If you bought it from Ebay, most likely the license is being use on some other PC's (oversold) so just transfer it to another PC and hope for the best...
-
2 hours ago, itman said:
you boot and then "dilly dally" at the Win logon screen for a while
Usually I sign in instantly when is available; ESET will not update till my third party firewall will allow internet connection (I can see ESET updating and I get a pop up about successful update)
Still the time in main GUI is wrong (previous time when ESET updated)
-
9 hours ago, TomFace said:
What we need is more information from "novice".
See my post here:
If you open "You are protected" screen, on the left lower corner says "last update 12 hours ago". However, if you go to "update" screen , the last update was "29 min ago"
When you return to the "You are protected" screen , now the time displays correctly. But on initial check, always the time is wrong.
So, an user opening only the "You are protected" screen will automatically assume that ESET never updated.
-
Still update time doesn't display correctly on the main screen....
-
In a previous post Marcos said that ESET doesn't perform behavior blocking
However, in a MRG-EFFITAS tests ESET performed very well using behavior shield:
https://www.mrg-effitas.com/wp-content/uploads/2018/03/MRG-Effitas-360-Assessment_2017_Q4_wm.pdf
So, is there any behavior analysis in ESET or not?
Thanks!
Ransomware Undetected
in Malware Finding and Cleaning
Posted · Edited by novice
ESET is supposed to have an "Anti-ransomware shield"
If ESET's ransomware detection is still based on "signatures" (DNA or not), well that may explain the mediocre result in AV Comparatives and the frequency of posts like this : "Ransomware not detected by ESET but 30/70 detection in Virus total"
Even Microsoft detected it, with its basic engine....
https://www.virustotal.com/#/file/1f15a3e297b9017c40276ad1c32d606c8beebbf432227b47360f3674bfb60127/detection