novice

Just run a ransomware simulator (RanSim) from here : https://www.knowbe4.com/ransomware-simulator On a win7 /64 with NOD32, the result is --->see attachment. Any comments????

My selected profile is "In-depth scan" with Threatsense parameter "No cleaning" ; yet the threat is cleaned automatically. However, if I select "Context menu scan" with Threatsense parameter "No cleaning", the threat is not cleaned automatically, waiting for my decision. In all honesty, why do we need to set "threthsense" in so many places? Is not like someone would want a certain action when scan on demand and a totally different action in a different situation.

If threatsense parameters are set to "no cleaning" in all 100 required places, why when I scan a folder , the threat is cleaned automatically??? See picture.

Yes, but if it is an actual threat why I can still "ignore it"??? And what if the "actual threat" is a FP and I want to exclude it from detection??? And what about second question???

...threat but I cannot exclude from detection (grey -out)? And one more: I setup Threatsense Parameters to "no cleaning" (all of them) however if I scan an infected folder I get "All threats cleaned" Why is that?

In my first attachment, you see there is no "square" in the top right corner , to maximize the window, only "_" and "x" With window minimized, I could resize the columns left and right, but still in minimized mode. In new version 11.2.49 , I can expand the window to the whole screen. Is worth mentioning that I installed first ESET internet security and I downgraded to NOD32 antivirus; maybe is related somehow.

The solution was to manually update to the next version (v11.2.49) In the previous version, whatever you described it is not possible; the window had a fixed size.

...is way too small and not expandable. I have to go line by line to expand it left or right in order to be able to read. See attachment.

Thanks!

So, how can I move a rule UP/DOWN or insert a rule between other two?

It seems like somebody else had a similar idea....but a little bit too late. WFC has been acquired by Malwarebytes.

No, I have 3 PC , each of the with ESET; I wanted to make all firewall rules in interactive mode and lock the firewall after that.

It is possible, after I created the necessary set of rules in interactive mode, to lock the ESET firewall? In other words, do not pop-up any question firewall related and block anything which doesn't have an "allow rule".? This would be useful to set family PC (wife ,kid)

Also, the notification if an application has been modified (by update) is disabled. Funny thing, some rules "allow this and that" are still enabled. Anyway, I uninstalled Internet Security and installed NOD32 antivirus + Windows Firewall Control , by BiniSoft.( Looks less sophisticated but easy to manage.)

Any firewall I had so far would mark somehow the invalid rules ( Windows Firewall Control, PC Tools Firewall Plus). How difficult would be for ESET to implement that. BTW, if I disable Firewall only , what else is going to be affected??? I forgot to ask : what about duplicate rules?

What happens with invalid firewall rules (let's say I uninstalled the program for which previously I had a rule) Thanks!

It is very user configurable if you know what to do.

How is this relevant???? If an antivirus has a mechanism based on HIPS /behavior analysis the detection is supposed to be generic. Of course , 24 hour later ESET will have time to analyze it and give it a name, but we, the regular users , are not looking for a name, we are looking for a detection.

I have no doubt that , with proper rules HIPS works. What I am saying is , in default mode HIPS is an empty box , with the only purpose to make some other modules functional. In default mode HIPS doesn't add another layer of protection . I asked ESET, in the past, to provide the rules (rather than KB how to create certain rules) all disabled and give the user possibility to enable them as necessary.

Yet I do not understand why HIPS ,a "fundamental component" can be disabled by any regular user in ESET settings.

I am not posting about HIPS not performing properly, I am posting about HIPS not performing AT ALL. As I said , in almost 5 years and 3 pc I never had a HIPS related alert, so what's the point in advertising HIPS as long as the only purpose is assure ESET functionality ,not to add another layer of protection. This was supposed to be posted in "ESET and AV Comparatives" here the discussion is pure technical...

So , if HIPS is strictly used internally, why make visible and accessible to users??? Why offer the option to disable it???? This creates a false sense of security (ESET has HIPS but XXXX antivirus doesn't)

So, are you saying that HIPS is just an empty box, waiting to be filled with customized rules????? I have been using ESET for almost 5 years now on 3 pc , with HIPS set on "Smart mode", yet I never got an alert HIPS related , unless I created a custom rule. The consensus here on this forum is that HIPS is another layer of defense, and if a malware is not detected by this and that, for sure is going to be blocked by HIPS. Really disappointed to hear that in fact HIPS doesn't do too much in fighting malwares.

It is possible to see somehow the HIPS default rules? Thanks!

Hi Marcos, You were saying "On behalf of ESET I can say that I hardly recall a malware-related ticket where the infection was caused by ESET letting malware in.." Here is your example, with " ESET is installed and updated with recent update on the server" I am pretty sure you will provide a sophisticated explanation, yet the fact remains: ESET, wit a dedicated "antiransomware" module, failed to protect OP .