Jump to content

adnage19

Members
  • Posts

    25
  • Joined

  • Last visited

Everything posted by adnage19

  1. https://www.mrg-effitas.com/wp-content/uploads/2016/11/MRG-Effitas-360-Assessment-Q3-2016.pdf ESET failed again in this test.
  2. Hello, I think the topic title is clear - menu in the ESET's icon should have ability to quick changing HIPS mode. Here is why - I'm using Interactive Mode after applying Learning mode for 2 weeks. Now... I want to install some new program and with the Interactive mode installation process is a pain - so much alerts. So I have to go to advanced settings, go to HIPS settings and there change mode to learning mode. It would be much quicker and easier if I could switch the mode right from the icon menu on the taskbar. I believe it isn't as hard to add this little feature so I really hope that it could be added really fast by the developers. There is no need to wait for v11, isn't? Cheers
  3. It didn't work well for me with Chrome (wasn't opening automatically on the bank sites), now I even can't use it at all, because it doesn't support Opera... So popular browser isn't supported. Shame on you, ESET. The idea of Banking protection in ESET is good, I mean it works nice in theory (no fancy browsers like Avast Safe Zone or Bitdefender Safepay) but... It doesn't matter when it doesn't work as it should.
  4. Hi, I just saw interesting post on the Wilderssecurity regarding the components versions in v9 and v10. Few modules, for example HIPS are newer in v9 hxxp://www.wilderssecurity.com/threads/eset-nod32-version-10-0-369-0-released.389533/ Any explaination?
  5. Advanced settings -> web access protection -> URL management -> Edit -> list of allowed URLs -> and here you add your website. Type main adress with the * at the end. For example: www.example.com/*
  6. Of course, to be fair, v10 is a good upgrade because Anti-Ransomware protection works quite nicely (not perfectly).How do you know that "Anti-Ransomware protection works quite nicely (not perfectly)." V 10 has been released a few days ago, I doubt that you already encountered a ransomware ...If you have some other info about it , screenshot , I would be curios to see how Anti-Ransomware protection works in real life situation, not only in theory https://www.youtube.com/watch?v=c-VVYu1f4e8
  7. That's not true. Features like AMS, Exploit blocker and Botnet protection have often prevented file encryption without having a signature detection for the Filecoder.Well, John Alex is partially right, I mean, Eset is a king of signature and additionally few HIPS and firewall modules work pretty good. But programs like Bitdefender (Active Threat Control), Kaspersky (System Watcher) and Emsisoft (Behavior Blocker) perform way better. To be clear, I don't promote these AVs, I just give an example of programs with the best behavior blockers. The truth is that HIPS on default settings (automatic mode) isn't as effective as these modules mentioned above. Of course, to be fair, v10 is a good upgrade because Anti-Ransomware protection works quite nicely (not perfectly). Overall, it would be great if ESET would focus on proactive protection improvements. I believe HIPS should be more sensitive. In fact, it would be great if it would be more behavior blocker rather than HIPS.
  8. You should calm down a little bit. Eset is still one of the best AVs and nothing has changed since version 9. Also, I suggest you to take these tests with a grain of salt. In fact, Eset is pretty good when it comes to removing of threats. You can type in Youtube "Eset removal test" and watch few videos
  9. Well, my point of view is different - I trust more home-made tests (of course only well made ones) than tests like AV-Test, AV-Comparatives. Why? Because on the video like this one above you can see everything what's happening during test. Apart from that, this SE Labs test is directed more globally and this video test is supposed to test proactive detection of malware not detected by signatures. Simple and clear. AV companies should take these home-made tests more seriously, because there is nothing wrong in these tests and they can be more accurate than big tests made by "independent" organizations. I would not share this video if it wasn't made fairly, but everything's ok - we see ESET's settings, we can see that scan detects nothing, then samples are executed. That's all.
  10. Really interesting video test - ESET vs undetected by signatures ransomwares https://www.youtube.com/watch?v=c-VVYu1f4e8 Not good, not bad. First sample detected without problems with the new Anti-Ransomware protection. Unfortunately, second sample was able to decrypt files, even if ESET made few alerts. None of antiviruses have 100% protection against ransomware but I hope that ESET will constantly improve anti-ransomware module.
  11. Hi, I have been messing with custom HIPS rules for few days and I already have rules that protect startup entries, tasks scheduler, services, hosts file and autorun.inf. I have also applied rules for ransomware protection following ESET's instructions for business products. I also set HIPS mode to Smart. I just wonder if there another custom rules that can be used for protection against typical malware? Any ideas? Of course second way is to set learning mode for few weeks and then set interactive/policy-based mode, but I'm not talking about it. Cheers
  12. You are right, on the 10.359.0 version (Slovakian) I didn't have this problem, AFAIK.
  13. Hello, In v9 I used to use pre-release updates settings and it was working pretty nice. I have installed today final Internet Security 10 and after initial update, I changed updates to pre-release. It has been updated without problems. However, when I have checked for updates manually, it started to download again the whole package (84MB), just like on the first prelease update. I didn't abort it, update has been installed but after another manual checking, it started to download the same package again. So it always download full package. I made a clean install of v10 BTW. I'm curious if it's something by my side or maybe someone else has this problem too? If not, I will provide neccessary logs or whatever.
  14. Hi, I would like to ask, when Banking Protection module will support Opera? I find it very bad that so popular browser isn't cared by ESET,
  15. Stable version isn't released yet, it should be available before the end of october.
  16. Hi, I would like to ask, how the new HIPS's anti-ransomware module exactly works?
  17. You're right, backup is the best protection. Also you need to be strictly careful when opening email attachments. However, ESET can be tweaked to better protect from ransomware. This .pdf posted by @itman looks pretty nice. When English ESET 10, I will definitely set these rules. Also second good way is to enable learning mode for 2 weeks, use your PC as much as you can, and then set HIPS to interactive mode. Then every prompt by HIPS should be considered as a potential danger.
  18. Below is a .pfd link to an Eset tech paper produced by their Romanian distributer I beleive. hxxp://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&ved=0ahUKEwjy4Of4t9DPAhUFWD4KHeQlBM8QFghdMAU&url=hxxp://www.nod32.com.hr/Portals/66/PDF/anti-ransomware-techbrief_en.pdf&usg=AFQjCNHN_-B-UcNEaldEAOXbtRNbA78xNg The article was written for Eset Endpoint but you can "glean enough" details to create corresponding rules for Smart Security HIPS and firewall. Basically, the rules are to block script and PowerShell execution or dialing out. I would also make the HIPS rules "ask" versus "block" so that you don't auto block some necessary app or system process that uses cscript, wscript, or Powershell. I personally have never received alerts from any of these processes. Note that there is a separate rule for explorer.exe of monitored processes. That is due to the way explorer.exe can be launched as a hidden process e.g. RegCleaner, SpywareBlaster, etc.. It is also possible like default HIPS rules have been created in ver. 10 since Eset states it now has script protection. Comment on this Marcos? Thank you very much, it seems to be very helpful!
  19. Yes. Those settings were copied from a security configuration guide for an earlier ver. of Eset, ver. 6 I believe, that is posted also on the malwaretips.com web site. Many of the rules in the guide now exist as default HIPS rules such as the monitoring of the registry "run" keys. As I warned previously, any monitoring of drive direct access by the HIPS will cause issues with some existing Windows processes. The one most affected is shadow volume copying since it runs in the background. As such, you may not be present to respond to any alert with the result being a borked system backup occurring. So use of this type of HIPS monitoring is at the user's risk. I also have yet to try such monitoring in Win 10. I also use Emsisoft's Antimalware and its behavior blocker does monitor for direct/low level disk access. Is it possible to add custom rules in HIPS settings to improve ransomware protection? Or maybe Smart mode is enough? I'm asking because I've seen Youtube video, where user was testing ESET 10 Beta on default settings and it didn't protect OS from zero-day ransomware sample.
  20. You can create an "ask" HIPS rule to monitor low level disk access on the drive where your OS is installed. Warning: This will cause issues with some OS processes such as shadow volume copy, defrag, etc. and the rule will have to be monitored closely. One possible work around is to also create an identical "allow" HIPS rule to allow low level disk access for all exe's in C:\Windows\System32\*.*. I would also disabled the "ask" rule when doing any Win 10 release upgrades. I've found HIPS settings posted by an user, it includes MBR protection (that's what his post says) https://malwaretips.com/threads/petrovic-config.20748/#post-150572 Are these settings good?
  21. I would say that ESET's HIPS can protect you but for sure not on default settings. You can set a rule to protect MBR, and after all, the best way is to enable learning mode for 1-2 weeks and then switch to interactive mode or even policy-based mode. This will provide high level protection.
×
×
  • Create New...