Both ZoneAlarm and CyberSight state that their compatible with all AV solutions.
Since ZoneAlarm offers a 30 day free trial and CyberSight is freeware, best approach is to run Eset IS with either one during the 30 day period and monitor for any conflicts. If conflicts arise, most can probably be resolved by adding either product's main executable as an exception in Eset's Realtime and possibly the new Deep Behavior Inspection protection.
Note that the most important point in evaluating any security software is how effective is its self-protection mechanism. If ransomware can disable ZoneAlarm or CyberSight, they are worthless for all practical purposes. Worse is if malware can inject code into same. Since you may have created an exception in Eset for the product, malware running from same can run unabated.
Enable parental control --> block the uncategorized website (for having robust web filtering)then open a website that has now category so Eset block it but you may want to allow this URL fast.
It Would be good if Eset provides an option to unblock websites by password from the browser(or from the parental control log), not Eset parental control settings. its easier to manage,
Also, Eset hips show the loaded drivers but it doesn't show the digital signature for them.I like to see the signature.
Dear forum members,
We are considering a change in the product's behavior but before doing that, we would like to consult you, our field experts with regards to the problem and suggested change.
We kindly ask you to:
Read this message carefully
Talk with other people of your support staff, whether they are aware of issues related to current behavior
Provide any comments (supportive / negative) towards the proposed change
As of now, one of the issues that our customers are facing is the behavior of products in managed environment, related to handling of detections and cleaning of Potentially Unwanted and Potentially Unsafe Applications (hereafter referenced as PUA)
The following are prerequisites of the behavior:
Default cleaning settings on the Endpoints (normal cleaning)
Detection of PUA is enabled.
With these settings we were reported the following problems by several customers and resellers / MSPs that we have interacted with directly during a customer research.
Main problems are:
End users on local machines are forced to respond to an „interactive window“ that is asking for action in case of a PUA detection, which can by triggered by protection modules or the on-demand scanner. They offer the „ignore & continue“ action even in managed environments where the end user should not make decision. Users can try to install a PUA which usually ends with multiple interactive windows appearing.
If a PUA is already in the system and you schedule an on-demand scan, it will be reported to the user again and a dialog with action selection is shown to the user. If this happens on a server, it will be never resolved; the dialog eventually expires, and then will be reported again and again to the server upon re-scanning.
The only solution currently is to set an exclusion or to set cleaning mode to strict which will automatically remove the PUA detection without asking.
What are we planning to do:
We are planning to change the product behavior in a way that our endpoints will automatically block / clean PUA detections in managed environments according to the option selected by an administrator, meaning that the end users will never see interactive windows.
Alerts (only one) will be reported to the ERA, and it will be up to the security administrator to either set an exclusion or acknowledge such detection.
After exclusion, reinstall of the affected PUA will be needed on the target system; restore from quarantine is not enough since „cleaning“ also removes references which are not restoreable (this is valid also now, when Exclusion is „cleaned“).
We would like to hear from you and ask for feedback whether you consider this change as risky from the perspective of customer expectations. We do perceive the problem as serious and would like to change the behavior even for existing users by means of a module update. An alternative approach is to change it only in new versions of our products, meaning Endpoint V7 and eventually backport it to a new 6.6 hotfix if that happens in the foreseeable future.
How the interactive window looks:
How it looks in the logs:
How it looks in the ESET Remote Administrator:
Please note that we are also bringing a lot of changes into the ESMC:
Cleaned „threats“ are automatically going to be marked as resolved (once the behavior is implemented, you will automatically get the PUA cleaned at the „first detection“) and will be automatically „resolved“ in ESMC (no duplicated entries when one clicks „no action“)
You will be able to set exclusions directly from the threats section, basically by „one click“; there will be also an option to set „exclusion by HASH“ in EES.
Thank you for your feedback & support.
Please open a new topic and provide more information, including hashes of the malicious files. It is not true that ESET is bad at protecting against ransomware, quite the contrary. Of course, if you have a weak overall protection and an attacker with admin rights manages to remotes in, no matter what security software you you since with admin rights the attacker can do virtually anything, including disabling the security sw prior to running ransomware. Again, no security software detects 100% of threats and if you claim the opposite, we could prove you to be wrong.