Jump to content

SeriousHoax

Members
  • Posts

    201
  • Joined

  • Last visited

  • Days Won

    4

Kudos

  1. Upvote
    SeriousHoax received kudos from 0x55 in antivirus version 15.0.6   
    One thing that I don't like about LiveGuard is that it seems to send every new file created on the device to LiveGuard upon execution. Even if it's an old, trusted and safe file. As you soon as I try to execute a new file that wasn't on my device before, ESET sends that to LiveGuard. Eg: If I just extract a newly downloaded 7zip installer from a zip file where the installer exe is trusted by literally every AV, as soon as I execute it, it gets blocked and submitted to LiveGuard for analysis. What's the point of this? A ESET's reputation check shows that the file is old with reputation status being Fine & green and the number of users is also high with a green mark. 
    ESET should feed from this LiveGrid status and determine that the file is trusted, whitelisted and not necessary to submit it to LiveGuard for analysis. This alone would massively reduce the load on LiveGuard's server. This type of unnecessary submission needs to be avoided. Kaspersky and Norton makes use of their cloud reputation appropriately, which is something ESET is not doing here. The LiveGrid reputation should mean something. The LiveGrid and the LiveGuard combo should communicate with each other to determine what needs to be submitted and what not. Otherwise, LiveGuard servers are going to be bombarded with excessive unnecessary submission. 
    Unnecessary submission is going to annoy even expert users.
  2. Upvote
    SeriousHoax received kudos from 0x55 in antivirus version 15.0.6   
    This is similar to Avast's (and AVG) CyberCapture feature, which is available even in the free version. The difference is that cybercapture is dependent on the Mark of the Web similar to Microsoft's Block at First Sight feature, while it seems with ESET it's for every file that is not known to ESET. So this is a nice feature and a good addition. But I can't really justify the decision to not include it in the Internet Security version. ESSP is ridiculously expensive. LiveGuard should've been made available to both EIS and ESSP. 
  3. Upvote
    SeriousHoax received kudos from New_Style_xd in antivirus version 15.0.6   
    One thing that I don't like about LiveGuard is that it seems to send every new file created on the device to LiveGuard upon execution. Even if it's an old, trusted and safe file. As you soon as I try to execute a new file that wasn't on my device before, ESET sends that to LiveGuard. Eg: If I just extract a newly downloaded 7zip installer from a zip file where the installer exe is trusted by literally every AV, as soon as I execute it, it gets blocked and submitted to LiveGuard for analysis. What's the point of this? A ESET's reputation check shows that the file is old with reputation status being Fine & green and the number of users is also high with a green mark. 
    ESET should feed from this LiveGrid status and determine that the file is trusted, whitelisted and not necessary to submit it to LiveGuard for analysis. This alone would massively reduce the load on LiveGuard's server. This type of unnecessary submission needs to be avoided. Kaspersky and Norton makes use of their cloud reputation appropriately, which is something ESET is not doing here. The LiveGrid reputation should mean something. The LiveGrid and the LiveGuard combo should communicate with each other to determine what needs to be submitted and what not. Otherwise, LiveGuard servers are going to be bombarded with excessive unnecessary submission. 
    Unnecessary submission is going to annoy even expert users.
  4. Upvote
    SeriousHoax received kudos from r1man in antivirus version 15.0.6   
    One thing that I don't like about LiveGuard is that it seems to send every new file created on the device to LiveGuard upon execution. Even if it's an old, trusted and safe file. As you soon as I try to execute a new file that wasn't on my device before, ESET sends that to LiveGuard. Eg: If I just extract a newly downloaded 7zip installer from a zip file where the installer exe is trusted by literally every AV, as soon as I execute it, it gets blocked and submitted to LiveGuard for analysis. What's the point of this? A ESET's reputation check shows that the file is old with reputation status being Fine & green and the number of users is also high with a green mark. 
    ESET should feed from this LiveGrid status and determine that the file is trusted, whitelisted and not necessary to submit it to LiveGuard for analysis. This alone would massively reduce the load on LiveGuard's server. This type of unnecessary submission needs to be avoided. Kaspersky and Norton makes use of their cloud reputation appropriately, which is something ESET is not doing here. The LiveGrid reputation should mean something. The LiveGrid and the LiveGuard combo should communicate with each other to determine what needs to be submitted and what not. Otherwise, LiveGuard servers are going to be bombarded with excessive unnecessary submission. 
    Unnecessary submission is going to annoy even expert users.
  5. Upvote
    SeriousHoax received kudos from NewbyUser in antivirus version 15.0.6   
    One thing that I don't like about LiveGuard is that it seems to send every new file created on the device to LiveGuard upon execution. Even if it's an old, trusted and safe file. As you soon as I try to execute a new file that wasn't on my device before, ESET sends that to LiveGuard. Eg: If I just extract a newly downloaded 7zip installer from a zip file where the installer exe is trusted by literally every AV, as soon as I execute it, it gets blocked and submitted to LiveGuard for analysis. What's the point of this? A ESET's reputation check shows that the file is old with reputation status being Fine & green and the number of users is also high with a green mark. 
    ESET should feed from this LiveGrid status and determine that the file is trusted, whitelisted and not necessary to submit it to LiveGuard for analysis. This alone would massively reduce the load on LiveGuard's server. This type of unnecessary submission needs to be avoided. Kaspersky and Norton makes use of their cloud reputation appropriately, which is something ESET is not doing here. The LiveGrid reputation should mean something. The LiveGrid and the LiveGuard combo should communicate with each other to determine what needs to be submitted and what not. Otherwise, LiveGuard servers are going to be bombarded with excessive unnecessary submission. 
    Unnecessary submission is going to annoy even expert users.
  6. Upvote
    SeriousHoax gave kudos to itman in antivirus version 15.0.6   
    I just checked U.S. prices for Eset. ESSP costs $10 more per year than EIS. As such and for me personally, the increased price is not a major factor.
    This important LiveGuard feature being included only for ESSP does "leave a bad taste in my mouth." For starters, Eset should have had LiveGuard capability in its consumer product versions long ago. Like feature capability has existed for some time in Eset competitor consumer products as you noted. This includes Microsoft Defender that doesn't cost anything. I also have no need for the extra features ESSP provides and feel upgrading to it for LiveGuard capability is shady marketing tactic.
    It also should be noted that EIS costs on the average, significantly more than its competitor's equivalent products.
    Bottom line to Eset - include LiveGuard in EIS or be prepared for a significant loss of your existing EIS product base.
  7. Upvote
    SeriousHoax gave kudos to Mr_Frog in antivirus version 15.0.6   
    @SeriousHoax  has explained it here and i also remember @itman discussing about this:
     
  8. Upvote
    SeriousHoax received kudos from Mr_Frog in antivirus version 15.0.6   
    This is similar to Avast's (and AVG) CyberCapture feature, which is available even in the free version. The difference is that cybercapture is dependent on the Mark of the Web similar to Microsoft's Block at First Sight feature, while it seems with ESET it's for every file that is not known to ESET. So this is a nice feature and a good addition. But I can't really justify the decision to not include it in the Internet Security version. ESSP is ridiculously expensive. LiveGuard should've been made available to both EIS and ESSP. 
  9. Upvote
    SeriousHoax received kudos from NightVision in antivirus version 15.0.6   
    This is similar to Avast's (and AVG) CyberCapture feature, which is available even in the free version. The difference is that cybercapture is dependent on the Mark of the Web similar to Microsoft's Block at First Sight feature, while it seems with ESET it's for every file that is not known to ESET. So this is a nice feature and a good addition. But I can't really justify the decision to not include it in the Internet Security version. ESSP is ridiculously expensive. LiveGuard should've been made available to both EIS and ESSP. 
  10. Upvote
    SeriousHoax received kudos from AZ Tech in ESET need realy an antiCryptor module   
    Still that's not good enough. Maybe we could ignore if it was one or maybe two. But 7 ransomware miss at the time of testing is a huge number. It shows again what the OP suggested that ESET's ransomware shield is very bad and almost not effective at all. ESET needs to improve.
  11. Upvote
    SeriousHoax received kudos from NewbyUser in ESET need realy an antiCryptor module   
    Yes exactly. They are very sensitive about false positives and this is why they falling behind. Some other products are doing well in this regard while maintaining low false positives. 
  12. Upvote
    SeriousHoax received kudos from NewbyUser in ESET need realy an antiCryptor module   
    Still that's not good enough. Maybe we could ignore if it was one or maybe two. But 7 ransomware miss at the time of testing is a huge number. It shows again what the OP suggested that ESET's ransomware shield is very bad and almost not effective at all. ESET needs to improve.
  13. Upvote
    SeriousHoax gave kudos to itman in eamonm.sys BSOD - Stop code: SYSTEM_THREAD_EXCEPTION NOT HANDLED   
    Just a FYI here.
    The July cumulative updates are rolling out and a number of Win drivers were updated. The one that caught my eye was usbprint.sys which is the USB printer driver. So it is possible this Eset BSOD issue might be resolved after applying this update.
  14. Upvote
    SeriousHoax received kudos from fabioquadros_ in Avast Now Also Has Block-At-First-Site-Capability   
    The blog post is from 2016. So Avast has this for 4 years. BTW, this particular feature on Avast requires MOTW.
    Anyway, ESET should take inspiration from Kaspersky's Application Control.
  15. Upvote
    SeriousHoax received kudos from Aryeh Goretsky in eset Internet Security Installation Bug?   
    This is common when If Controlled Folder Access of Windows Defender was enabled prior to ESET installation.
    Now if ESET has been installed then Windows Defender and it's Controlled Folder Access module should be disabled by now. Restart the system to be sure and everything should be alright now.
  16. Upvote
    SeriousHoax gave kudos to itman in Avast Now Also Has Block-At-First-Site-Capability   
    The fact is Eset has all the internal mechanisms in place to accomplish this. All they have to do is block the process until LiveGrid black list determination processing has completed. As to the false positive element, I say "to hell with that." Most home users would not be significantly impacted by such process blocking. 
    This could be also further refined by adding Trusted Publisher, signing, etc. criteria to Eset Reputation scanner. Failure on reputation coupled with suspected malicious activity should be enough to block until LiveGrid initial scanning is completed.
  17. Upvote
    SeriousHoax gave kudos to itman in Avast Now Also Has Block-At-First-Site-Capability   
    Avast blog article here: https://blog.avast.com/cybercapture-protection-against-zero-second-attacks .
    Detail on configuration options here: https://support.avast.com/en-us/article/54/
    Of note is this feature exists even in Avast free version.
    Time Eset "get with the program" and offer same like capability for their home use products.
  18. Upvote
    SeriousHoax received kudos from peteyt in Windows 10 Security and ESET   
    Turn it on. It's not related to ESET, it's smartscreen that's built into the system. It doesn't usually turn off automatically so not sure what happened there. 
  19. Upvote
    SeriousHoax received kudos from shocked in Rude and unhelpful customer support   
    We can't change what happened and you're unlucky that a non-authorized seller sold you a pirated license 2 years ago.
    Now if you're still reluctant to buy from your local ESET website then you may go to one of the authorized partner by yourself and buy a physical copy of it from there and this time make sure to register the ESET license to your ESET account. An account isn't needed but it lets you see if the license you is being used on a PC or not.
    https://www.eset.com/lt/platintojai/
  20. Upvote
    SeriousHoax received kudos from itman in Rude and unhelpful customer support   
    We can't change what happened and you're unlucky that a non-authorized seller sold you a pirated license 2 years ago.
    Now if you're still reluctant to buy from your local ESET website then you may go to one of the authorized partner by yourself and buy a physical copy of it from there and this time make sure to register the ESET license to your ESET account. An account isn't needed but it lets you see if the license you is being used on a PC or not.
    https://www.eset.com/lt/platintojai/
  21. Upvote
    SeriousHoax gave kudos to itman in "pyrate", Behavior Blocker Bypass POC   
    It's been a slow forum posting weekend and it appears this thread has run its course. We have all had the opportunity to "rant and rave" about Eset Home version protection features we all wished we had and in reality, probably never will have. So it is time to expose this Python POC for what it is - fake ransonware. Err ..... what, you say? The POC encrypted files. Well so does a lot of legit encryption and other apps including user created ones. So lets get into this.
    A few years back, the NextGen security software vendors were trying "to get traction" against the established AV vendors with their supposed superior behavior detection methods. Corresponding to this was the appearance a proliferation of ransomware "simulators" where one was encouraged to test their existing AV solution with. The most infamous of these was RanSim produced by KnowBe4: https://www.knowbe4.com/ransomware-simulator . I wrote a thread about the methodology used by this product and similar ones here: https://forum.eset.com/topic/10792-ransomware-simulators-a-detailed-analysis/ . Eset subsequently commented upon Ransim tactics in their own publish article on Eset ransomware protection:
    https://cdn1.esetstatic.com/ESET/INT/Docs/Others/eset-vs-crypto-ransomware.PDF
    So let's get into some details on the POC. First, note this from the POC's author posting about it at malwaretips.com:
    Next is why no vendor on Virus Total detected the POC initially and I believe presently. That one is pretty straightforward. The ransomware portion of the POC never ran. The POC pauses program execution waiting for user input to continue. VT's automated sandbox analysis timed out waiting for input it does not respond to.
    In summary, I am not 100% ruling out that techniques used in the POC could bypass existing Eset ransomware detection methods. However, a POC must be developed deploying real world ransomware deployment and execution methods with the most important being the program runs uninterrupted and encryption activities performed against all existing files in C:\Users\xxxx\Documents\*, etc. directories.
     
  22. Upvote
    SeriousHoax received kudos from NewbyUser in "pyrate", Behavior Blocker Bypass POC   
    All the ASR are available for Windows Defender too.
  23. Upvote
    SeriousHoax received kudos from Kubo123 in Multiple Eset securities detected when installing oculus app   
    You can use FRST to delete that registry entry from windows security integration. Reinstall ESET only after doing so.
    hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  24. Upvote
    SeriousHoax received kudos from Kubo123 in Multiple Eset securities detected when installing oculus app   
    You can try scanning by the tool. It will open two logs after scanning then search ESET to check whether it exist.
  25. Upvote
    SeriousHoax received kudos from micky_aurthor in Online + Offline Installer and First update after installation   
    Ok Live installer it is. Just a synonym but the meaning should be the same. The live installer can still determine the OS and install the full product from online and then install it. Maybe it would be even possible to implement something like multi-threaded download so that the download speed should be fast unlike the in product download speed which is terribly slow for me which is also I mentioned above.
    Is 85 mb would be the size of the installer for the whole package? I see that ESET currently downloads around 150 mb during the first update. So if the compressed version in an offline installer is only 85 mb then I think that's not big at all. That's probably the smallest I've seen. Even with my not so good internet it would only take over a minute to download that. Even a 150 mb installer shouldn't be considered huge and many other AVs have a lot larger ones. Also like you said, the live installer's job is to download the product without worrying about OS versions, etc so most people are likely to download the live installer anyway so a 85 mb or even a bit larger optional offline installer is fine and seems more appropriate than the current one.
×
×
  • Create New...