FleischmannTV

Be advised, even when "Detect shellcode injections" is unticked or the HIPS is switched off entirely, you have to set exclusions for "Detect shellcode injections", or otherwise the cguard32/cguard64.dll will be injected.

Dear ESET team, since Advanced Memory Scanner technology is a post-execution mechanism, I would like to know if its detections still count as detected / protected in lab tests, such as AV-C and AV-Test. Thank you.

Just remember that ESET is going to detect malware better with protocol scanning enabled. It's not just about blocking malicious websites, but malware that passes through the protocol scanner is investigated more thoroughly with additional assistance from LiveGrid. This is an important part in ESET's zero-day detection.

I can confirm this on my computer as well. Downloads drop from 15 MB/s to 0,8 , while ekrn.exe uses around 30% cpu on my Core i5-3450. If I disable protection, download speed increases to 15 MB/s again. Windows 10 x64 Pro Nod32 9.0.318.20

Interesting picture of ESET's CEO. Didn't know that was actually Guy Pierce.

The tool from Malwarebytes doesn't exploit vulnerable applications which ESET's exploit blocker is watching. Hence there are no alerts. I suggest you try the Exploit Test Tool from Surfright. This tool allows you to choose the application which is exploited. From there you can select your browser or pdf reader. Then you should get alerts from ESET. hxxp://www.surfright.nl/en/downloads/

I am sorry to rain on your parade, but this site is as far from real world as it gets. Real world means two things in my books. For one thing, it has to be about threats that users are actually facing (prevalence), and not some exotic stuff nobody ever encounters. And for another a product needs to be able to use all of its components in order to protect the user. As for prevalence, I cannot say if CRDF is taking that into account. As for utilizing all of a product's components, they definitely don't. They just use VirusTotal for scanning the samples. This means it's nothing more than a right click scan of a file. Stopping the user from downloading the malware in the first place or any other non signature based methods of protection, like HIPS, behavioral analysis or reputation systems etc? Nope. For what it's worth, a product could be at the bottom of that list and still protect you better than the one at the top. In that regard this site is very misleading. In my opinion this CRDF link should never be posted without a clear disclaimer about how it actually works, because every time I see this come up, it's clear that the poster doesn't understand it.

@TJP It simply means that Kaspersky Lab and others have recognized the immense ramifications of these test results and therefore they are dedicating time, money and man power in order to detect even those "threats", which have little to no real-world value. People are regularly panicking and changing AVs over detection differences of 0,5 %. This is why companies are wasting resources in order to detect even the most insignificant supposed malware. It is not cheating.

If you had bothered to read the topic of this thread or the survey, you would have realized that this isn't a comparative review .

@Maximus Could you try to open the AMTSO phishing test page, located here: hxxp://www.amtso.org/feature-settings-check-phishing-page-intro.html This is just to check if protocol filtering is working at all with Cyberfox. If you are able to open the link located at that page, then protocol filtering isn't working correctly with Cyberfox and that could be the reason why you are no longer experiencing any problems, now that you've switched from Firefox to Cyberfox.

It probably has something to do with caching. When I delete the cache in Chrome, detection upon left-click is working as well.

Greetings. I know I have already asked this in a somebody else's topic, but since this topic has already been marked as answered I think it would be best to talk about this in a separate topic. The reason I am writing this is because I have witnessed weird behavior of ESET in regards to AMTSO's cloudcar.exe file when I try to download it with Google Chrome. If I download it with right-click \ save-as, it is detected, no problem. If I initiate the download with left-click, it is not detected. Once on the disk, I guess it won't be detected anymore because LiveGrid only works during download, am I correct? Weirdly, sometimes ESET was able to detect cloudcar.exe upon a left-click download as well, though I am not able to reproduce the latter consistently.

Hey there, I just wanted to report that with the latest Version left clicking to download the cloudcar testfile is now blocked in Chrome as well.

I have just done further tests. I can download the cloudcar.exe with Chrome (32 and 64-bit), but it is blocked in Firefox and IE. Chrome protocol filtering is working though because the phishing page, EICAR and PUA downloads are blocked. Edit: When I try to save the cloudcar.exe in Chrome with right-click and "save as", ESET blocks the download in Chrome as well. When I try to save it by left-clicking the download link, it doesn't.

I just want to report that I've witnessed this several times in Nod32 7 and recently in 8 as well. For some reason LiveGrid does not function properly even though participation has been checked during the installation dialogue. Deactivating and reactivating in the configuration didn't help, only uninstallation followed by reinstallation.

Application dependent Gamer-Mode ESS and Nod32 already have a gamer-mode, but it is triggered by full-screen applications. Yet there are many full-screen applications which use so few resources that this would be the ideal time for ESET to perform background tasks. Hence I would like to suggest the addition of a application dependent gamer-mode, so we can disable full-screen gamer-mode and still have it activated when it counts.

I cherish ESET for not having something like this. Further, in order to rate search results the AV has to know whether they are safe or not and if it knows they are malicious, it will block access to them anyway. In addition to the database of known malicious websites the web-av part of ESET scans the contents of websites as well. So you are covered very well with ESET. Just a closing thought regarding site advisors, how do you know if a link is safe when you see it in a forum or an e-mail? Those site-advisors don't work there but the web-av protects you regardless.

After a default installation "Advanced heuristics on file executions" is enabled by default. However, when you click on "Default" in the lower right corner of the corresponding window and reset to default, it will be disabled again, no matter if you reset only the "Advanced setup" or all settings. So there must be a discrepancy between a default installation and resetting to default settings. It would be nice to know if anybody else can reproduce this.