rugk

Then maybe this should be changed so that ESET also scans this files in realtime-protection. And additionally also files from external devices should be checked against ESET LiveGrid.

When downloading files and receiving email. Also if a new file will be created? E.g. from an unsupported email client or an browser through an SSL connection (without SSL scanning enabled)?

Now I'm confused... And when will it work then? Yes I know. Ehm..., because the file will deleted and maybe something won't work? But again back to this: How is a file blacklisted in cloud? If it is not only the user count, what is it then?

OK. That's a good reaction! Thanks.

OK you think so, but to really conclude the thread I think we need an official statement of ESET whether this is a real reseller or not. And how this site looks I can't imagine that many people buy ESET products from this site! Edit (very late): ESET real headquarter (the headquarter of the headquarters) is in Bratislava. And on the site it tells you that the headquarter is in San Diego in the same sentence as it tells when it was founded, it sounds like it was founded in San Diego and had from this state it's headquarter there. In fact this was "added" later and ESET was founded in Bratislava where they have their worldwide headquarter.

I agree. The design is bad and I don't looked at the coding before you're post but yes there are really many errors in the coding. Yes that describes the page best. And because of this I also disbelieve that it isn't an official ESET partner. If the partnership would be true then ESET should rethink the partnership to him. If it isn't true (and the site owner is lying) then ESET should think about what to do with this site. (e.g. setting on the blacklist) And I think they would also had judicial ways to go against this.

Now I found an real error what he tells about ESET as a company. On this site hxxp://www.computersecurityassociates.com/about/about.htm he tells ESET would be headquartered in US: This is not it's headquarter, their headquarter is in Bratislava (Slovakia). And as a real partner he should now this! On the other hand he maybe just made a small mistake. I also have to say that this page is more detailed than the official ESET page about it's history. And I also have to add that you can buy the ESET software on the page.

OK. Thanks for the answers.

I just found this site: hxxp://www.computersecurityassociates.com/ (WHOIS) And the creator of this site claims in every corner of the page that he would be an "Authorized (Gold) Partner of ESET". But - and I don't want to affront the website creator - this site don't looks such professional. But at least there are contact data to the "Computer Security Associates, LLC" (a web search finds nothing useful about this company) inclusive address, email and phone. I also checked some download links and they are going to the official ESET site, so I don't think there is malware on this site, but of course I can't promise it. And from the Whois report I only got out that the site was registered by FASTDOMAIN or by hostmonster. So what is this page? Is the page owner really an official partner of ESET? And finally: Can we trust the website (owner)?

Yes you're right. Take 1936 (Android) as an example: The link there goes to hxxp://www.virusradar.com/en/update/info/1936 where it is displaying "Update 1936 (2004-11-30) in the tab "Update Info". But if you search on this site for Android you'll see that in this update is no signature for any Android update was added. If you click on the tab Android and click there on 1936 you'll see a different page: hxxp://www.virusradar.com/en/update/android. There is a new signature listed: Android/Andup.U. If you click on it you'll see the description for this treat (hxxp://www.virusradar.com/en/Android_Andup.U/description). And now you can also see the global VSD version 10314. You can click on this to sea the signature database (hxxp://www.virusradar.com/en/update/info/10314). And you will see that this update is published on 2014-08-25. So there is really something wrong. And I also found another error: The Android VSD version 1937 contains no signatures on virusradar. If you look at the site you see just a white place.

ESET always distributes valid user data. But back to topic: No other fall is known, so it seems to be that only one user is affected. I'm quite sure you don't need it, because it's quite improbably that you are affected. If the support detects an overuse of your license data then they surely will change your password. BTW: Changing passwords would be much more comfortable (you would be able to do it yourself) when this suggestion would be implemented. And please follow Marcos post and PM him an uncensored version of the screenshot if not already done. Then they will surely can check this issue. And as an information, it also can be that someone just entered a wrong email and that was yours.

OK and is a notification displayed or the file execution blocked if a file is really risky (and I'm not talking about the fact that it is used by <5 users or something like this)?

In my thinking I hit on the thing with ESET LiveGrid and the file reputation. And now there is a small thing that I don't understand. Like you can e.g. see in this screenshot you can see a risk and a icon that indicates how many users are using this file. But now there comes the question: How do you indicate the risk? Only of the number of users using the file? And if it's so isn't this done twice?

Ahh... yes. It was an error and not a question how do make it... Sorry for confusing.

I think he means that the scan should start if he unlock it's computer. Or are I'm wrong? If this is the case I can say you that the scans also can run in the background if no user is logged in or the computer is locked. Or do you - @@nosteele - mean that your scan should start directly after starting your computer if it was not run? In this case you should check the box "Run as soon as possible". But the option "next scheduled time" is something different. @@Arakasi: It is also possible to edit a rule, no need to delete and recreate it.

@SweX Yes your suggestion is similar. But my idea is "connected" to a suspicious activity (autorun). And this is why I said it should be using LIveGrid to find out if the file is known. And I agree that you shouldn't flag a file only because it has too less users. I want to know if a file is known and this it is if 1 user uses it... So I want the same, but in this suggestion it's not only executing an unknown file that is potentially dangerous, I "connect" it to a suspicious activity to even more reduce the number of messages/questions the user will see. But the second part is more generally: I would like if the user has also the ability to "work" with the data from ESET LiveGrid in self-defined rules. So if a user would like to be asked for an action of every process with less than 50 users then he would be able to add this rule. But if he is such an advanced user who can add this rule (and if he knows what he does) then he surly can also deal with these FP. But maybe I have to change this suggestion a bit and much more generalize it, because there are of course more parts with rules than just HIPS: Maybe you should also add an ESET LiveGrid option ( used by X users in ESET LiveGrid or risk is low/medium/ok in ESET LiveGrid or file is known (1 or more user(s) is/are using it) / file is unknown (0 users are using it) ) as an factor for HIPS/firewall/... rules, so that a user can create rules with adherence to ESET LiveGrid. If this could be implemented, ESET LiveGrid would get much more powerful for advanced users that want to create rules with ESET LiveGrid statistics.

Yep but it does not work worldwide, as I am taken to my local distributor when I click "add to cart". You're right, but this was conceivable. ESET has many distributors in many countries...

Yeah! You're right! I forgot it... Here is my recently opened topic about it: Special Offer - Many Eset Products Reduced In A Limited Time

But I can also agree that you might want to see the really important things at a glance. Maybe also a summary at the end of the scan log would be useful, like this: Found treats in these files: C:\example\file1.exm - XY virus - (...) C:\example\file2.exm - XY worm - (...) C:\example\file3.exm - XY trojan- (...) and so on... BTW: I also don't know how to filter the threat detections out. Are threat detections Informations, Warnings, Errors or Critical? If I select critical nothing is displayed and if I select errors also the errors when opening a encrypted or destroyed compressed (ZIP/RAR/...) file are displayed. So what should I select?

OK, good to know this. But another question: Will this Smart Mode the default mode in ESET v8 products or not? And what about something like this "rule"? "If a program is registered to autorun (in registry, autorun folder or the autorun.inf of removable devices etc.) and it is completely unknown (= 0 users used it) in ESET LiveGrid (so that it can't be confirmed that this file is secure) then ask the user whether he wants to allow this action." Maybe you should also add an ESET LiveGrid option (used by X users in ESET LiveGrid or risk is low/medium/ok in ESET LiveGrid) as an factor for HIPS rules, so that a user can create rules with adherence to ESET LiveGrid.

Yeah you're right. It's really a good idea to offer the downloads "through" a HTTPS connection. Especially for Linux it would of course be useful, but also the other downloads can pushed through HTTPS. Only as a side note: Much more important is to encrypt the update traffic, because there also the license data is sent.

Yeah, maybe you're right, but there are still other reasons for the Online License Managment.

Yeah I understand (that the license is not checked at installation and only at updating), but with an online license management they also would be able to check this at installation, so that license misuse is detected rather and the ESET product can stop providing protection (or something similar). E.g. a user could also deactivate updates and/or only update (manually) every week/month/(...). In this case maybe the license system will "think" that this one time in a week/month it's a new computer and let it update. Of course this would not provide a good protection, but it's only an idea. But this is an untested idea and I don't know (and also don't want to now) whether this works or not. And I won't give any more ideas to bypass this system. This is a public forum and I don't want to post something like this here. But at one thing I'm quite sure: An online license management with checking the license at installation would prevent license misuse more than the actually system - I think. Hint: @moderators: If you think you have to censor some parts of this post feel free to do it.

If you want to get more information about a partnership with ESET (directly) also look at this site: hxxp://www.eset.com/int/partners/

Oh, interesting... But you should be clear in your mind what this means on the other hand. On the one hand this error here shouldn't exists, but on the other hand it's not quite a good technology to prevent this misuse of license data. But to solve this 2 problems at once I already had an idea: Online License Managment. In this idea this issue could be solved in a simple way: The user would have to login online to the online license managment. Then he can identify the broken device and delete it. Now the license would be free (4 of 5 devices used) and a new device could be added. And now the user would be able to activate the license on the new device without any problem Like I say it's only an idea and I'm currently making a simulation to show how I mean this. I'll post in the "Online License Managment" topic if I'm finished.