bEeReE

Hi there, Just noted that the com.eset.network process shows activities around 10% when opening Mac apps such as App Store or Music. Shouldn't it be restricted to "browsers" as per Help section: https://help.eset.com/ecs/6/de-DE/?ud_web_email.html ? If it scans App traffic, how can it be customized to scan Safari only? I've already excluded many applications under "General/Exclusions/Web and Email", but it doesn't seem to work.... Thanks!

Please add the functionality to scan new files only. In my case I don't require eset scanning all the time. Scan settings for Real-time file protection have 3 scan-on possibilities currently: File open, File creation, File Execution. The problem is, that I can't simply disable "File Open" because the "File creation" functionality does not remember which files have already been scanned by eset and which not. When eset is e.g. disabled and files created, those are not scanned afterwards. I see two different possibilities: - separate function: Scan only new files. - enhance the "File creation" functionality so that missed files will be scanned For security reason, there could be a function implemented like other vendors did such as: Scan the new files once, then scan those again within a defined time period or n updated signatures, then stop scanning further as long as such remain unchanged.

Totally agree. Your documentation, support and forum etc. is also not standard in the industry and was/is - next to the scanner's performance - an underlining to stay with Eset, in my point of view. I think the source of such discussions here in contrast to other scanners is, that Eset allows for much more detailed configuration (positively as well as negatively viewed) You do not even think about some topics when using others, as there is no option to play around.

Which is in my point of view perfectly fine (don't worry that your computer is not safe) . Just to give a little bit more sense: In the context of this thread, whitelisted means the files that are somehow excluded from scanning by a mechanism provided by Eset and which does not require manual configuration. As explained e.g. the files from Microsoft that are digitally signed. Such files are the same on all Computers with a specific software version. Eset can check the digital signature and file for validity and integrity - maybe also with additional cross-checks and a first validation during the initial scan. If such files have not been modified, the files must be nearly 100% free from malware and do not require re-scans all the time. Eset may also implement additional mechanisms like creating independent Hash values of a file during the first scan and exclude certain specific files (based on reputation, file types or whatever) for the next scans. Or they may apply other mechanisms. They can also dynamically adjust the behavior in the updates and react to specific conditions. However, how Smart Optimization's conditions are implemented in detail is not yet explained in this thread nor did I found detailed supporting documentation.

How do you measure that for the real-time scanner? If you want the best performance-security ratio, I would leave Smart Optimization on. The thread is about optimizing, not maximizing security 😀

So what's your concrete suggestion for scottls59901? Should he scan frequently or after windows updates in order to improve the performance of the real-time scanner? For the on-demand scanner I can confirm your speed behavior for System32, but not for e.g. files in the user directory. Tested with c\Users\username. Such are scanned in detail the first, then ultra fast the next time if Smart Optimization is enabled. But once the computer was restarted, it takes again the long time. For System32 it remains fast even with new signatures and a restart in my case. Worth to test on your site?

Guess at the end it is more a question of smart optimization turned off vs. on, which will exclude certain file types / whitelisted files etc. from scanning. But the fact that files have already been scanned is not taken that much into consideration. Now we can debate about the pro and cons 🙂

We do not exactly know how smart optimization works unless someone from Eset gives a more detailed reply. But my conclusion so far is with focus on scanning speed, it doesn't matter when or if scans are being performed because they won't speed up other/subsequent scans or the realtime scanner much, especially if signatures have been updated between. You can scan whenever you want just to ensure that your full data population is clean (e.g. automatically with the highest possible time interval or manually once half-year/year). with focus on security, it does probably not make that much sense to perform on-demand scans at all because Eset is re-scanning everything again and again with the real-time scanner when files are created/opened/launcehd/modified etc. (assuming that you du not configure the real-time scanner to a lesser protection level than the default settings). the difference to other scanners may be, that those are handling re-scanning differently (e.g. heavily scanning the first time, but no longer the second time). In this scenario, you can gain improvements for the real-time scanner when scanning first with the on-demand. And you may want to re-scan all from time to time when you have newer signatures available.

No, it's not answered. The linked article states clearly that smart optimization will NOT scan already scanned files again. The article does however not refer to what is happening once signatures are updated etc. and what's now exactly being scanned. If I perform an on-demand scan with smart optimization turned on and after that another again, it requires the same amount of time and is not quite faster (if the description had been correct, it would not scan anything again). There are also other statements: This help for version 14 does no longer refer to already scanned files etc. but more to an intelligent way of scanning: https://help.eset.com/eis/14/en-US/idh_config_threat_sense.html?zoom_highlightsub=smart+optimization However this related to scan profiles describes the smart optimization in the way of not scanning when files have already been scanned: https://help.eset.com/eis/14/en-US/work_avas_ondemand_profiles.html And in a version for End Point Protectionn it was described similarly but that already scanned files are excluded until new signatures have been updated. My questions for Marcos are also not yet answered

What do you mean with "system is faster"? Do you mean that you noted performance issues while scans were running in the background (1) or after the scans just because you run a scan before (2)? Case 1: I would not run daily scans as this is way too much. I have configured smart scans excluding files larger a certain file size for Macbooks every 4 months. For Windows scans without the registry and archives every 14 days. Idle scans are active as well including the registry etc. You can also reduce the scan priority per scan profile in the ThreatSense parameters. I do not run Deep Scans. Case 2: Would be unlogical or more related to an issue. In my case it would be also beneficial if @Marcos could shortly explain how Smart Optimization is actually being implemented in the scanner: If files are scanned, clean and not changed afterwards, will such being scanned again under certain conditions (e.g. new virus signature updates or others (which exactly?)? If yes, by the on-demand as well as realtime scanner or is this differently triggered? That's probably a difference to other scanners which provide an explicit option "scanning new or modified files only". If files are scanned with an on-demand scan and smart optimization is turned on, does this also affect the re-scanning of files in other on-demand scans or the realtime scanner? Or ist it just like an incremental scanning per scan job?

This configuration described under "Disable network connection found notifications" for Windows is missing in the Mac version, right? "Setup/Application Preferences/Alerts and Notifications/Setup" does not have a configuration item for new network connnections.... https://support.eset.com/en/kb3754-change-network-connection-firewall-setting-in-eset-windows-home-products

Is there a possibility to configure a default assignment to the public "trusted zone" similarly to the Windows version of the firewall?

Thats the problem… current descriptions are wrong and functionality not provided as described…. :)

Thanks for clarification, @Marcos Another feature Mac user must waiting on...I suggest to adjust the website (sales page for Mac products) because the advertising box for myESET shouldn't be displayed there as it is wrong in the current form the advertising box for myESET on the website because it advertises that remote device control is possible for ALL devices the PDF manual etc. and clearly state for which products related functions are not available That would give more transparency

The last screenshot states in English: Open now your ESET-Product on your device and connect the device manually. But how can I do that in ESET Cyber Security?

myESET shows a section "licenses" and "devices". As written on the website and in documentation, the device section should allow monitoring of the security status of all connected devices. When I go to devices and add new devices, my Mac's are listed to be "ready" for the connection presented in a recommendation box. However, when I go further it is mentioned that I have to initiate the connection locally on my device. How can I do that in ESET Cyber Security? PS: the function is not related to the dedicated products Anti Theft, Parental Control or Password Manager. For those, a separate dashboard box exist.

That's the problem.... I am currently only testing Eset and will probably switch from Bitdefender as I don't like the Mac version. For family members, especially elderly ones, the reputation based info of TrafficLight is very helpful so I look a little bit for standalone alternatives because Eset doesn't provide sth., but don't like browser plugins from Norton, MacAfee etc. It is in question at all if I wan't to install a plugin giving another attack vector... but hard to communicate such if people are used to... Anyway, don't want to steal the threads topic, which is likely not Safari related

Is there a good one for Safari? WOT plugin isn‘t supported currently....

Thanks a lot, Peter! I have successfully tested this version (received from support) and can confirm that the speed was back

Would be beneficial to categorize such sites into a separate category so that users will be able to block those, in my point of view....I am not affected. But for others it may be great... Categorization of Brightcloud: Proxy Avoidance and Anonymizers.

But how to deal with such vpn an proxies? Isn‘t there a possibility of blocking a „proxy“ category? How is e.g. cyberghostvpn.com be categorized?

Same. Opened the 2nd ticket at local support. Now I was told that they were able to reproduce and wait for a response from developers...

I use Untangle NG Firewall and I am quite happy. I can block applications like your posted cybergho based on dedicated application filter etc. However, router based doesn‘t work if you are on mobile network etc. Similarly, DNS filters will not work if you change the DNS settings on your client and being outside of your controlled LAN. For sure, you could force VPN connection to home via App etc., but not if there is a possibIlity to easily delete the app. Depending on the age, they can also install a rogue access point and build their own WLAN at home thus not being detected as the child’s device if you don‘t monitor onboarding of new devices and and and. I think you can‘t control much if the clients itself aren’t under control. And then the question is, if and up to which age you want to block everything or just focusing on monitoring and awareness/discussions.

Can‘t eset block a related category? E.g. proxies, vpns or uncategorized sites? Depends on categorization, not?