yongsua

ESET heuristic indeed has very good detection on new variants of malware. However, IMHO, I do believe that no AV can really detect a wholly and newly created malware since it is something out of the knowledge of the AV, this is where human analysis is needed to "teach" the AV.

The automatic mode should block every incoming connection unless it is allowed under pre-defined rules by default. However, I have no idea with the outbound connection when the firewall is set to Auto mode. Is the firewall going to allow every outbound connection regardless what application is attempting to connect to the Internet? Does the firewall block any outbound connection in case it is a suspicious or malicious one?

Ya.... I am used to download the "Slim" version and will continue stay to with it even though sometimes the newer build has no slim version.

Could you try uninstalling ESS and installing EAV instead to find out if the mentioned problems with browsing persist? Do you experience these problems with any browser? What operating system / platform are you using? I am using Windows Vista and I think I only have problem with Chrome. Sometimes when I want to view a webpage, the webpage will just go crashed with Chrome. Sometimes, the webpage doesn't load properly or load too slow. However, when I try to surf to the exactly same webpage with Firefox, it works perfect. But I want Google Chrome as its browsing speed is much faster than Firefox. If it is just a minority of users like me have such browsing speed issue then I think there are some incompatibility issues between ESET and the system or other software installed in that system. I personally think that we should have a survey for browsing and Internet communication experience after installing ESET at this forum. Based on the result, we could know that the source of problem likely comes from ESET itself or the users' system or software. I would have such suggestion is because I have realized that most of the users seem to have no problem with browsing and Internet communication with ESET installed in their system and not many similar issues reported. Therefore, I have no idea I am the minority or the majority one.

Hahaha..... Maybe

Honestly, I must admit that ESET does have significant impact on my daily browsing activity. The issue is still persisting even though I have pre-release update installed, but that is just my system. How about yours? You might not have any issue though.

A test is just a test. How long have you used ESET? What is your experience? Any significant impact on your system? Have you actually downloaded any current or zero day malware samples from malware disccussion forum such as malwaretips or any other legitimate sources to test its detection and compare other vendors' detection by yourself.? The best evidence is your own experience. Thank You.

I guess that ESET runs the automatic update before your Internet connection is available. Hope the moderators would able to resolve your issue.

Hi, what problems does the scan find? Can you pls have a screenshot and upload it here so that the moderators could help you resolve your issue. Thank You.

Nice to hear that the pre-release update fixes most of your problem. However, may I know what is the updating virus definitions issue are you encountering?

Why did you install the 32-bit ESET? You should have installed the 64 bit one.

So far so good?

You may try the pre-release version as the Peter mentioned from the previous post.

I have a off-topic question though. May I know what does it mean when ESET detects the malware as "a variant of ...."? Is that a heuristic detection indicator? How do I know if the detection comes from heuristic instead of signature? Thank You.

Maybe ESS can be implemented with some sort of PID mapping or positioning system? Is it possible? Or at least the current PID is displayed on the interactive mode alert. Although PIDs vary each time a process starts but at least knowing the current PID can be helpful to identify which svchost and the thread that is attempting to connect to the Internet, which gives a chance to the user to initially jot down the threads or handles or DLLs involved by using basic dynamic analysis tool such as Process Explorer so that the user can just refer to the services or handles or DLLs involved from what the user has jotted down without referring to PID anymore and regardless how the PID varies.

I would like to suggest that if the upcoming ESS could include PID for each process in the Rule and Zone editor as it would be much helpful for me to determine which svchost and the thread inside it is attempting to connect to Internet. Thank You. As you can see from the above pic, I really have no idea which svchost is attempting to connect to the Internet.

Thanks for the reply. ESS NIDS does block ARP requests within the LAN such as ARP requests from xarp (a famous ARP spoofing app). However, I am having an issue with the IGMP. ESS firewall log shows me "unusable rule" message for this IGMP. Every host in my LAN is blocked to communicate with the IGMP IP address. Since I am not using any multicasting network, I think it is safe to ignore the message but it is kinda annoying for me.

Finally I think I have understood it. The DnsIp indicates a LAN which cannot be deleted or denied to appear in Zone editor. The key of the authentication is actually the authentication type. I have modified the authentication type that only allows a specific IP which is able to view me in LAN. Now I know Trusted Zone means my computer is visible to a group of computers in LAN. Am I right? Pls verify this for me. I have also realized that the IDS would not be affected if I only add a specific IP into my trusted zone. It is still able to catch and block ARP request within the LAN.

To make my statements understandable, I would explain briefly on what I want. 1) I do not want any other hosts to communicate with my computer except my gateway within the LAN 2) If the 1) is successfully implemented with Zone editor, would the IDS still able to inspect the whole LAN? 3) ESET keeps requesting me to respond to the network location of automatically generated authenticated zone every time I boot my computer. This automatically generated authenticated zone by ESET is also the zone that I don't want since it contradicts with my need as stated at 1). This zone is given with a name i.e. DnsIp...blah..blah... blah...

Hi, I actually just want to authenticate my router or gateway to communicate with my computer. I have a virtual box therefore I would like to allow only two authenticated zone(exclude discussion for default 127.0.0.1 as Trusted zone). The first zone should only include gateway and my computer. The second zone should include only gateway and my computer, virtual box LAN IP and virtual box public IP. I really do not want any other local host to communicate with me within LAN. It seems that ESET does good job at blocking ARP requests within LAN but is it really independent from firewall? For me, the authenticated zone is only for firewall but will not affect IDS to continue to inspect the whole LAN network. ESET IDS seems like a NIDS over the whole LAN network and I think only one computer should be allowed to use IDS feature if ESS is installed on other hosts system to avoid conflict or should I enable the IDS feature on all host system. Besides, ESET keeps asking me to authenticate 192.168.1.1/255.255.255.0 with the DNS IP 192.168.1.1 but I really do not want to authenticate as I have mentioned that I do not want other hosts to communicate with me. ESET keeps asking me to define the network location and if I select "Home", it will be set as a automatically authenticated zone which has a name i.e. DnsIP 192.168.1.0/255.255.255.0 (Differs from DNS server in zone editor, do not get confused). One question from me is the Zone feature affects IDS or just firewall?

Can you please be more specific about your difficulty with the uninstallation of ESET? What ESET product are you referring to? Thank You.

Could it be the maximum quota has been reached and that's why your internet speed is throttled? Try to contact to your ISP and inquire about the gateway's default login credential since you have failed to login.

Incase it doesn't work, try to manually remove ESET drivers from Device Manager shown here: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2616 Remove ehdrv driver and other drivers like EpfwLWF.sys and epfwwfp.sys

Try to reinstall and using ESET uninstaller to uninstall. Run this uninstaller in Safe mode. Instruction can be referred at here: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2289

IMHO, there shouldn't be any interactive pop up from ESET FW automatic mode. The automatic mode would just block any inbound connection and allow all outbound connection, so I assume that there should be no interactive pop up. However, there might be a pop up at the right bottom corner when ESET detects and blocks any network attack.