Jump to content


ESET Insiders
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by toxinon12345

  1. Translation is ambiguous when you disable LiveGrid: "Esto puede ser muy peligroso, por lo que debe volver a habilitar la protección de inmediato" If we think of it as an implication, we should use "así que" or "por lo tanto". Thanks.
  2. Well, I guess Similarity digests are what extend a cloud for effective classification; in addition to reputation metadata (age/users). Of course, you should not expect blocking every executable out there with the premise of "Low reputation" only: that would create tons on FPs e.g. for developers; but an hybrid approach combining core routines with cloud classifier should readjust threshold levels for threat determination. The problem with a dynamic whitelisting is the performance overhead, e.g. querying the cloud for every new installed PE program [ *.exe | *.dll ], if we add script execution: PowerShell, Batch, VBscript it would mean another filegroup to look at. Some other products claimed to have resolved, at least partially, that problem with what they call "prefetch scan", "solid asynchronous packet", and other sort of weird terms. Maybe it makes sense for interactive windows : PUA's for example.
  3. Not sure how feasible could be this, but a more user friendly HIPS... Description: HIPS "application control". ESET harddened mode. Detail: a HIPS extension with [Application Startup Control] leveraging reputation data for whitelisted and good prevalence executables.
  4. Description: counting of "OFF/stopped" items Detail: I would like to see counting of "Permanently disabled" items at "Setup Pane". Also with no-color always. (Black and white) something similar to this, but in that case would be a '3' in Black/white https://forum.eset.com/uploads/post-6339-0-20654900-1457971762.png
  5. Add to wishlist: Performance enhancements to Emulation I noticed when scanning an UPX packed Icon Resource Library, it needs to unpack that section too....... but when removed the icons/bitmaps from the DLL, then UPXed and scanned all is OK back again
  6. Descr:experimental auto-whitelist in Filesystem protectin Details:limited to write-execute events & UPX bigger than ~3MB
  7. On execution emulation for files bigger than aprox. 4 MB..etc + Mapping <big+upx> executables ---> on-access LiveGrid whitelisting ! file skipping ! local cache similar to PrevX º Webroot fastest lookups ---- speeds between those of code analysis and code emulation
  8. Removable media insertion Add "Quick scan | Superficial scan" option in the notification prompt "Profile selector" in Advanced setup
  9. Low prevalent and rare files with suspicious packed PE --> Query reputation data after successfully downloaded such file Also, I think AMS possibly could benefit speed from the whitelist
  10. Turn On the new HIPS Advanced Memory Scanner, it is a post-execution detection layer It is available in version 7
  11. Traffic lights for Setup Pane Most people would fix problems by means of Home Screen the way it currently does
  12. You are refering to Web content filtering Anti-Spam parsers are proven to be also very effective when combined to URL blocking Recently ESET won First place thanks to the Anti-Phishing module,,,you can view it here Currently Parental Controls trust only in reactive methods as URL blocking; without using specific proactive algorithms If Web parsing could be added into Parental Controls, it would be great Anyway the yearning of Web reputation seems to be added long time ago
  13. P.S I hope it's OK to share this here, I figure if it weren't OK to talk about it then Marcos wouldn't have told us about this feature in the first place
  14. I like the newway of displaying notifications Sometimes some localized versions cannot display the whole message in the notification
  15. Parental Control: More selective Web content parsing and blocking similar to that of eScan Web protection
  16. Memory scanning inmediately after Re-enabling the Advanced Memory Scanner Similar to that of Filesystem protection for stopping running infiltrations in memory
  • Create New...