Future changes to ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium and ESET Ultimate Security

[cutting_edgetech 25]

I'm still waiting on a top notch behavior blocker, or a more usable HIPS like itman has also requested. I would like to see a behavior blocker that can be tuned to different levels of sensitivity. If Eset is worried about it causing false positives, especially in test like AV comparatives then just leave it disabled by default.

[Seth 2]

2 hours ago, TomFace said:

Is this is what you are referring to? If so, it exists today.

 

Yes but you have to type something in "Find text". It doesn't show just those bad files.

[TomFace 539]

It works without typing anything in "find text". Have you tried it? Try choosing different "record types" and see how the display changes.

 

 

Edited May 28, 2017 by TomFace

[Seth 2]

9 hours ago, TomFace said:

It works without typing anything in "find text". Have you tried it? Try choosing different "record types" and see how the display changes.

 

 

It did work when I tried different record types. Thanks.

[TomFace 539]

No problem...if you make any changes to see how it affects things, keep in mind you can always reset it back to default settings (if that's the setting you are using).

[Marcos 5,259]

On 25. 11. 2013 at 8:33 AM, nishadrox said:

There are some features I'd like ESET to add to their suites

 

1. Less talkative HIPS

2. Sandbox with full virtualization

3. Non-explorer GUI

4. Ability to clean detected malware on scan completion windows without using the option "Scan and clean"

5. Sound alerts on detection

All features have been there for ages:
1, It's called Smart mode (can be set in the advanced HIPS setup).
2, ESET has employed advanced heuristic, an emulator for running code in a virtual environment for more than 10 years.
3, Set Strict cleaning mode for the appropriate on-demand scanner profile.
4, Available in the on-demand scanner setup since NODv1 if I remember well.

[itman 1,746]

Please compile Eset .dlls with CFG support ASAP so that they can't be exploited by a ROP bypass as noted here: https://improsec.com/blog//bypassing-control-flow-guard-on-windows-10-part-ii

[Marcos 5,259]

2 hours ago, itman said:

Please compile Eset .dlls with CFG support ASAP so that they can't be exploited by a ROP bypass as noted here: https://improsec.com/blog//bypassing-control-flow-guard-on-windows-10-part-ii

It's enabled as of v10.1 and we will continue gradually enabling it for modules after making sure there's no adverse effect on performance.

[itman 1,746]

1 hour ago, Marcos said:

It's enabled as of v10.1 and we will continue gradually enabling it for modules after making sure there's no adverse effect on performance.

It is not enabled for Eset browser adds-ons/plug-ins; at least for IE11. I am on ver. 10.1.210. Suspect same applies to Outlook.

Will check other areas and report back if I find more.

-EDIT-

None of Eset program module .dlls i.e. em0xxx_64.dll are compiled with CFG. Granted they only exist in equi.exe I believe, but that is not a protected process like ekrn.exe. Additionally, none if Eset's drivers are complied with CFG.

Edited June 16, 2017 by itman

[Wolf Igmc4 6]

Another suggestion: We all know that we can change the settings to predeterminated, but we are forced for do this for all the settings.

Ok, instead of this, Eset could add a button to do this in all sections of the settings (Antivirus, firewall, etc.).

[TomFace 539]

38 minutes ago, Wolf Igmc4 said:

Another suggestion: We all know that we can change the settings to predeterminated, but we are forced for do this for all the settings.

Ok, instead of this, Eset could add a button to do this in all sections of the settings (Antivirus, firewall, etc.).

It's possible to reset certain sections to default today. Click on reverse arrow. (I use ESS)

Edited July 2, 2017 by TomFace

[Wolf Igmc4 6]

58 minutes ago, TomFace said:

It's possible to reset certain sections to default today. Click on reverse arrow. (I use ESS)

Oh thanks! I didn´t see it

[itman 1,746]

59 minutes ago, TomFace said:

It's possible to reset certain sections to default today.

Go into each sub-section. For example, real-time protection. The "curved arrow" default setting option is there for it in Smart Security.

Edited July 2, 2017 by itman

[UKUser 0]

Allowing user interface to be resized would be good...

[Azure Phoenix 11]

Improve compatibility with SUA accounts.

 

Discussion (And how reproduce issue): https://forum.eset.com/topic/12197-is-eset-compatible-with-standard-user-accounts/?do=findComment&comment=61708

 

Thanks

 

[Super_Spartan 56]

Another suggestion, I was using Emsisoft Anti-Malware for a while and I love how easy it is to whitelist/exclude files with it.

 

The reason it's easier in EAM is because once you exclude a certain file or folder, the next time you open the exclude button, it automatically navigates to the last folder you were in.

 

so let's say I went to C:\Program Files, then selected a folder to exclude, the next time I open exclusions to browse for the file/folder I want to exclude, it automatically starts the navigation in C:\Program Files making it very easy to whitelist the folders of programs I definitely want to exclude rather than having to start navigating from the beginning and going to C:, then expanding it, then again expanding Program Files. Takes a lot of time when one has a lot of stuff he wants to exclude.

 

Another way we can do it is to have a checkbox selection in the exclude window so one can exclude multiple folders and/or files at the same time

[itman 1,746]

1 hour ago, Phoenix said:

The reason it's easier in EAM is because once you exclude a certain file or folder, the next time you open the exclude button, it automatically navigates to the last folder you were in.

I second this.

I believe this current Eset HIPS behavior stated in ver. 9 when the Metro GUI was introduced much to many dislike of it. In ver. 8 as I recollect, the HIPS did remember what the last selected directory was in rule creation and auto navigated to it when adding a new application.

 

Edited July 26, 2017 by itman

[JoMos 2]

Dear ESET Team,

Following feature would be nice in a future version:

Description: Firewall rules cleanup of unnecessary / invalid entries
Detail: I've set my firewall filter setting to interactive mode, meaning that I can define for every program what the firewall should do. Over the time, you have entries in the firewall rule set about programs that are not existing on the computer anymore. A button for an automatic cleanup of those rules (delete all firewall rules that are pointing to applications that don't exist on the computer anymore) would make it easier to keep the firewall rule list tidy and it also benefits the administration of the rule set.

[Claudiano 0]

I love ESET, but one thing I miss is a behavior blocker, AV in today's times without a behavior blocker gets very vulnerable to 0 day malware and ransomware. I hope the ESET team has plans for this, thank you.

[Marcos 5,259]

59 minutes ago, Claudiano said:

I love ESET, but one thing I miss is a behavior blocker, AV in today's times without a behavior blocker gets very vulnerable to 0 day malware and ransomware. I hope the ESET team has plans for this, thank you.

A behavior blocker would cause quite a lot of false positives or would bother the user to make a decision him/herself every while and then. Our aim is to keep ESET install-and-forget, without asking the users for an action. The more questions, the higher probability of wrong decisions and subsequent infection. ESET leverages a handful of advanced technologies explained at https://www.eset.com/int/about/technology/ to achieve maximum protection without nagging the user or causing false positives.

[Wolf Igmc4 6]

26 minutes ago, Marcos said:

A behavior blocker would cause quite a lot of false positives or would bother the user to make a decision him/herself every while and then. Our aim is to keep ESET install-and-forget, without asking the users for an action. The more questions, the higher probability of wrong decisions and subsequent infection. ESET leverages a handful of advanced technologies explained at https://www.eset.com/int/about/technology/ to achieve maximum protection without nagging the user or causing false positives.

Eset Live Grid know lot of programs to avoid false positives, so a behavior blocker isn´t a bad idea...

[Marcos 5,259]

9 minutes ago, Wolf Igmc4 said:

Eset Live Grid know lot of programs to avoid false positives, so a behavior blocker isn´t a bad idea...

There are tons of legitimate files that would appear suspicious to LiveGrid because of low age or count. It could be custom applications made for and used by particular companies or new versions of legitimate software after the release.

[Wolf Igmc4 6]

33 minutes ago, Marcos said:

There are tons of legitimate files that would appear suspicious to LiveGrid because of low age or count. It could be custom applications made for and used by particular companies or new versions of legitimate software after the release.

In my opinion, I'd rather sacrifice usability for security, but you are right

[Claudiano 0]

2 hours ago, Marcos said:

Um bloqueador de comportamento causaria muitos falsos positivos ou incomodaria o usuário tomar uma decisão a si mesmo a cada momento e depois. Nosso objetivo é manter ESET instalar e esquecer, sem pedir aos usuários uma ação. Quanto mais perguntas, maior probabilidade de decisões erradas e infecção subseqüente. O ESET aproveita um punhado de tecnologias avançadas explicadas em https://www.eset.com/int/about/technology/ para obter a máxima proteção sem irritar o usuário ou causar falsos positivos.

It was proved then then we will not see a behavior blocker in ESET products, since the idea is to preserve usability without user intervention so. We only have to respect and trust ESET so, since you know better than us about security, thank you very much for the attention, Marcos, here is one of the few forums that reassess the customer is treated with respect, of the taste participate here , Since the doubts are always clarified, thanks again and always success for our dear ESET. 

[peteyt 396]

20 hours ago, Wolf Igmc4 said:

In my opinion, I'd rather sacrifice usability for security, but you are right

It's the tricky part of security. Balancing security with ease of use. Make something too sensitive and you end up blocking too much and causing issues for non technical users