Jump to content
Network communication blocked after upgrade to macOS 15 (Sequoia) ×

Future changes to ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium and ESET Ultimate Security

Aryeh Goretsky
 Share

Recommended Posts

persian-boy

persian-boy 22

Posted
Posted (edited)

 

On 10/30/2017 at 10:23 AM, Biyakuga said:

Folder Lock

A password is a broken way to protect your files.
Also from what I know folder lock is easy to bypass and it only hides your files.Encryption>Password

Edited by persian-boy
Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted

Live Gird can only scan 1000 items at the same time and I don't know why?Eset pls don't do this to me:D I just tried it with 3800 DLL files to make sure all .Dll files In C are OK but had to run the reputation scan 4 times!

Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted
On 9/6/2017 at 8:05 PM, persian-boy said:

Eset needs to update the Hips module and make it work like this:
If a command wants to run via the cmd then Hips(in interactive mode)must show that command line for the user.
I mean not only show an access alert for the cmd also show the command itself and let the user see the command and then ask to allow or block it.
Also, provide an option to add our safe command lines to the Hips rules.
Im sorry for my bad English but I guess you know what I mean.
 

Today I Noticed you added this feature! Many thanks.I didn't know! 
 

Link to comment
Share on other sites
  • 2 weeks later...
persian-boy

persian-boy 22

Posted
Posted
On 10/28/2017 at 5:57 AM, eternalromance said:

Show file hashes (SHA-256; SHA-1; MD5) with link to Virus Total

There is no av to redirect you to VT(why are you using av if you want to see the vt detection ?:D) if you are searching for such thing then vs would be good! not av) ! and about the hash, you can earn it with default deny software, not av!

On 10/28/2017 at 5:57 AM, eternalromance said:

Show if the process that tried to access the malicious/infected file or registry key was running in user or system space

It's already there!You can earn it with Eset hips.

 

Link to comment
Share on other sites
itman

itman 1,746

Posted
Posted
4 hours ago, persian-boy said:

Would be good if I could whitelist the certain cmd command for specific application in HIPS - _ -

You need to be more specific on what you are trying to do. Give an example.

One issue I have in regards to the cmd.exe is that there is no way to restrict what .bat files it can execute. A "target" in a HIPS rule has to be an application - period. This could be accomplished if the HIPS provided a read restriction in the Files section. I really don't know why read restriction capability was never added. Every other HIPS I have used in the past had the capability.

I will also add that file wildcard capability which I have repeated asked for needs to be added to make this capability functional. The following is example rules.

1. Allow cmd.exe to read xyz.bat.

2. Block/ask cmd.exe to read C:\*\*.bat; where C:\* would mean the drive root directory and all subdirectories.

Link to comment
Share on other sites
  • ESET Insiders
stackz

stackz 115

Posted
  • ESET Insiders
Posted
8 hours ago, itman said:

One issue I have in regards to the cmd.exe is that there is no way to restrict what .bat files it can execute. A "target" in a HIPS rule has to be an application - period. This could be accomplished if the HIPS provided a read restriction in the Files section. I really don't know why read restriction capability was never added. Every other HIPS I have used in the past had the capability.

Having read restriction capability in the files section is a feature I suggested long ago. Hopefully ESET will finally see the merits of this.

Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted (edited)

HI,
Example:
There is a command line like ipconfig /all which launch by OpenVPN.exe(my software) When it's trying to read the config file and connect to the VPN service.
Some tools need to use cmd(like Nvidia) ! and the user wants to know what is happening! I achieved this protection with Rehips. Rehips let me  whitelist the commands for every process(or an ask rule)
That read restriction is a good idea! btw I don't know anything about wildcard and don't like the concept - _ - too complicated for my poor brain haha.average users don't want to use wildcard -.-

Edited by persian-boy
Link to comment
Share on other sites
itman

itman 1,746

Posted
Posted (edited)
On ‎11‎/‎24‎/‎2017 at 7:27 PM, persian-boy said:

Some tools need to use cmd(like Nvidia) ! and the user wants to know what is happening! I

Nvidia in their "infinite security wisdom" created two .bat scripts they dumped in C:\Windows directory. Their startup service can run these .bat scripts if errors are encountered in their software as recovery procedures. So basically, you have to allow svchost.exe to run cmd.exe. Not the most secure thing to do if malware creates a malicious service. Hence my recommendation that file wildcard support is needed.

There is also the issue of why the HIPS hasn't been updated to reflect Win 10's current ability to uniquely identify an individual svchost.exe service by process id. 

Edited by itman
Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted (edited)

Some Suggestion about HIPS:
1- Add protection for direct keyboard access.
2- What about a purge button for not exist rules? I asked this before -.-
From Eset website:
interactive mode: In interactive mode HIPS will prompt you to Allow or Deny each operation detected
This is not true! I got different alerts when I set the ask rules for some applications.I mean the ask rule is better than interactive mode!interactive mode doesn't cover all operations.so I have to use int mode plus some custom ask rules.
Thanks for the info Itman! but where that malware come from?I use sandboxie+srp+hips+eset av+some grp policy tweaks and some other tweaks like disabling useless services by AnVir Task Manager. so there is no malware to create an infected service!

5 hours ago, itman said:

current ability to uniquely identify an individual svchost.exe service by process id

I didn't know about it! Eset pls listen to what Itman say:D I want the maximum protection(99%)

Edited by persian-boy
Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted
On 10/19/2017 at 6:02 AM, persian-boy said:

Boot time filter for the firewall to prevent data leak during the system startup

Any feedback on this? is it there ? or no? I just want to know. cowboy, what do you think about this feature?

Link to comment
Share on other sites
itman

itman 1,746

Posted
Posted (edited)
15 hours ago, persian-boy said:

This is not true! I got different alerts when I set the ask rules for some applications.I mean the ask rule is better than interactive mode!interactive mode doesn't cover all operations.so I have to use int mode plus some custom ask rules.

I explained this once to you. Eset has internal default rules and those rules take precedence to any user created rules.

Also if an alert response is not received within a short period of time, Eset will auto allow the action. This comes into play for example with any ask rule that might be triggered during the boot process. Those will be allowed by the time the PC initializes, the desktop appears, and finally the Eset GUI is started. 

Edited by itman
Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted (edited)

Eset don't you want to fix this auto allow? more dangerous than useful!omg.
Every HIPS(Comodo.spyshelter, Rehips and...) freeze the operation till the user answer the alert! whats the point of asking rule if its gonna allow it without my permission?! make no sense!
Itman I know about those internal rules but I'm saying the interactive mod doesn't cover all operations!

9 hours ago, itman said:

boot process

This is dangerous!Eset pls fix the bug!

Eset updating the hips module in silent and without any changelog or information!that's bad!

Edited by persian-boy
Link to comment
Share on other sites
amir

amir 1

Posted
Posted (edited)

Description: Perfect Behavior Blocker

Detail: Eset is a perfect AV, But it dosen't include a good Behaviour Blocker, I know your HIPS is effective, but nothing can protect against Zero days better than a good Behavior Blocker

All Eset need, is a perfect Behaviour Blocker

Edited by amir
Link to comment
Share on other sites
itman

itman 1,746

Posted
Posted (edited)
13 hours ago, persian-boy said:

Every HIPS(Comodo.spyshelter, Rehips and...) freeze the operation till the user answer the alert! whats the point of asking rule if its gonna allow it without my permission?! make no sense!

It actually used to do this prior to ver. 11. I believe this has something to do with Microsoft's decree to AV vendors that they can't interfere with the boot process in Win 10 ver. 1709. I am actually surprised that Eset even processes an Ask HIPS use in ver. 11 and instead, just auto allows it. I know it is doing so because it will slightly delay your boot time; something I though wasn't supposed to happen on Win 10 ver. 1709.

Again it is a bit peculiar that the HIPS default action is allow. However, it always has been this way. To be honest, I seriously doubt Eset will change it to block mode.

A proper frame of reference for you is Eset first and foremost created the HIPS for its own internal use. As such, it really isn't designed to be user configurable other than to create a few exception rules. This is more so evident in the retail vers. of Eset. For example, Eset added file wildcard capability a while back for the Endpoint vers. but refuses to do so for the retail vers..

Edited by itman
Link to comment
Share on other sites
  • 2 weeks later...
  • Most Valued Members
peteyt

peteyt 396

Posted
  • Most Valued Members
Posted
1 hour ago, Wolf Igmc4 said:

Add a behavior blocker, based on the reputation system of Eset. Yes, I said this some time ago, but if Eset don't add it, in the future, this will be a big problem. 

It has been asked a lot but I don't think we will see it. The issue eset has is choice e.g. what should happen if something new and unknown turns up, could simply be an update e.g. a windows update, but if eset doesn't have any reputation for the files it will have to ask the user and it seems like they want to avoid this in case the user clicks the wrong thing e.g. allows or blocks

Link to comment
Share on other sites
galaxy

galaxy 11

Posted
Posted (edited)

Ich kann dir einige Videos zeigen, wo Ransomware immer wieder auftaucht and it fails

I can show you some videos where ransomware keeps popping up and it fails

Edited by Marcos
Machine translation added
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,259

Posted
  • Administrators
Posted

Please use this topic only to report wishes and suggestions for future improvements. Do not use it for discussions on a particular subject. If you want to discuss something, create a new topic.

Link to comment
Share on other sites
  • 3 weeks later...
  • ESET Insiders
toxinon12345

toxinon12345 32

Posted
  • ESET Insiders
Posted

Translation is ambiguous when you disable LiveGrid:

"Esto puede ser muy peligroso, por lo que debe volver a habilitar la protección de inmediato"

If we think of it as an implication, we should use "así que" or "por lo tanto".

Thanks.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...