persian-boy 22 Posted November 1, 2017 Share Posted November 1, 2017 (edited) On 10/30/2017 at 10:23 AM, Biyakuga said: Folder Lock A password is a broken way to protect your files. Also from what I know folder lock is easy to bypass and it only hides your files.Encryption>Password Edited November 1, 2017 by persian-boy Quote Link to comment Share on other sites More sharing options...
Wolf Igmc4 6 Posted November 1, 2017 Share Posted November 1, 2017 24 minutes ago, persian-boy said: Suggestion: Reputation scan A costume scan that scans the whole hard drive with live grid and gets reputations for everything(Dll, Exe,...) on the machine. That's a good suggestion. persian-boy 1 Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 1, 2017 Share Posted November 1, 2017 Live Gird can only scan 1000 items at the same time and I don't know why?Eset pls don't do this to me:D I just tried it with 3800 DLL files to make sure all .Dll files In C are OK but had to run the reputation scan 4 times! Quote Link to comment Share on other sites More sharing options...
eternalromance 3 Posted November 4, 2017 Share Posted November 4, 2017 Description: Add option to enforce firewall rules created on the spot until the PC is rebooted Detail: Please add an option to enforce firewall rules created on the spot until the PC is rebooted or powered off persian-boy 1 Quote Link to comment Share on other sites More sharing options...
Biyakuga 1 Posted November 6, 2017 Share Posted November 6, 2017 (edited) Description: VPN Detail: It will be really convenience to have VPN options part of ESET Edited November 6, 2017 by Biyakuga Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 9, 2017 Share Posted November 9, 2017 On 9/6/2017 at 8:05 PM, persian-boy said: Eset needs to update the Hips module and make it work like this: If a command wants to run via the cmd then Hips(in interactive mode)must show that command line for the user. I mean not only show an access alert for the cmd also show the command itself and let the user see the command and then ask to allow or block it. Also, provide an option to add our safe command lines to the Hips rules. Im sorry for my bad English but I guess you know what I mean. Today I Noticed you added this feature! Many thanks.I didn't know! Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 24, 2017 Share Posted November 24, 2017 Would be good if I could whitelist the certain cmd command for specific application in HIPS - _ - Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 24, 2017 Share Posted November 24, 2017 On 10/28/2017 at 5:57 AM, eternalromance said: Show file hashes (SHA-256; SHA-1; MD5) with link to Virus Total There is no av to redirect you to VT(why are you using av if you want to see the vt detection ?:D) if you are searching for such thing then vs would be good! not av) ! and about the hash, you can earn it with default deny software, not av! On 10/28/2017 at 5:57 AM, eternalromance said: Show if the process that tried to access the malicious/infected file or registry key was running in user or system space It's already there!You can earn it with Eset hips. Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted November 24, 2017 Share Posted November 24, 2017 4 hours ago, persian-boy said: Would be good if I could whitelist the certain cmd command for specific application in HIPS - _ - You need to be more specific on what you are trying to do. Give an example. One issue I have in regards to the cmd.exe is that there is no way to restrict what .bat files it can execute. A "target" in a HIPS rule has to be an application - period. This could be accomplished if the HIPS provided a read restriction in the Files section. I really don't know why read restriction capability was never added. Every other HIPS I have used in the past had the capability. I will also add that file wildcard capability which I have repeated asked for needs to be added to make this capability functional. The following is example rules. 1. Allow cmd.exe to read xyz.bat. 2. Block/ask cmd.exe to read C:\*\*.bat; where C:\* would mean the drive root directory and all subdirectories. Quote Link to comment Share on other sites More sharing options...
ESET Insiders stackz 115 Posted November 24, 2017 ESET Insiders Share Posted November 24, 2017 8 hours ago, itman said: One issue I have in regards to the cmd.exe is that there is no way to restrict what .bat files it can execute. A "target" in a HIPS rule has to be an application - period. This could be accomplished if the HIPS provided a read restriction in the Files section. I really don't know why read restriction capability was never added. Every other HIPS I have used in the past had the capability. Having read restriction capability in the files section is a feature I suggested long ago. Hopefully ESET will finally see the merits of this. Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 25, 2017 Share Posted November 25, 2017 (edited) HI, Example: There is a command line like ipconfig /all which launch by OpenVPN.exe(my software) When it's trying to read the config file and connect to the VPN service. Some tools need to use cmd(like Nvidia) ! and the user wants to know what is happening! I achieved this protection with Rehips. Rehips let me whitelist the commands for every process(or an ask rule) That read restriction is a good idea! btw I don't know anything about wildcard and don't like the concept - _ - too complicated for my poor brain haha.average users don't want to use wildcard -.- Edited November 25, 2017 by persian-boy Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted November 26, 2017 Share Posted November 26, 2017 (edited) On 11/24/2017 at 7:27 PM, persian-boy said: Some tools need to use cmd(like Nvidia) ! and the user wants to know what is happening! I Nvidia in their "infinite security wisdom" created two .bat scripts they dumped in C:\Windows directory. Their startup service can run these .bat scripts if errors are encountered in their software as recovery procedures. So basically, you have to allow svchost.exe to run cmd.exe. Not the most secure thing to do if malware creates a malicious service. Hence my recommendation that file wildcard support is needed. There is also the issue of why the HIPS hasn't been updated to reflect Win 10's current ability to uniquely identify an individual svchost.exe service by process id. Edited November 26, 2017 by itman persian-boy 1 Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 26, 2017 Share Posted November 26, 2017 (edited) Some Suggestion about HIPS: 1- Add protection for direct keyboard access.2- What about a purge button for not exist rules? I asked this before -.- From Eset website:interactive mode: In interactive mode HIPS will prompt you to Allow or Deny each operation detected. This is not true! I got different alerts when I set the ask rules for some applications.I mean the ask rule is better than interactive mode!interactive mode doesn't cover all operations.so I have to use int mode plus some custom ask rules. Thanks for the info Itman! but where that malware come from?I use sandboxie+srp+hips+eset av+some grp policy tweaks and some other tweaks like disabling useless services by AnVir Task Manager. so there is no malware to create an infected service! 5 hours ago, itman said: current ability to uniquely identify an individual svchost.exe service by process id I didn't know about it! Eset pls listen to what Itman say:D I want the maximum protection(99%). Edited November 26, 2017 by persian-boy Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 26, 2017 Share Posted November 26, 2017 On 10/19/2017 at 6:02 AM, persian-boy said: Boot time filter for the firewall to prevent data leak during the system startup Any feedback on this? is it there ? or no? I just want to know. cowboy, what do you think about this feature? Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted November 26, 2017 Share Posted November 26, 2017 (edited) 15 hours ago, persian-boy said: This is not true! I got different alerts when I set the ask rules for some applications.I mean the ask rule is better than interactive mode!interactive mode doesn't cover all operations.so I have to use int mode plus some custom ask rules. I explained this once to you. Eset has internal default rules and those rules take precedence to any user created rules. Also if an alert response is not received within a short period of time, Eset will auto allow the action. This comes into play for example with any ask rule that might be triggered during the boot process. Those will be allowed by the time the PC initializes, the desktop appears, and finally the Eset GUI is started. Edited November 26, 2017 by itman persian-boy 1 Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 27, 2017 Share Posted November 27, 2017 (edited) Eset don't you want to fix this auto allow? more dangerous than useful!omg. Every HIPS(Comodo.spyshelter, Rehips and...) freeze the operation till the user answer the alert! whats the point of asking rule if its gonna allow it without my permission?! make no sense! Itman I know about those internal rules but I'm saying the interactive mod doesn't cover all operations! 9 hours ago, itman said: boot process This is dangerous!Eset pls fix the bug! Eset updating the hips module in silent and without any changelog or information!that's bad! Edited November 27, 2017 by persian-boy Quote Link to comment Share on other sites More sharing options...
amir 1 Posted November 27, 2017 Share Posted November 27, 2017 (edited) Description: Perfect Behavior Blocker Detail: Eset is a perfect AV, But it dosen't include a good Behaviour Blocker, I know your HIPS is effective, but nothing can protect against Zero days better than a good Behavior Blocker All Eset need, is a perfect Behaviour Blocker Edited November 27, 2017 by amir Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted November 27, 2017 Share Posted November 27, 2017 (edited) 13 hours ago, persian-boy said: Every HIPS(Comodo.spyshelter, Rehips and...) freeze the operation till the user answer the alert! whats the point of asking rule if its gonna allow it without my permission?! make no sense! It actually used to do this prior to ver. 11. I believe this has something to do with Microsoft's decree to AV vendors that they can't interfere with the boot process in Win 10 ver. 1709. I am actually surprised that Eset even processes an Ask HIPS use in ver. 11 and instead, just auto allows it. I know it is doing so because it will slightly delay your boot time; something I though wasn't supposed to happen on Win 10 ver. 1709. Again it is a bit peculiar that the HIPS default action is allow. However, it always has been this way. To be honest, I seriously doubt Eset will change it to block mode. A proper frame of reference for you is Eset first and foremost created the HIPS for its own internal use. As such, it really isn't designed to be user configurable other than to create a few exception rules. This is more so evident in the retail vers. of Eset. For example, Eset added file wildcard capability a while back for the Endpoint vers. but refuses to do so for the retail vers.. Edited November 27, 2017 by itman persian-boy 1 Quote Link to comment Share on other sites More sharing options...
persian-boy 22 Posted November 29, 2017 Share Posted November 29, 2017 Suggestion: Pls make Hips to ask when a process wants to load a driver! Quote Link to comment Share on other sites More sharing options...
Wolf Igmc4 6 Posted December 7, 2017 Share Posted December 7, 2017 Add a behavior blocker, based on the reputation system of Eset. Yes, I said this some time ago, but if Eset don't add it, in the future, this will be a big problem. persian-boy 1 Quote Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted December 7, 2017 Most Valued Members Share Posted December 7, 2017 1 hour ago, Wolf Igmc4 said: Add a behavior blocker, based on the reputation system of Eset. Yes, I said this some time ago, but if Eset don't add it, in the future, this will be a big problem. It has been asked a lot but I don't think we will see it. The issue eset has is choice e.g. what should happen if something new and unknown turns up, could simply be an update e.g. a windows update, but if eset doesn't have any reputation for the files it will have to ask the user and it seems like they want to avoid this in case the user clicks the wrong thing e.g. allows or blocks Quote Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,163 Posted December 8, 2017 ESET Moderators Share Posted December 8, 2017 Hello guys, Ransomware Shield is a behavioral protection feature utilizing data from the ESET LiveGrid reputation system. Regards, P.R. persian-boy 1 Quote Link to comment Share on other sites More sharing options...
galaxy 11 Posted December 8, 2017 Share Posted December 8, 2017 (edited) Ich kann dir einige Videos zeigen, wo Ransomware immer wieder auftaucht and it fails I can show you some videos where ransomware keeps popping up and it fails Edited December 8, 2017 by Marcos Machine translation added Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted December 8, 2017 Administrators Share Posted December 8, 2017 Please use this topic only to report wishes and suggestions for future improvements. Do not use it for discussions on a particular subject. If you want to discuss something, create a new topic. Quote Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted December 24, 2017 ESET Insiders Share Posted December 24, 2017 Translation is ambiguous when you disable LiveGrid: "Esto puede ser muy peligroso, por lo que debe volver a habilitar la protección de inmediato" If we think of it as an implication, we should use "así que" or "por lo tanto". Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.