Jump to content
Network communication blocked after upgrade to macOS 15 (Sequoia) ×

Future changes to ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium and ESET Ultimate Security

Aryeh Goretsky
 Share

Recommended Posts

bluwiz

bluwiz 1

Posted
Posted

There appears to be a problem with "smart optimisation" (or my understanding of how "smart optimisation" works) in conjunction with "real-time protection" and "unwanted" detection

 

I have seen various instances (including today) in which I can view/access a file (which has been previously reported by ESET, in one form or another, as an "unwanted" application) without a report being generated... The only time a report is created is when I try to copy the file to a new location - and the new location is reported, but nor the original file...

 

Based on my observations it seems that an update of the virus signature database doesn't reset the "smart optimisation" data ESET records...

 

If "smart optimisation" is based on some MD5/SHA-???-style "checksum" shouldn't this "checksum" be cleared when the virus signature database is updated?

Link to comment
Share on other sites
  • ESET Insiders
toxinon12345

toxinon12345 32

Posted
  • ESET Insiders
Posted (edited)

 

The only time a report is created is when I try to copy the file to a new location - and the new location is reported, but nor the original file...

 

 

Because scan level are different On Read to On Write

Edited by toxinon12345
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

There are some features I'd like ESET to add to their suites :)

 

1. Less talkative HIPS

2. Sandbox with full virtualization

3. Non-explorer GUI

4. Ability to clean detected malware on scan completion windows without using the option "Scan and clean"

5. Sound alerts on detection

Link to comment
Share on other sites
SweX

SweX 871

Posted
Posted (edited)

There are some features I'd like ESET to add to their suites :)

 

1. Less talkative HIPS

2. Sandbox with full virtualization

3. Non-explorer GUI

1. It doesn't "talk" at all in the default automatic mode, for obvious reasons. The other modes are only meant for advanced and experienced users.

2. As usual I will recommend Sandboxie or other standalone sandbox  for people who likes sandbox type programs.

3. A new GUI is in the works, that's all we know for now.

Edited by SweX
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

 

There are some features I'd like ESET to add to their suites :)

 

1. Less talkative HIPS

2. Sandbox with full virtualization

3. Non-explorer GUI

1. It doesn't "talk" at all in the default automatic mode, for obvious reasons. The other modes are only meant for advanced and experienced users.

2. As usual I will recommend Sandboxie or other standalone sandbox  for people who likes sandbox type programs.

3. A new GUI is in the works, that's all we know for now.

 

 

Automatic mode allows almost all (if not all) requests automatically. So it defeats the purpose of having a HIPS in the first place.

 

Glad to hear that a new GUI is in the works.

Link to comment
Share on other sites
  • ESET Insiders
toxinon12345

toxinon12345 32

Posted
  • ESET Insiders
Posted (edited)

Automatic mode allows almost all (if not all) requests automatically. So it defeats the purpose of having a HIPS in the first place.

 

 

Turn On the new  HIPS Advanced Memory Scanner, it is a post-execution detection layer

It is available in version 7

Edited by toxinon12345
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

 

Automatic mode allows almost all (if not all) requests automatically. So it defeats the purpose of having a HIPS in the first place.

 

 

Turn On the new  HIPS Advanced Memory Scanner, it is a post-execution detection layer

It is available in version 7

 

 

It's turned on. I haven't turned off any module in it.

Link to comment
Share on other sites
Alikhan

Alikhan 3

Posted
Posted

Description: Warn users when opening an unknown file to Eset (using live grid features)
Detail: I think users should be warned when an unknown file is being ran since it could be malicious.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,267

Posted
  • Administrators
Posted

Description: Warn users when opening an unknown file to Eset (using live grid features)

Detail: I think users should be warned when an unknown file is being ran since it could be malicious.

 

There are hundreds of thousands of legitimate applications that are new to LiveGrid so your suggestion would produce a lot of warning to users who wouldn't know whether to allow the application to run or not.

Link to comment
Share on other sites
Alikhan

Alikhan 3

Posted
Posted

 

Description: Warn users when opening an unknown file to Eset (using live grid features)

Detail: I think users should be warned when an unknown file is being ran since it could be malicious.

 

There are hundreds of thousands of legitimate applications that are new to LiveGrid so your suggestion would produce a lot of warning to users who wouldn't know whether to allow the application to run or not.

 

 

Well, what I meant is when a file is downloaded. I know they could be some legitimate files but if you narrow it down to factors such as:

 

- File has a digital signature

- The source of the file

- How long the file has been created

- Amount of users with the file

- Where the file has been downloaded from

 

And some other factors it would narrow it down. Most major AVs use the cloud to their advantage so this was just like an idea.

Link to comment
Share on other sites
  • 2 weeks later...
  • ESET Insiders
toxinon12345

toxinon12345 32

Posted
  • ESET Insiders
Posted (edited)

factors such as:

 

- File has a digital signature

- The source of the file

- How long the file has been created

- Amount of users with the file

- Where the file has been downloaded from

 

Low prevalent and rare files with suspicious packed PE --> Query reputation data after successfully downloaded such file

Also, I think AMS possibly could benefit speed from the whitelist

Edited by toxinon12345
Link to comment
Share on other sites
Gualano Marco

Gualano Marco 2

Posted
Posted

Hello,

it's better for searching and browsing malware names that the type of malware is to be available in 'ESET signature database' page, for example:

Win32/Dorkbot.B

"This is the the available information of update info in the current update info page".

Win32/Dorkbot.B worm

"The preffered formula of that information".

Link to comment
Share on other sites
Janus

Janus 210

Posted
Posted

Hey Eset

The Idea ........: Automatic highlight of unknown downloaded files.

The argument: When you download a file to your download folder, that is new for eset's File Reputation. Then will the file automatically be highlighted with e.g. the same color that eset use for unknown files. It is actually, more or less, the same function as eset already has in the right click context menu,where we find File Reputation. The idea is to expand some of this functionality to files downloaded in the download folder, to increase the users awareness before executing a file.

Regards Janus

post-65-0-34957100-1387384560_thumb.png

Link to comment
Share on other sites
GreyGhost

GreyGhost 9

Posted
Posted

Disabling phishing protection should give user warning that he/she doesn't have full protection.  The taskbar icon should change color and right clicking taskbar icon should not give message with green checkmark "Maximum protection".  The same scenario for disabling anti-stealth technology.

Link to comment
Share on other sites
  • 2 weeks later...
Super_Spartan

Super_Spartan 56

Posted
Posted

I request ESET to remove the Activate product context menu after a successful activation:

 

Activate Product still appears after product is activated

 

This is very annoying and misleading

 

My product IS activated and valid till December 2015 so why does this choice of activating the product still appear when I right click on the NOD32 program in the taskbar

 

please inform ESET to fix this it's very unprofessional

 

 

post-1272-0-09607100-1388683255_thumb.png

Link to comment
Share on other sites
TomFace

TomFace 539

Posted
Posted

I request ESET to remove the Activate product context menu after a successful activation:

 

Activate Product still appears after product is activated

 

This is very annoying and misleading

 

My product IS activated and valid till December 2015 so why does this choice of activating the product still appear when I right click on the NOD32 program in the taskbar

 

please inform ESET to fix this it's very unprofessional

Tweak Arena, did you vote? See below:

https://forum.eset.com/topic/1651-tray-menu-options-poll/

Link to comment
Share on other sites
  • 2 weeks later...
  • ESET Insiders
toxinon12345

toxinon12345 32

Posted
  • ESET Insiders
Posted

Does ESET SysInspector | ESETOnlineScanner have these features for better LiveGrid tracking?
 
 

 

 the snapshot of the running processes has to contain information extracted by the following three components:

The file information component extracts information such as Portable Executable structure abnormalities, entropy, whether or not the file is digitally signed with a valid digital signature, imported functions, etc. are all helpful in determining whether a file is suspicious.

The memory information component analyses the in-memory image of modules. Since the modules are already executing, it is safe to assume that, at this stage, most modules are decrypted/decompressed and we have access to their unencrypted memory image. Among information retrieved, we mention:

  • Exploits and shellcode.
  • Embedded executables (particularly device drivers!).
  • Strings used by various protocols, interesting registry keys, etc.
  • Whether the in-memory code section exactly matches the on-disk code section (of course, after we apply relocation information).

The System information component analyses the way the module interfaces with the system, and possibly other systems, by taking in consideration the following:

  • A hidden process, or a hidden module within a process, is a warning sign.
  • A process that waits on a specific port, or is connected to a server on a specific port may be a warning sign, depending on the port, server address and other flags.
  • A process with multiple valid and visible windows may be considered less suspicious than a process with no windows, or with windows outside the viewing area of the screen.
  • PI hooking, although used in legitimate software as well, is mostly used by malware, typically by injecting unconditional branches to the new handler function.
  •  A presence in a ‘hot’ area of the file system (the Windows or System32 directories, Startup, Temporary Folder, etc.) or presence of an executable in a file’s list of streams, may represent a warning sign, depending on other factors.
  • Different ways of loading a DLL into the system are important flags in determining whether a file is suspicious.
  • The way a process is started may reveal interesting information. A process automatically started via an autorun registry key may receive a different score compared to a process manually started by the user
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...