Jump to content
Network communication blocked after upgrade to macOS 15 (Sequoia) ×

Future changes to ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium and ESET Ultimate Security

Aryeh Goretsky
 Share

Recommended Posts

itman

itman 1,746

Posted
Posted

Add a column showing PID number in the following logs after the noted existing log column headings:

1. HIPS - Application

2. Network - Source

This is necessary to properly identify the origin for multiple same process occurrences such as svchost.exe. 

Link to comment
Share on other sites
  • 2 weeks later...
Clark T

Clark T 3

Posted
Posted

Description: A Quick-Scan to scan the most important files.

Detail: A Quick-Scan to scan registry, startup files, rootkit scan etc. and the most threatened folders.

I know this is done in the background of ESET Internet Security, but I would find it useful to have a Quick-Scan button for this.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,259

Posted
  • Administrators
Posted
8 hours ago, persian-boy said:
Quote

block all network connections when the screen saver is running.

Eset any feedback on this? isn't useful? pls.

First of all, this topic serves for gathering various ideas from users and we normally do not confirm or deny whether a particular idea will be accepted and implemented. In this case, I for one, don't see any real use case for blocking network communication when the screen saver is active.

Link to comment
Share on other sites
nexon

nexon 8

Posted
Posted
58 minutes ago, Marcos said:

First of all, this topic serves for gathering various ideas from users and we normally do not confirm or deny whether a particular idea will be accepted and implemented. In this case, I for one, don't see any real use case for blocking network communication when the screen saver is active.

I agree with Marcos...

Link to comment
Share on other sites
itman

itman 1,746

Posted
Posted

Add option to realtime scanner to block obfuscated Powershell scripts. Option would be dependent upon Win 10 AMSI option enabled in the Eset GUI.

Justification

Microsoft added a like mitigation in the form of a Windows Defender Exploit Guard ASR mitigation effective with Win 10 1709. ASR mitigations are only effective if Windows Defender is enabled as the realtime scan engine.

Further justification is Eset's failure to detect malware in highly obfuscated PowerShell script in a Malware Research Group ad hoc test: https://www.mrg-effitas.com/research/current-state-of-malicious-powershell-script-blocking/

Link to comment
Share on other sites
Guest

Guest

Posted
Posted (edited)

Microsoft has patched Windows to check if there is a vulnerability in Intel MEI firmware. E.g. event id 1794 is for CVE-2017-15361 but windows in not notifying users to check for bios updates. The latest MEI issues are also logged in event viewer.

I think it would be a nice feature for eset to read out these event ids and notice (advanced) users about such firmware vulnerabilities.

Edited by timse201
Link to comment
Share on other sites
  • 3 weeks later...
nonamelab

nonamelab 0

Posted
Posted

Description:  Allow URL addresses beside IP/IP Ranges input in Firewall Rules
Detail:  Since Firewall Rules can only use IP/IP Ranges in Rules blocking for example this connections for privacy and GDRP listed in https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1803-non-enterprise-editions  it's not possible.

The feature is already implemented in WEB AND EMAIL > Web access protection > URL ADDRESS MANAGEMENT but that works only for browser.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,259

Posted
  • Administrators
Posted
1 hour ago, nonamelab said:

Description:  Allow URL addresses beside IP/IP Ranges input in Firewall Rules

This is not possible since only IP addresses are known to the firewall. Unlike firewall, web access protection works at the highest application level in the OSI model and has information about hostnames as well.

image.png

You can try enabling SSL/TLS filtering for all applications under Web and email -> SSL/TLS -> Filtering mode: Policy mode.

In case of any issues with SSL/TLS filtering in certain applications, you can adjust SSL/TLS scan mode for particular applications:

image.png

 

Link to comment
Share on other sites
persian-boy

persian-boy 22

Posted
Posted (edited)

Hi,
Enable parental control --> block the uncategorized website (for having robust web filtering)then open a website that has now category so Eset block it but you may want to allow this URL fast.

It Would be good if Eset provides an option to unblock websites by password from the browser(or from the parental control log), not Eset parental control settings. its easier to manage,

 

Also, Eset hips show the loaded drivers but it doesn't show the digital signature for them.I like to see the signature.driver.PNG.7f5494ffa6e6ae3e38ff05fdd6265c22.PNG

 

 

 

 

 

 

 

Edited by persian-boy
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,259

Posted
  • Administrators
Posted
17 minutes ago, nexon said:

Instead, simplify advanced settings...

Actually advanced users love the ability to customize numerous settings. Common users don't need to go to the advanced setup at all since ESET products provide well-balanced protection out of the box.

Link to comment
Share on other sites
nexon

nexon 8

Posted
Posted
19 minutes ago, Marcos said:

Actually advanced users love the ability to customize numerous settings. Common users don't need to go to the advanced setup at all since ESET products provide well-balanced protection out of the box.

I understand but i mean in older version like 3 or 4 is much better and easier advanced settings. Now i must finding few minutes or simply must search in search box.

Link to comment
Share on other sites
nonamelab

nonamelab 0

Posted
Posted (edited)
On 8/17/2018 at 1:09 PM, Marcos said:

This is not possible since only IP addresses are known to the firewall. Unlike firewall, web access protection works at the highest application level in the OSI model and has information about hostnames as well.

image.png

You can try enabling SSL/TLS filtering for all applications under Web and email -> SSL/TLS -> Filtering mode: Policy mode.

In case of any issues with SSL/TLS filtering in certain applications, you can adjust SSL/TLS scan mode for particular applications:

 

I understand this but those domain names still have to be resolved by the DNS before becoming IP addresses. I want a more granular access customization since Microsoft doesn't also display the processes names that access those domains so i can't be sure what i allow or deny.

Does ESET Command Line allows adding/removing/updating only of Firewall Rules ?

Edited by nonamelab
Link to comment
Share on other sites
Guest

Guest

Posted
Posted
10 hours ago, nonamelab said:

I understand this but those domain names still have to be resolved by the DNS before becoming IP addresses. I want a more granular access customization since Microsoft doesn't also display the processes names that access those domains so i can't be sure what i allow or deny.

Does ESET Command Line allows adding/removing/updating only of Firewall Rules ?

I think it can be done via "internet protection / web access protection / URL address management"

https://help.eset.com/essp/11.2/en-US/idh_config_epfw_scan_http_address_list.html

Link to comment
Share on other sites
nonamelab

nonamelab 0

Posted
Posted (edited)

Never mind fixed with a DNS proxy cache software that accept regular expressions as inputs for block rules. What i asked can be made possible if ESET would integrate a DNS module to replace Windows one , this way no more unwanted connections and very granular control over what domains can and cannot access programs that already have a allow rule in ESET Firewall.

Next step is a home made cheap pc with linux to act as a router, firewall etc for all my network. Guess buying a 3 years ESET Security subscription was a mistake for my current needs

Edited by nonamelab
Link to comment
Share on other sites
MasterTB

MasterTB 8

Posted
Posted

I honestly don't know if this has been asked before BUT, given the fact that you now have an online service that accounts for all the licenses and installations of Eset products for every user, (In my case, for example, I have a 6 device license and manage then all through the manager) wouldn't it be possible to add some sort of sync option that would allow the home users to deploy the installs with the same settings across devices???

I mean I have Eset Internet Security on all my pc's and I have to go one by one setting them up and making sure they all run the same settings, if you could automate this process it would be awesome.

Link to comment
Share on other sites
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...