Future changes to ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium and ESET Ultimate Security

[Twersky 2]

Hi Eset team and especially your product manager! I have been using Eset not so long ago, but I already really like it and I actively defend it on the Internet forums. I have some ideas that I would like to offer you for implementation, so that the product becomes even better and more popular.

Description: Add the ability to block any hosts for applications in the firewall rules
Details: Eset has one of the most flexible and powerful firewalls on the market, but sorely lacks a feature to block a specific host for a specific application. For example, I would like to block access to google-analytics [dot] com for the program, but this host has a huge number of ip addresses, and url address control in Internet access protection works only for applications similar to browsers, as I understand it, and it simply does not allow point-blocking.

Description: More information in the network connection monitor and the ability to create rules there
Details: Add geolocation data of remote servers to the monitor of network connections, the ability to view detailed information in some WhoIs service and create blocking rules directly from this interface. This will make it possible to flexibly, conveniently and intuitively control Internet traffic on computer. For example, it will be easy to block Chinese telemetry servers for those who care.

Description: Protection against microphone use
Details: At the moment, Eset IS only offers protection for the webcam. To be honest, the activation of the camera scares me much less, especially since it has a corresponding LED, than the ability to eavesdrop on me. I see microphone protection as a much more valuable function, but at the moment, even with the rules for controlling devices, it is impossible, as I understand it, to do something with a microphone. 

Description: Protection against trackers in browsers
Details: You can add a list of spy servers to block in the web filter - it's easy, but it provides valuable functionality that many users will appreciate. Move it out as a separate setting in the Internet Protection section.

I think that in the conditions of an abundance of free antiviruses and firewalls, Eset needs to take steps towards introducing additional features and functions in the field of protecting privacy in order to remain in demand for a comprehensive product for Internet security.

Description: Protecting document folders with HIPS
Details: I would like the setting for additional protection of user folders to be more intuitive for home users. I often have to explain to people how to configure HIPS in Eset for additional protection of directories with important documents, while many other security products offer this feature from the settings in a few clicks. I would suggest two modes of protecting the selected directories - 1.automatic based on reputation from the Live Grid, 2.completely manual with requests for any access to files

Description: Control over startup, scheduled tasks and new services using HIPS
Details: It's still about usability. Yes, now i can create a rule that will perform these functions, but I believe that there should be a preset HIPS mode, which gives these opportunities out of the box, without unnecessary manipulation by the user. Controlling startup is not such a frequent occurrence for hundreds of notifications, but it is an important element for protection and simply for monitoring your own system.

Description: Ability to specify applications to launch game mode and system optimization
Details: Add the ability to specify applications at startup which Eset will switch to game mode. Add options, such as disabling notifications and Windows updates, disabling "unnecessary" services, possibly changing the process priority for the specified application. Eset is now quite popular with gamers for its amazing lightness and decent level of protection, but it really lacks some extra gaming features to gain a foothold in this part of the market, pushing back Webroot and Bullguard.

Description: Protection against keylogging and screenshots for specified applications
Details: It would be very interesting to see a function in the spirit of protected mode for the browser, but for any application. For example, I use the Bitwarden password manager and Authy for two-factor authentication. It would be very convenient to be able to enable enhanced protection for these applications against data theft. There is something similar in Webroot, for example, although I'm not sure that it works fine there, I could not verify it. It might be cool to add system-wide keystroke encryption altogether, but I think it's too heavy resource task.

Description: Column sorting in firewall rules
Details: This just suggests itself based on usability and the rules of a good interface. It is enough to add a priority column and make the other columns clickable for sorting, which will increase visibility.

P.S. I am looking for a job in the field of technical support, product management or something else in the field of a junior specialist. :))

[shocked 60]

15 hours ago, Twersky said:

Description: Protection against microphone use
Details: At the moment, Eset IS only offers protection for the webcam. To be honest, the activation of the camera scares me much less, especially since it has a corresponding LED, than the ability to eavesdrop on me. I see microphone protection as a much more valuable function, but at the moment, even with the rules for controlling devices, it is impossible, as I understand it, to do something with a microphone. 

 

actually this is a really good idea. if it's possible, i'd love to see it implemented in the future.

 

Edited September 19, 2020 by shocked

[Cheater 0]

Description: Configure manual firewall rule for applications in a folder, instead of a specific executable

Details: I have my firewall in manual modus so I get a notification that a specific executable/program is connecting to outside the computer, or when an incoming connection is detected which is handled by a specific executable/program.
I use this practice so I feel I am in charge what is going on in my computer. However, the rule is configured for a specific executable in a specific folder on my computer. In most cases this is no problem, but for programs that install updates in a new folder each time, this brings up notifications after the program update is installed, because the existing rules don't match the new executable location. This also creates many many rules in the firewall rules list which are unnecessary because only the most recent created rule is used and the other (old) rules for that application are not effective anymore because it points to an executable that is not used anymore.

So for example: Slack

Slack is an application to chat with others. Slack is often updated. Each Slack update is installed in a different folder. My latest version is installed in: C:\Users\myName\AppData\Local\slack\app-4.9.0

The previous version was installed in C:\Users\myName\AppData\Local\slack\app-4.8.0
I don't control the installation location myself, so I cannot change the folder where it's installed in.
After an update of Slack, I get several notifications that Slack in the new application folder, needs permission to make internet connections. This is annoying. I'd rather see that the firewall permission rule can be set on a folder, so whatever application version is running in that folder, it uses the same rule. For example in Slack, I want to set the rule for a folder: C:\Users\myName\AppData\Local\slack
I don't want to omit the executable setting in the rule itself, because then ALL application may connect to that specific IP address+port, or may handle the incoming connection on a specific port. I think that's less secure.

Another example is an application called: OfficeClickToRun.exe
It is situated in folder: C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.13231.20200
The application wants to access Microsoft servers, which I allow. But each update I have to re-allow this. If I can set the rule for folder C:\Program Files\Common Files\microsoft shared\ClickToRun\ than I am done for every update which will be published.

Another example is: Discord
It is situated in folder: C:\Users\myName\AppData\Local\Discord\app-0.0.308

I think I have given enough examples to explain the problem.

I hope you can do something with this feature request.

[peteyt 396]

9 hours ago, Cheater said:

Description: Configure manual firewall rule for applications in a folder, instead of a specific executable

Details: I have my firewall in manual modus so I get a notification that a specific executable/program is connecting to outside the computer, or when an incoming connection is detected which is handled by a specific executable/program.
I use this practice so I feel I am in charge what is going on in my computer. However, the rule is configured for a specific executable in a specific folder on my computer. In most cases this is no problem, but for programs that install updates in a new folder each time, this brings up notifications after the program update is installed, because the existing rules don't match the new executable location. This also creates many many rules in the firewall rules list which are unnecessary because only the most recent created rule is used and the other (old) rules for that application are not effective anymore because it points to an executable that is not used anymore.

So for example: Slack

Slack is an application to chat with others. Slack is often updated. Each Slack update is installed in a different folder. My latest version is installed in: C:\Users\myName\AppData\Local\slack\app-4.9.0

The previous version was installed in C:\Users\myName\AppData\Local\slack\app-4.8.0
I don't control the installation location myself, so I cannot change the folder where it's installed in.
After an update of Slack, I get several notifications that Slack in the new application folder, needs permission to make internet connections. This is annoying. I'd rather see that the firewall permission rule can be set on a folder, so whatever application version is running in that folder, it uses the same rule. For example in Slack, I want to set the rule for a folder: C:\Users\myName\AppData\Local\slack
I don't want to omit the executable setting in the rule itself, because then ALL application may connect to that specific IP address+port, or may handle the incoming connection on a specific port. I think that's less secure.

Another example is an application called: OfficeClickToRun.exe
It is situated in folder: C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.13231.20200
The application wants to access Microsoft servers, which I allow. But each update I have to re-allow this. If I can set the rule for folder C:\Program Files\Common Files\microsoft shared\ClickToRun\ than I am done for every update which will be published.

Another example is: Discord
It is situated in folder: C:\Users\myName\AppData\Local\Discord\app-0.0.308

I think I have given enough examples to explain the problem.

I hope you can do something with this feature request.

Hi this has been requested a few times but there is no solution currently as far as I'm aware. I don't work for Eset but it doesn't look like something eset will add anytime soon. I know Windows store apps cause problems with this

[itman 1,746]

10 hours ago, Cheater said:

Another example is an application called: OfficeClickToRun.exe
It is situated in folder: C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.13231.20200

Using the above as an example, try this as the program path name in the Eset firewall rule:

C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\\OfficeClickToRun.exe

I known the "\\" path notation works for an Eset HIPS rule. It basically tells Eset to ignore the next sub-directory in the path and look for the specified .exe in the sub-directory after the one ignored.

Edited September 25, 2020 by itman

[eitanc 2]

Hi,

Please add an option to enable/disable an exception - meaning we will be able to add it *once* to the list and then either enable or disable it per need. Today we need to add it or delete it, which is not convenient.

This way it will be part of the config - just either active or not, ready for re-use if needed, when needed.

Thanks.

[Twersky 2]

Description: Protecting bank payment mode in modern browsers without IE using

Details: If Eset does not support the default browser for the protected mode, then it first must searches for the installed Edge, Firefox or Google Chrome, and IE is used only when there are no alternatives at all.

Real life example: I have Vivaldi installed as the default browser, but Eset in this case launches protected banking mode in Internet Explorer, which has long been outdated and can hardly be called a safe browser. The system also has the new Edge and Firefox. After removing IE from the system, Eset began to use Firefox, but this is a little inconvenient, since IE is needed in the system for some toolkits and old applications.

P.S. I really hope for Vivaldi support in future versions, including the mobile version. It is a very good, modern browser with a great development team. Support them.

[shocked 60]

2 minutes ago, Twersky said:

P.S. I really hope for Vivaldi support in future versions, including the mobile version. It is a very good, modern browser with a great development team. Support them.

as stated in another post by a moderator, for a new browser to be supported there must be quite high demand from users.
i assume it takes time for a new browser to be added to the list and those browsers are among the most popular.

[Marcos 5,259]

13 minutes ago, shocked said:

as stated in another post by a moderator, for a new browser to be supported there must be quite high demand from users.

Correct. A browser must be popular enough and have symbols made available for developers. Since ESET makes commercial software, the cost of updating the module to acomodate it to new browser versions must pay off from the commercial point of view.

[vvkjndl 0]

Description:  ESET Firewall as a standalone product
Detail:  There's a lack of decent firewalls in the market of Windows Operating Systems. Most software available rely on Windows built-in firewall as their backend. Having ESET Firewall available as a standalone product would greatly benefit those consumers who want to use ESET as their firewall solution and they currently don't have a use case scenario for running any other security modules.

[peteyt 396]

3 hours ago, vvkjndl said:

Description:  ESET Firewall as a standalone product
Detail:  There's a lack of decent firewalls in the market of Windows Operating Systems. Most software available rely on Windows built-in firewall as their backend. Having ESET Firewall available as a standalone product would greatly benefit those consumers who want to use ESET as their firewall solution and they currently don't have a use case scenario for running any other security modules.

I can see this both working and not. I suppose it depends what people want. I do feel most people want full protection so it depends if enough want a standalone firewall.

Also having an extra version could cause confusion as there is already 3 home products 

[DKech 1]

Description: Protecting document folders

Detail: Implementation of protection of user folders and files by the type of folder protection in Windows Defender. Now, in order to obtain such protection, the user must independently create a special rule in the HIPS, which is far from being possible for everyone. If the antivirus implements a similar "one-click" folder protection mechanism (just move the switch of this function to the Enabled position and specify the folders required to protect), then it will be very convenient and within the power of any user. This function can be considered as an additional measure of protection against unknown ransomware.

[Cheater 0]

On 9/26/2020 at 1:05 AM, itman said:

Using the above as an example, try this as the program path name in the Eset firewall rule:

C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\\OfficeClickToRun.exe

I known the "\\" path notation works for an Eset HIPS rule. It basically tells Eset to ignore the next sub-directory in the path and look for the specified .exe in the sub-directory after the one ignored.

It doesn't seem to work. The right part of the image shows how I have the path name (already in a saved condition) but ESET now spams me (the left part of the image) with all the (already configured connections that Slack wants to make to internet. So it doesn't match the rule anymore. 

 

[peteyt 396]

On 11/17/2020 at 11:39 AM, DKech said:

Description: Protecting document folders

Detail: Implementation of protection of user folders and files by the type of folder protection in Windows Defender. Now, in order to obtain such protection, the user must independently create a special rule in the HIPS, which is far from being possible for everyone. If the antivirus implements a similar "one-click" folder protection mechanism (just move the switch of this function to the Enabled position and specify the folders required to protect), then it will be very convenient and within the power of any user. This function can be considered as an additional measure of protection against unknown ransomware.

This has been discussed on multiple occasions by users with the link bellow just one example. However I can't see this happening. Esets argument is that malware might be able to bypass it which would make people think there's no risk

 

[Cheater 0]

Ok, thank you. I now know what my chances are to have a (in my opinion) good feature request.

[itman 1,746]

3 hours ago, Cheater said:

It doesn't seem to work.

Correct. I also tried it recently in a firewall rule and it didn't work.

Try this. I appears the firewall editor will allow just a process name. Enter just slack.exe in the rule Application field and see if that works.

[peteyt 396]

5 hours ago, Cheater said:

Ok, thank you. I now know what my chances are to have a (in my opinion) good feature request.

I think you might be able to do something similar using hips but hips can be complicated and isn't really user friendly 

[DKech 1]

Description: Rules for HIPS on default settings

Detail: I propose to add to HIPS on the default setting (in automatic, smart modes) several pre-written rules to protect important parts of the operating system - startup, host file, some policies. User Sergey Tversky has already posted some registry keys that could be written to the rules by developers and by default, so that there was a request (alert) to the user from HIPS for any changes in these keys and files. 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath

And protect the hosts file.

For corporate users of the business version, there is such a package of rules. Not all of it is needed by home users, but some of it is clearly not superfluous to anyone. 

Edited November 23, 2020 by DKech

[DKech 1]

On 11/18/2020 at 11:27 PM, peteyt said:

This has been discussed on multiple occasions by users with the link bellow just one example. However I can't see this happening. Esets argument is that malware might be able to bypass it which would make people think there's no risk

Not all ransomware is configured to bypass this. Some kind of flimsy argument. This is the same as saying that you don't need to insert a lock into the door, since the robber has the ability to open the lock with his own key.

[peteyt 396]

6 hours ago, DKech said:

Not all ransomware is configured to bypass this. Some kind of flimsy argument. This is the same as saying that you don't need to insert a lock into the door, since the robber has the ability to open the lock with his own key.

I actually agree. Nothing is ever 100 percent safe but the more options generally the better. I mean using your argument you could also argue a virus could bypass the AV so is there any point in the AV? 

I guess eset could be worried people would presume their files would be 100 percent safe which would cause some complaints if malware did bypass it. But I still think the positives would outweigh the negatives. It's also important to note that most of the eset staff on here don't actually deal with development decisions

[chileverde 2]

DESCRIPTION: Move Scheduler from More Tools to Tools; move "More Tools" link on Tools page to a position at the end of the list

DETAILS: I can't remember how long it took me to find the Scheduler the first time I tried. It seemed like scheduling when a scan would occur is a pretty basic feature, and I expected to find it under Setup, but it was not there. I might have looked on the Tools page and not found it there, either. I think I missed the link to "More Tools" because it is in the lower-right corner of the page, all by itself. (And it is not in blue, like the other links on the page.) It would be found more easily if it were below the Banking & Payment Protection link.

If you moved Scheduler to Setup (where I think it belongs), that would throw off users who are used to finding it where it is. But there is certainly enough room on the Tools page for it.

[New_Style_xd 69]

Descrição: Tema ESCURO e modificar ícone antivírus.

Detalhe: Equipe precisamos urgentemente de uma modificação no tema do antivírus colocando o escuro e modificando o ícone do ESET o ico do Olho era muito mais atraente.

 

Machine translation:

Description: DARK theme and modify antivirus icon.

Detail: Team urgently need a modification in the theme of the antivirus by placing the dark and modifying the ESET icon, the single Eye was much more attractive.

Edited December 13, 2020 by Marcos
Machine translation added

[brihy1 3]

Description:Network device/more choices

Details:In connected home-click on device-the type of device there should be more choices,example:Home Security system,smart plug,thermostat,etc or atleast iot device.

[SpamminEagles 0]

Description: Allow saving scan settings with names

Details: My PC has some folders, that have huge amounts of data changing frequently - so I have to exclude them. Thus I need some "complex" scan settings to be set (including and excluding many folders), that I would like to save, so I do not have to reconstruct them each time I randomly want to run another smaller custom scan.

[Marcos 5,259]

1 hour ago, SpamminEagles said:

Description: Allow saving scan settings with names

Details: My PC has some folders, that have huge amounts of data changing frequently - so I have to exclude them. Thus I need some "complex" scan settings to be set (including and excluding many folders), that I would like to save, so I do not have to reconstruct them each time I randomly want to run another smaller custom scan.

That's already possible. Create a new on-demand scan profile and select the desired targets.