bluwiz 1 Posted November 18, 2013 Share Posted November 18, 2013 There appears to be a problem with "smart optimisation" (or my understanding of how "smart optimisation" works) in conjunction with "real-time protection" and "unwanted" detection I have seen various instances (including today) in which I can view/access a file (which has been previously reported by ESET, in one form or another, as an "unwanted" application) without a report being generated... The only time a report is created is when I try to copy the file to a new location - and the new location is reported, but nor the original file... Based on my observations it seems that an update of the virus signature database doesn't reset the "smart optimisation" data ESET records... If "smart optimisation" is based on some MD5/SHA-???-style "checksum" shouldn't this "checksum" be cleared when the virus signature database is updated? Abdulkadirozbudak42 1 Quote Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted November 18, 2013 ESET Insiders Share Posted November 18, 2013 (edited) The only time a report is created is when I try to copy the file to a new location - and the new location is reported, but nor the original file... Because scan level are different On Read to On Write Edited November 18, 2013 by toxinon12345 Abdulkadirozbudak42 1 Quote Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted November 18, 2013 ESET Insiders Share Posted November 18, 2013 Scheduler Default Task Type: On-Demand computer scan Simplified assistant Quote Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted November 20, 2013 ESET Insiders Share Posted November 20, 2013 (edited) Traffic lights for Setup Pane Most people would fix problems by means of Home Screen the way it currently does Edited November 20, 2013 by toxinon12345 Quote Link to comment Share on other sites More sharing options...
Guest Posted November 25, 2013 Share Posted November 25, 2013 There are some features I'd like ESET to add to their suites 1. Less talkative HIPS 2. Sandbox with full virtualization 3. Non-explorer GUI 4. Ability to clean detected malware on scan completion windows without using the option "Scan and clean" 5. Sound alerts on detection Quote Link to comment Share on other sites More sharing options...
SweX 871 Posted November 25, 2013 Share Posted November 25, 2013 (edited) There are some features I'd like ESET to add to their suites 1. Less talkative HIPS 2. Sandbox with full virtualization 3. Non-explorer GUI 1. It doesn't "talk" at all in the default automatic mode, for obvious reasons. The other modes are only meant for advanced and experienced users. 2. As usual I will recommend Sandboxie or other standalone sandbox for people who likes sandbox type programs. 3. A new GUI is in the works, that's all we know for now. Edited November 25, 2013 by SweX Quote Link to comment Share on other sites More sharing options...
Guest Posted November 26, 2013 Share Posted November 26, 2013 There are some features I'd like ESET to add to their suites 1. Less talkative HIPS 2. Sandbox with full virtualization 3. Non-explorer GUI 1. It doesn't "talk" at all in the default automatic mode, for obvious reasons. The other modes are only meant for advanced and experienced users. 2. As usual I will recommend Sandboxie or other standalone sandbox for people who likes sandbox type programs. 3. A new GUI is in the works, that's all we know for now. Automatic mode allows almost all (if not all) requests automatically. So it defeats the purpose of having a HIPS in the first place. Glad to hear that a new GUI is in the works. Quote Link to comment Share on other sites More sharing options...
Pentode 13 Posted November 27, 2013 Share Posted November 27, 2013 How about a link on the GUI to this forum? Dave Abdulkadirozbudak42 1 Quote Link to comment Share on other sites More sharing options...
SweX 871 Posted November 27, 2013 Share Posted November 27, 2013 Yeah could fit nicely somewhere in the "Help and support" tab. Abdulkadirozbudak42 1 Quote Link to comment Share on other sites More sharing options...
Pentode 13 Posted November 28, 2013 Share Posted November 28, 2013 ..... and a link to the latest virus threats on the forum. Dave Abdulkadirozbudak42 1 Quote Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted November 29, 2013 ESET Insiders Share Posted November 29, 2013 (edited) Automatic mode allows almost all (if not all) requests automatically. So it defeats the purpose of having a HIPS in the first place. Turn On the new HIPS Advanced Memory Scanner, it is a post-execution detection layer It is available in version 7 Edited November 29, 2013 by toxinon12345 Quote Link to comment Share on other sites More sharing options...
Guest Posted November 29, 2013 Share Posted November 29, 2013 Automatic mode allows almost all (if not all) requests automatically. So it defeats the purpose of having a HIPS in the first place. Turn On the new HIPS Advanced Memory Scanner, it is a post-execution detection layer It is available in version 7 It's turned on. I haven't turned off any module in it. Quote Link to comment Share on other sites More sharing options...
Alikhan 3 Posted December 2, 2013 Share Posted December 2, 2013 Description: Warn users when opening an unknown file to Eset (using live grid features)Detail: I think users should be warned when an unknown file is being ran since it could be malicious. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted December 2, 2013 Administrators Share Posted December 2, 2013 Description: Warn users when opening an unknown file to Eset (using live grid features) Detail: I think users should be warned when an unknown file is being ran since it could be malicious. There are hundreds of thousands of legitimate applications that are new to LiveGrid so your suggestion would produce a lot of warning to users who wouldn't know whether to allow the application to run or not. Quote Link to comment Share on other sites More sharing options...
Alikhan 3 Posted December 2, 2013 Share Posted December 2, 2013 Description: Warn users when opening an unknown file to Eset (using live grid features) Detail: I think users should be warned when an unknown file is being ran since it could be malicious. There are hundreds of thousands of legitimate applications that are new to LiveGrid so your suggestion would produce a lot of warning to users who wouldn't know whether to allow the application to run or not. Well, what I meant is when a file is downloaded. I know they could be some legitimate files but if you narrow it down to factors such as: - File has a digital signature - The source of the file - How long the file has been created - Amount of users with the file - Where the file has been downloaded from And some other factors it would narrow it down. Most major AVs use the cloud to their advantage so this was just like an idea. Quote Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted December 11, 2013 ESET Insiders Share Posted December 11, 2013 (edited) factors such as: - File has a digital signature - The source of the file - How long the file has been created - Amount of users with the file - Where the file has been downloaded from Low prevalent and rare files with suspicious packed PE --> Query reputation data after successfully downloaded such file Also, I think AMS possibly could benefit speed from the whitelist Edited December 11, 2013 by toxinon12345 Quote Link to comment Share on other sites More sharing options...
Gualano Marco 2 Posted December 17, 2013 Share Posted December 17, 2013 Hello, it's better for searching and browsing malware names that the type of malware is to be available in 'ESET signature database' page, for example: Win32/Dorkbot.B "This is the the available information of update info in the current update info page". Win32/Dorkbot.B worm "The preffered formula of that information". Quote Link to comment Share on other sites More sharing options...
Janus 210 Posted December 18, 2013 Share Posted December 18, 2013 Hey EsetThe Idea ........: Automatic highlight of unknown downloaded files.The argument: When you download a file to your download folder, that is new for eset's File Reputation. Then will the file automatically be highlighted with e.g. the same color that eset use for unknown files. It is actually, more or less, the same function as eset already has in the right click context menu,where we find File Reputation. The idea is to expand some of this functionality to files downloaded in the download folder, to increase the users awareness before executing a file.Regards Janus Quote Link to comment Share on other sites More sharing options...
GreyGhost 9 Posted December 21, 2013 Share Posted December 21, 2013 Disabling phishing protection should give user warning that he/she doesn't have full protection. The taskbar icon should change color and right clicking taskbar icon should not give message with green checkmark "Maximum protection". The same scenario for disabling anti-stealth technology. Abdulkadirozbudak42 1 Quote Link to comment Share on other sites More sharing options...
Super_Spartan 56 Posted January 2, 2014 Share Posted January 2, 2014 I request ESET to remove the Activate product context menu after a successful activation: Activate Product still appears after product is activated This is very annoying and misleading My product IS activated and valid till December 2015 so why does this choice of activating the product still appear when I right click on the NOD32 program in the taskbar please inform ESET to fix this it's very unprofessional Quote Link to comment Share on other sites More sharing options...
TomFace 539 Posted January 2, 2014 Share Posted January 2, 2014 I request ESET to remove the Activate product context menu after a successful activation: Activate Product still appears after product is activated This is very annoying and misleading My product IS activated and valid till December 2015 so why does this choice of activating the product still appear when I right click on the NOD32 program in the taskbar please inform ESET to fix this it's very unprofessional Tweak Arena, did you vote? See below: https://forum.eset.com/topic/1651-tray-menu-options-poll/ Quote Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted January 12, 2014 ESET Insiders Share Posted January 12, 2014 Does ESET SysInspector | ESETOnlineScanner have these features for better LiveGrid tracking? the snapshot of the running processes has to contain information extracted by the following three components: The file information component extracts information such as Portable Executable structure abnormalities, entropy, whether or not the file is digitally signed with a valid digital signature, imported functions, etc. are all helpful in determining whether a file is suspicious. The memory information component analyses the in-memory image of modules. Since the modules are already executing, it is safe to assume that, at this stage, most modules are decrypted/decompressed and we have access to their unencrypted memory image. Among information retrieved, we mention: Exploits and shellcode. Embedded executables (particularly device drivers!). Strings used by various protocols, interesting registry keys, etc. Whether the in-memory code section exactly matches the on-disk code section (of course, after we apply relocation information). The System information component analyses the way the module interfaces with the system, and possibly other systems, by taking in consideration the following: A hidden process, or a hidden module within a process, is a warning sign. A process that waits on a specific port, or is connected to a server on a specific port may be a warning sign, depending on the port, server address and other flags. A process with multiple valid and visible windows may be considered less suspicious than a process with no windows, or with windows outside the viewing area of the screen. PI hooking, although used in legitimate software as well, is mostly used by malware, typically by injecting unconditional branches to the new handler function. A presence in a ‘hot’ area of the file system (the Windows or System32 directories, Startup, Temporary Folder, etc.) or presence of an executable in a file’s list of streams, may represent a warning sign, depending on other factors. Different ways of loading a DLL into the system are important flags in determining whether a file is suspicious. The way a process is started may reveal interesting information. A process automatically started via an autorun registry key may receive a different score compared to a process manually started by the user Quote Link to comment Share on other sites More sharing options...
ESET Insiders toxinon12345 32 Posted January 12, 2014 ESET Insiders Share Posted January 12, 2014 Removable media insertion Add "Quick scan | Superficial scan" option in the notification prompt "Profile selector" in Advanced setup Abdulkadirozbudak42 1 Quote Link to comment Share on other sites More sharing options...
chrlshlmn 36 Posted January 20, 2014 Share Posted January 20, 2014 I would like to see more e-mail supportive clients for eset.Thanks. Quote Link to comment Share on other sites More sharing options...
chrlshlmn 36 Posted January 22, 2014 Share Posted January 22, 2014 Thanks to all of you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.