Eset IS firewall

[M.H.B 0]

Hello

I have a suggestion for eset...

I think eset's firewall is very simple and it is not functional . Eset can get idea from  Kaspersky or Norton ... Their firewalls are really good... 

For example eset should use data from the LIVEGRID Network database, the application control system flags each application as Trusted, Low Restricted, High Restricted, or Untrusted. Untrusted apps simply don't get to run. Others that aren't in the Trusted category can run, but with limited access to sensitive system areas. In addition it must be have better interface to manges program's rules as like Kaspersky.

Eset must handles application control itself, without popping up confusing queries.Yes I know Eset has automatic mode but it is very simple and not functional to manages rules or in Interactive mode it show  confusing pop-ups in very bad way over and over again... 

Edited December 2, 2017 by M.H.B

[Marcos 5,070]

You are talking about the Application control feature. The role of a firewall is to monitor network traffic and block the malicious or unwanted communication. It's not a role of the firewall to prevent applications from running as it's HIPS which does that.

Blocking any application that is not popular and is new could be disastrous because if a popular application updates, we would block it for several hours until it becomes widespread and popular. Also by default users should not be prompted for an action and all decisions would need to be made automatically in a smart way. Although we currently don't support Application control (except blocking apps via HIPS rules), we use an advanced firewall with IDS support and Network protection integrated which enabled us to prevent the infamous Wannacry from exploiting SMB1 vulnerabilities on unpatched systems. ESET was the only one or one of 2 vendors to have protected against it proactively. The same also goes for HIPS. It's a module that interacts with real-time protection, Advanced Memory Scanner, Exploit Blocker and Anti-ransomware protection to ensure maximum protection against new borne threats.

For more information about ESET technology, please refer to https://www.eset.com/int/about/technology/.

[peteyt 393]

2 hours ago, Marcos said:

You are talking about the Application control feature. The role of a firewall is to monitor network traffic and block the malicious or unwanted communication. It's not a role of the firewall to prevent applications from running as it's HIPS which does that.

Blocking any application that is not popular and is new could be disastrous because if a popular application updates, we would block it for several hours until it becomes widespread and popular. Also by default users should not be prompted for an action and all decisions would need to be made automatically in a smart way. Although we currently don't support Application control (except blocking apps via HIPS rules), we use an advanced firewall with IDS support and Network protection integrated which enabled us to prevent the infamous Wannacry from exploiting SMB1 vulnerabilities on unpatched systems. ESET was the only one or one of 2 vendors to have protected against it proactively. The same also goes for HIPS. It's a module that interacts with real-time protection, Advanced Memory Scanner, Exploit Blocker and Anti-ransomware protection to ensure maximum protection against new borne threats.

For more information about ESET technology, please refer to https://www.eset.com/int/about/technology/.

Is it true eset are thinking of adding an application control module and if so when is this planned for?

[itman 1,659]

1 hour ago, peteyt said:

Is it true eset are thinking of adding an application control module and if so when is this planned for?

I am not holding my breath on this one due to this statement:

Quote

Also by default users should not be prompted for an action and all decisions would need to be made automatically in a smart way.

 

[cyberhash 188]

6 hours ago, M.H.B said:

For example eset should use data from the LIVEGRID Network database, the application control system flags each application as Trusted, Low Restricted, High Restricted, or Untrusted. Untrusted apps simply don't get to run. Others that aren't in the Trusted category can run, but with limited access to sensitive system areas. In addition it must be have better interface to manges program's rules as like Kaspersky.

Eset must handles application control itself, without popping up confusing queries.Yes I know Eset has automatic mode but it is very simple and not functional to manages rules or in Interactive mode it show  confusing pop-ups in very bad way over and over again... 

Kaspersky's application control and firewall are both far from perfect. Plus the overly complex way of configuring them are not at all user friendly. The same can also be said for Bitdefender regarding these issues too.

I have tried them both personally and they DO make mistakes when it comes to both firewall and application control settings. You end up spending more time reversing and fixing things that they have broken or set incorrectly.

I would not fancy any of my software being blocked by DEFAULT just because it's new and has either zero or low reputation. I have games that update every few days and going back to edit rules each time an update is applied would put me off using that security product. Likewise the same can be said for your Microsoft updates, if any critical system files that are updated and blocked could render your system unusable.

Application control is a great idea if you are in control of it YOURSELF. Relying on a 3rd party to get things 100% correct 100% of the time is a risk in itself. Then take into consideration that if you are relying on a reputation based system to control applications, what happens when you install or update software and you have no internet connectivity ?

Average users find choosing between allow or deny daunting enough, never mind getting asked to chose between low restricted or high restricted.