Alikhan 3 Posted November 30, 2013 Posted November 30, 2013 Hi all, I'm currently using ESS (trial) version and am considering purchasing. My only question is what zero day protection does Eset have enabled by default. I know the HIPS is there and all that but the rules have to be set up etc. So if I don't choose that option, is it safe to assume that everything which is not detected by the signatures and web shield will be let through? In the next major release... will there be improvements on zero day protection?
Janus 210 Posted December 1, 2013 Posted December 1, 2013 (edited) Hey Alikhan A interesting question. Well it all depend on how you will define zero day protection abilities? I mean, is a behaviour blocker a zero day tool ? It is no better than the rules that is defined for it, and Hips is no better that the man sitting behind the screen? Sandbox is a strong zero day tool, but i I have seen some, who has let malware through the sandbox? My point is, focus on backup/ layered security such a image backup software, which have the ability to recreate your whole system.This is in my perspective a strong zero day tool, and money well spent . And lastly, I will let Eset talk for them self , see this link : Zero-Day Attack Regards Janus :-)) Edited December 1, 2013 by Janus
Arakasi 549 Posted December 1, 2013 Posted December 1, 2013 1 look down this page explains everything it has to offer : hxxp://www.eset.com/us/home/products/smart-security/ As far as zero day, the three new major tools for zero-day attacks are, Exploit Blocker, Advanced memory scanner, Vulernability shield. Have a look in this article regarding the tools : hxxp://www.eset.com/us/presscenter/press-releases/article/eset-releases-version-7-of-eset-nod32-antivirus-and-eset-smart-security/
Alikhan 3 Posted December 1, 2013 Author Posted December 1, 2013 It would be nice to hear something from Eset themselves. Having seen several reviews and videos (I know they don't serve a real life purpose) once something passes the web shield which is amazing, nothing else does anything. I've never seen the exploit blocker or the vulnerability shield do anything... are they enabled by default or reliant on HIPS. It's either that or the exploit blocker and vulnerability shields are doing the work in the "background" without notifying the user which doesn't seem obvious.
Administrators Marcos 5,462 Posted December 1, 2013 Administrators Posted December 1, 2013 I'd say that most of zero-day threats are detected and blocked by the web scanner utilizing advanced heuristics as well as by Advanced memory scanner. We regularly see almost all zero-day threats detected by ESET's detection mechanisms undetected by most of other famous security software. In case of ESET, recognition of zero-day threats is added swiftly which means such threats would be detected by all products regardless of whether they are run or just go through a server (e.g. mail server, file server, proxy server, gateway, etc.).
Alikhan 3 Posted December 1, 2013 Author Posted December 1, 2013 When threats are detected by the memory scanner etc, does it let the user know or just keeps it to itself in the background?
Administrators Marcos 5,462 Posted December 1, 2013 Administrators Posted December 1, 2013 When threats are detected by the memory scanner etc, does it let the user know or just keeps it to itself in the background? The scanner will attempt to neutralize and remove the threat automatically without user's interaction.
Alikhan 3 Posted December 1, 2013 Author Posted December 1, 2013 Ah, that makes sense. However, wouldn't it better to atleast let the user know if the memory scanner is doing something? Something like a normal detection popup in the corner?
Administrators Marcos 5,462 Posted December 1, 2013 Administrators Posted December 1, 2013 Ah, that makes sense. However, wouldn't it better to atleast let the user know if the memory scanner is doing something? Something like a normal detection popup in the corner? It would be treated like any other threat found on a disk, ie. a bubble with an alert would pop up, informing you that the malicious file has been cleaned.
Recommended Posts