nickster_uk 1 Posted April 18, 2014 Share Posted April 18, 2014 (edited) Since installing Windows 8.1, I have been absolutely stunned with the amount of outgoing traffic to Microsoft. It really is astonishing. I was wondering if ESET or any other users on here have any advice on what to block and whether it has any consequences in the day to day running of the system please? So far, I have noticed that the following processes all want to make regular connections: Host Process for Windows Services (svchost.exe) Host Process for Setting Synchronization (SettingSyncHost.exe) User Account Control Panel Host (UserAccountBroker.exe) Windows Explorer (explorer.exe) Windows Host Process (rundll32.exe) Store Broker (WSHost.exe) Windows Driver Foundation - User-mode Driver Framework Host Process (WUDFHost.exe) Device Association Framework Provider Host (dasHost.exe) Host Process for Windows Tasks (taskhost.exe) I appreciate that some traffic will be related to updating background apps and live tiles etc but I have opted out of the ceip and disabled checking for updates for Windows and drivers so I'm a little unsure on what a lot of this traffic is all about. There's also a lot of connections to Akamai, CloudFlare and Edgecast CDNs. In light of the ongoing heartbleed attacks, I'm a little uneasy about the traffic so any advice or suggestions would be good. Plus many of the processes above will call home to my ISP too. If the firewall was in automatic mode, how much of this traffic would it be letting through? Thanks. Edited April 30, 2014 by nickster_uk Link to comment Share on other sites More sharing options...
nickster_uk 1 Posted April 22, 2014 Author Share Posted April 22, 2014 Bump... I really thought this question would prompt some replies. Link to comment Share on other sites More sharing options...
Proactive Services 11 Posted April 23, 2014 Share Posted April 23, 2014 Well having written a detailed reply to your question I was told by the forum: "Your secure key, used to verify you are posting the topic, did not match the one submitted. Please go back, reload the form, and try again." I can't get it to submit and having come back to this page, my reply is gone. I'm sure someone else will come along and answer your question. Link to comment Share on other sites More sharing options...
CaJazzman 0 Posted April 29, 2014 Share Posted April 29, 2014 Since installing Windows 8.1, I have been absolutely stunned with the amount of outgoing traffic to Microsoft. It really is astonishing. I was wondering if ESET or any other users on here have any advice on what to block and whether it has any consequences in the day to day running of the system please? So far, I have noticed that the following processes all want to make regular connections: Host Process for Windows Services (svchost.exe) Host Process for Setting Synchronization (SettingSyncHost.exe) User Account Control Panel Host (UserAccountBroker.exe) Windows Explorer (explorer.exe) Windows Host Process (rundll32.exe) Store Broker (WSHost.exe) Windows Driver Foundation - User-mode Driver Framework Host Process (WUDFHost.exe) Device Association Framework Provider Host (dasHost.exe) Host Process for Windows Tasks (taskhost.exe) I appreciate that some traffic will be related to updating background apps and live tiles etc but I have opted out of the ceip and disabled checking for updates for Windows and drivers so I'm a little unsure on what a lot of this traffic is all about. There's also a lot of connections to Akamai, CloudFlare and Edgecast CDNs. In light of the ongoing heartbleed attacks, I'm a little uneasy about the traffic so any advice or suggestions would be good. Plus many of the processes above will call home to my ISP too. If the firewall was in automatic mode, how much of this traffic would it be letting through? Thanks. Since, I had to rebuild my pc, which was the best advise, I've gotten, from my sons, I've had Windows 8.1, with Eset Smart Security 7, I, just let everything for Microsoft, be allowed, and have not had any issues, and my pc, is just running perfectly. I, would say, that those, whom, are worried, and those, that have something to hide, such as pirated software. If, you are running, great without any issues, then, just let do it's thing, and allow all of Microsoft's traffic. B) Link to comment Share on other sites More sharing options...
nickster_uk 1 Posted April 30, 2014 Author Share Posted April 30, 2014 (edited) Thanks for the reply CaJazzman. I think your view about those who are worried about such traffic have something to hide is a little blinkered. There are serious privacy issues involved in using the internet and companies regularly sell on personal and private data for advertising or marketing purposes. There's also ongoing issues with Heartbleed which has affected CDNs such as Akamai, EdgeCast and Verizon, all of whom are used by Microsoft. I'm just asking for a little clarity or advice on safer browsing. I also tend to let most, if not all MS traffic go through. I did restrict a few apps and services originally but I found that Metro apps failed to update. I am a little curious as to why a few processes seem to want to connect to my ISP. Perhaps, some of that is location related services which is fine if you're using apps that require that kind of access. However, most of the processes I listed in my first post will initiate connections to my ISP as well as Edgecast and Akamai. Also, as asked in my first post; If the firewall was in automatic mode, how much of this traffic would it be letting through? Edited April 30, 2014 by nickster_uk Link to comment Share on other sites More sharing options...
ESET Insiders xxJackxx 92 Posted April 30, 2014 ESET Insiders Share Posted April 30, 2014 I would think in automatic mode all of the Microsoft traffic would be allowed. Not an official answer, but to my understanding in automatic mode very little outbound traffic is blocked. Link to comment Share on other sites More sharing options...
ESET Moderators Aryeh Goretsky 386 Posted May 1, 2014 ESET Moderators Share Posted May 1, 2014 Hello, One of the new features in Microsoft Windows 8.1 is the use of OneDrive (neé SkyDrive) to save settings from your current computer, not just to back them up, but to allow you to synchronize the information across other computers you own. It could be that some of the network traffic you are seeing is from this behavior. You can change some of this behavior by swiping open Settings (WinKey+I), selecting Change PC Settings in the lower right-hand corner to bring up the PC Settings screen and selecting SkyDrive in the left pane. From here, the various settings for options like File Storage, Camera Roll, Sync Settings, etc. can be toggled on and off. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
nickster_uk 1 Posted May 1, 2014 Author Share Posted May 1, 2014 (edited) Thanks for the reply Aryeh. I appreciate that things like OneDrive will generate traffic back to MS and that is to be expected. Also, after linking a MS account with your profile, that will no doubt generate more for other processes such as User Account Control Panel Host (UserAccountBroker.exe) and WSHost.exe. This doesn't particularly bother me too much although I am slightly concerned with any privacy issues with the data being sent to MS. Then there's the very regular connections back to my ISP through most of the processes listed in my first post. After some tracking with Wireshark, the svchost connections seem to be crl related but it doesn't explain the other processes connections. At the end of the day, I'm aware where this traffic is going, or attempting to go which is good. They're all legitimate businesses of which I use services through so the traffic itself isn't a surprise, it's just the amount of it and the number of processes making the connections which is somewhat surprising. Edited May 1, 2014 by nickster_uk Link to comment Share on other sites More sharing options...
ESET Moderators Aryeh Goretsky 386 Posted May 7, 2014 ESET Moderators Share Posted May 7, 2014 Hello, You can go ahead and try blocking the various communications via ESET Personal Firewall if you're concerned, however, I'm unsure of how this will affect the various services that expect to communicate with Microsoft, et al. I would recommend very carefully, though, in case blocking something leaves the system in a non-working state. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
anybody home 0 Posted December 11, 2014 Share Posted December 11, 2014 Thank you so much for bringing this up, nickster_uk. I too was astonished at all those unsolicited connections when I bought a laptop with win8 and I do block ALL of them via ESET firewall. From time to time I see background activity (mouse cursor flashes) and I have to check everything again... I found your post when trying to find a safe way to disable dasHost.exe.I know that feeling... it seems we're being used and watched all the time. I just found a creepy setting in win8.1 that is turned on by default: "Show text sugestions based on what I type and write on this PC" Link to comment Share on other sites More sharing options...
Utini 1 Posted December 16, 2014 Share Posted December 16, 2014 Since installing Windows 8.1, I have been absolutely stunned with the amount of outgoing traffic to Microsoft. It really is astonishing. I was wondering if ESET or any other users on here have any advice on what to block and whether it has any consequences in the day to day running of the system please? So far, I have noticed that the following processes all want to make regular connections: Host Process for Windows Services (svchost.exe) Host Process for Setting Synchronization (SettingSyncHost.exe) User Account Control Panel Host (UserAccountBroker.exe) Windows Explorer (explorer.exe) Windows Host Process (rundll32.exe) Store Broker (WSHost.exe) Windows Driver Foundation - User-mode Driver Framework Host Process (WUDFHost.exe) Device Association Framework Provider Host (dasHost.exe) Host Process for Windows Tasks (taskhost.exe) I appreciate that some traffic will be related to updating background apps and live tiles etc but I have opted out of the ceip and disabled checking for updates for Windows and drivers so I'm a little unsure on what a lot of this traffic is all about. There's also a lot of connections to Akamai, CloudFlare and Edgecast CDNs. In light of the ongoing heartbleed attacks, I'm a little uneasy about the traffic so any advice or suggestions would be good. Plus many of the processes above will call home to my ISP too. If the firewall was in automatic mode, how much of this traffic would it be letting through? Thanks. I need to bump this old thread because I think there SHOULD BE default rules for all this system files.Users worry about them, so give them default rules? Right now I am also asked about WSHost.exe.. but I don't even use the windows store. So why would it need an internet connection or send data to microsoft? Link to comment Share on other sites More sharing options...
SweX 871 Posted December 17, 2014 Share Posted December 17, 2014 (edited) Why? Again, if you don't like popups or know how to respond to them then use the automatic mode and rules will be created when needed, and not for everything. I am a bit surprised that you that worries about some apps calling home even suggests this. Why not have allow rules for the whole OS so everything OS related that want to connect to MS can connect out as they wish, it would probably help MS with their data mining as well. Instead of asking for more default allow rules to be added consider what Aryeh (and myself) said above.... You can go ahead and try blocking the various communications via ESET Personal Firewall if you're concerned, however, I'm unsure of how this will affect the various services that expect to communicate with Microsoft, et al. I would recommend very carefully, though, in case blocking something leaves the system in a non-working state. I am one of those that don't want to have more pre-defined rules than what is needed. Like it is now, there is not too many pre-defined rules, only for what is necessary, and anyone that wants to add rules can do that as they wish. Instead of working hours with this, it would be much easier for you to use automatic mode, and simply create block rules for the apps that you think are calling home, if that is the only reason why you insist on using interactive mode. I feel you have taken water over your head. It doesn't work like Comodo does, we have the Automatic mode that works great, it's a shame you don't trust it. Edited December 17, 2014 by SweX Link to comment Share on other sites More sharing options...
Utini 1 Posted December 17, 2014 Share Posted December 17, 2014 Why? Again, if you don't like popups or know how to respond to them then use the automatic mode and rules will be created when needed, and not for everything. I am a bit surprised that you that worries about some apps calling home even suggests this. Why not have allow rules for the whole OS so everything OS related that want to connect to MS can connect out as they wish, it would probably help MS with their data mining as well. Instead of asking for more default allow rules to be added consider what Aryeh (and myself) said above.... You can go ahead and try blocking the various communications via ESET Personal Firewall if you're concerned, however, I'm unsure of how this will affect the various services that expect to communicate with Microsoft, et al. I would recommend very carefully, though, in case blocking something leaves the system in a non-working state. I am one of those that don't want to have more pre-defined rules than what is needed. Like it is now, there is not too many pre-defined rules, only for what is necessary, and anyone that wants to add rules can do that as they wish. Instead of working hours with this, it would be much easier for you to use automatic mode, and simply create block rules for the apps that you think are calling home, if that is the only reason why you insist on using interactive mode. I feel you have taken water over your head. It doesn't work like Comodo does, we have the Automatic mode that works great, it's a shame you don't trust it. I don't trust automatic mode because it lets everything out, say hai to password stealers sending all your accounts. am one of those that don't want to have more pre-defined rules than what is needed. Like it is now, there is not too many pre-defined rules, only for what is necessary, and anyone that wants to add rules can do that as they wish. Those are original windows files, they are on the system out of the box and there for need configuration out of the box. So if you ask me, it is necessary for them to have pre-defined rules. I am not talking about rules for office or firefox or whatever. Simply what is running in the backround of every windows user out of the box and tries to open connections / communicates with other. Link to comment Share on other sites More sharing options...
Patch 16 Posted December 17, 2014 Share Posted December 17, 2014 (edited) I think there SHOULD BE default rules for all this system files.Users worry about them, so give them default rules? Right now I am also asked about WSHost.exe.. but I don't even use the windows store. So why would it need an internet connection or send data to microsoft? If you are confident your system is clean you can stop worrying and create rules for all communication which occures with normal activity. ESS will conveniently tell you when each application tries to call out and if you can see no reason how the communication will help you, then block it. As for why does Microsoft store call home when you do not intend to use it, the answer is no doubt it helps Microsoft. Either it simplfies their code by not worrying about network traffic for non paying customers, or potentially increases their sales by data mining. Microsoft are trying to move all their software to an online rental model. No doubt they do not like customers using their software for an extended period without paying more. Either way your decision process it the same. ESS alerts you to the activity:- allow it, if it is OK (system clean and comfortable with that company having free access) block it, if you can't see how that communication helps you (you can always change it later if it breaks something) investigate what is being sent and why if you are curious Worrying about it is not a recommended option. Having everything allowed also does not make any sense as an option. If that is what you want use the automatic or learning modes. Those are original windows files, they are on the system out of the box and there for need configuration out of the box. So if you ask me, it is necessary for them to have pre-defined rules. I am not talking about rules for office or firefox or whatever. Simply what is running in the backround of every windows user out of the box and tries to open connections / communicates with other. I beleive the communication these processes use varies with system configuration. How much is actually needed depends on what you are doing. Interactive mode encouges each user to make their system as tight or as loose as they want. However for users who want an easy setup, which allows normal traffic, and is reasonably safe, then automatic or learning modes are more appropriate Edited December 17, 2014 by Patch Link to comment Share on other sites More sharing options...
SweX 871 Posted December 17, 2014 Share Posted December 17, 2014 Why? Again, if you don't like popups or know how to respond to them then use the automatic mode and rules will be created when needed, and not for everything. I am a bit surprised that you that worries about some apps calling home even suggests this. Why not have allow rules for the whole OS so everything OS related that want to connect to MS can connect out as they wish, it would probably help MS with their data mining as well. Instead of asking for more default allow rules to be added consider what Aryeh (and myself) said above.... You can go ahead and try blocking the various communications via ESET Personal Firewall if you're concerned, however, I'm unsure of how this will affect the various services that expect to communicate with Microsoft, et al. I would recommend very carefully, though, in case blocking something leaves the system in a non-working state. I am one of those that don't want to have more pre-defined rules than what is needed. Like it is now, there is not too many pre-defined rules, only for what is necessary, and anyone that wants to add rules can do that as they wish. Instead of working hours with this, it would be much easier for you to use automatic mode, and simply create block rules for the apps that you think are calling home, if that is the only reason why you insist on using interactive mode. I feel you have taken water over your head. It doesn't work like Comodo does, we have the Automatic mode that works great, it's a shame you don't trust it. I don't trust automatic mode because it lets everything out, say hai to password stealers sending all your accounts. am one of those that don't want to have more pre-defined rules than what is needed. Like it is now, there is not too many pre-defined rules, only for what is necessary, and anyone that wants to add rules can do that as they wish. Those are original windows files, they are on the system out of the box and there for need configuration out of the box. So if you ask me, it is necessary for them to have pre-defined rules. I am not talking about rules for office or firefox or whatever. Simply what is running in the backround of every windows user out of the box and tries to open connections / communicates with other. Utini/zakazak I doubt you are going to get infected with some password stealing malware when you use ESS, MBAM Prem, and HMPA ? I thought you had higher hopes for your setup than that. Paranoid people does usually not trust anything at all, not even the OS, but you want to have allow rules for OS stuff even if they are not needed to begin with, only because they are part of the OS. I don't get that. I know I don't want any part of it anyway. "Patch" as laid it out very nicely above, that's the choices you have. ESET will not add rules unless they are necessary for the OS, if there are no rule for a connection even if it goes to MS then Automatic mode will take care of that as well. So there is no need to have them out of the box. (even if MS would be very pleased) The bottom line is that you are worrying way way too much, and you don't need to. Relax and enjoy your computer instead. Link to comment Share on other sites More sharing options...
Utini 1 Posted December 17, 2014 Share Posted December 17, 2014 (edited) I think there SHOULD BE default rules for all this system files.Users worry about them, so give them default rules? Right now I am also asked about WSHost.exe.. but I don't even use the windows store. So why would it need an internet connection or send data to microsoft? If you are confident your system is clean you can stop worrying and create rules for all communication which occures with normal activity. ESS will conveniently tell you when each application tries to call out and if you can see no reason how the communication will help you, then block it. As for why does Microsoft store call home when you do not intend to use it, the answer is no doubt it helps Microsoft. Either it simplfies their code by not worrying about network traffic for non paying customers, or potentially increases their sales by data mining. Microsoft are trying to move all their software to an online rental model. No doubt they do not like customers using their software for an extended period without paying more. Either way your decision process it the same. ESS alerts you to the activity:- allow it, if it is OK (system clean and comfortable with that company having free access) block it, if you can't see how that communication helps you (you can always change it later if it breaks something) investigate what is being sent and why if you are curious Worrying about it is not a recommended option. Having everything allowed also does not make any sense as an option. If that is what you want use the automatic or learning modes. Those are original windows files, they are on the system out of the box and there for need configuration out of the box. So if you ask me, it is necessary for them to have pre-defined rules. I am not talking about rules for office or firefox or whatever. Simply what is running in the backround of every windows user out of the box and tries to open connections / communicates with other. I beleive the communication these processes use varies with system configuration. How much is actually needed depends on what you are doing. Interactive mode encouges each user to make their system as tight or as loose as they want. However for users who want an easy setup, which allows normal traffic, and is reasonably safe, then automatic or learning modes are more appropriate And again: Automatic mode is userfriendly but not safe enough (atelast not for me). It basically allows everything to communicate to whereever it wants. Atleast system files should be configured for the ports they use and the connections the make (microsoft servers). Why? Again, if you don't like popups or know how to respond to them then use the automatic mode and rules will be created when needed, and not for everything. I am a bit surprised that you that worries about some apps calling home even suggests this. Why not have allow rules for the whole OS so everything OS related that want to connect to MS can connect out as they wish, it would probably help MS with their data mining as well. Instead of asking for more default allow rules to be added consider what Aryeh (and myself) said above.... You can go ahead and try blocking the various communications via ESET Personal Firewall if you're concerned, however, I'm unsure of how this will affect the various services that expect to communicate with Microsoft, et al. I would recommend very carefully, though, in case blocking something leaves the system in a non-working state. I am one of those that don't want to have more pre-defined rules than what is needed. Like it is now, there is not too many pre-defined rules, only for what is necessary, and anyone that wants to add rules can do that as they wish. Instead of working hours with this, it would be much easier for you to use automatic mode, and simply create block rules for the apps that you think are calling home, if that is the only reason why you insist on using interactive mode. I feel you have taken water over your head. It doesn't work like Comodo does, we have the Automatic mode that works great, it's a shame you don't trust it. I don't trust automatic mode because it lets everything out, say hai to password stealers sending all your accounts. am one of those that don't want to have more pre-defined rules than what is needed. Like it is now, there is not too many pre-defined rules, only for what is necessary, and anyone that wants to add rules can do that as they wish. Those are original windows files, they are on the system out of the box and there for need configuration out of the box. So if you ask me, it is necessary for them to have pre-defined rules. I am not talking about rules for office or firefox or whatever. Simply what is running in the backround of every windows user out of the box and tries to open connections / communicates with other. Utini/zakazak I doubt you are going to get infected with some password stealing malware when you use ESS, MBAM Prem, and HMPA ? I thought you had higher hopes for your setup than that. Paranoid people does usually not trust anything at all, not even the OS, but you want to have allow rules for OS stuff even if they are not needed to begin with, only because they are part of the OS. I don't get that. I know I don't want any part of it anyway. "Patch" as laid it out very nicely above, that's the choices you have. ESET will not add rules unless they are necessary for the OS, if there are no rule for a connection even if it goes to MS then Automatic mode will take care of that as well. So there is no need to have them out of the box. (even if MS would be very pleased) The bottom line is that you are worrying way way too much, and you don't need to. Relax and enjoy your computer instead. There is enough malware, password stealers or rats (trojans) that can bypass this setup. They are fully undedected to AV, bypass HIPS and can even bypass FW's. And the black market is full of them starting at ~20%. So easy to use that every 13 year old can configure them. The bottom line is: I have seen to much malware and worked with too much malware to know how easy it is to infect a system. Or lets put it different: how easy it is to make malware bypass security products. All I am asking for a rule for system files that are running and used on every windows pc. Rules that allow those files to do what they do but nothing more. Allow rundl32.dll to connect to the 1-3 ports it needs and to the microsoft servers. Nothing else. Edited December 17, 2014 by Utini Link to comment Share on other sites More sharing options...
Administrators Marcos 5,189 Posted December 17, 2014 Administrators Share Posted December 17, 2014 Ok, so the question is - if you were a firewall maker, how would you make the firewall work fully automatically without disturbing the user with prompt windows, without blocking desired communication with MS or other vendors' servers and block only malicious communication or applications that call home? Link to comment Share on other sites More sharing options...
Utini 1 Posted December 18, 2014 Share Posted December 18, 2014 (edited) Ok, so the question is - if you were a firewall maker, how would you make the firewall work fully automatically without disturbing the user with prompt windows, without blocking desired communication with MS or other vendors' servers and block only malicious communication or applications that call home? Yes that is the big question and i am not sure myself (which is why i am asking for help with those rules). So i hoped the ESET pro's could help with that But I think there needs to be a safe port + protocol list for those files and a safe list of microsoft dns adresses. And with that information the rule can be created but i don't think i can say what is safe for those files. I would rather leave that so aomeone who is more experienced (hi ESET team ;P) @edit: maybe create a fresh windows, custom rule all the request of those files (that fresh windows will be without malware) and then we know how those files communicate? Or someone of ESET is in a position to ask microsoft about more information  The pre-defined rule for svchost are the best example. Everything that should be allowed is allowed. For everything else we get asked. But then I would already get suspicious about what svchost is trying to do Edited December 18, 2014 by Utini Link to comment Share on other sites More sharing options...
SweX 871 Posted December 18, 2014 Share Posted December 18, 2014 (edited) There is enough malware, password stealers or rats (trojans) that can bypass this setup. They are fully undedected to AV, bypass HIPS and can even bypass FW's. And the black market is full of them starting at ~20%. So easy to use that every 13 year old can configure them. The bottom line is: I have seen to much malware and worked with too much malware to know how easy it is to infect a system. Or lets put it different: how easy it is to make malware bypass security products. All I am asking for a rule for system files that are running and used on every windows pc. Rules that allow those files to do what they do but nothing more. Allow rundl32.dll to connect to the 1-3 ports it needs and to the microsoft servers. Nothing else. Of course, the Internet is a dirty place every one knows that. But you are exaggerating the chance of getting infected. Finding malware that can bypass a product isn't hard if you go looking for them, but coming across malware during normal usage is pretty hard (unless you have some crazy habits) I have not come across malware in years. If you are that concerned then start using Linux until it becomes too popular and the malware for that platform will rise. So, Automatic is O.K for the average user hence it is the default. But it is not safe for you which is an above average user. You insist on using interactive mode so you are creating these annoyances that normally doesn't exist. We told you interactive mode is not that convenient to use because you said that you didn't want to be bombarded, but you don't listen. You make a very easy to use product look very inconvenient and annoying to use. It seems you think it is better to pack in as much pre-defined OS rules as possible, because you insist on using interactive mode from the start. And if that were to happen, then users like me should have to spend time going through all pre-defined rules after install to see if there is stuff we want to get rid of or not. If privacy really is that important to you then it's even more weird that you talk about all these pre-defined OS rules you want implemented. I really hope ESET does not follow your suggestion on this. Actually, if you now are that worried then maybe you should consider to invest in a UTM that will stop a lot of attacks and malware before they reach your network, computers, and other connected devices. Edited December 18, 2014 by SweX Link to comment Share on other sites More sharing options...
Utini 1 Posted December 18, 2014 Share Posted December 18, 2014 (edited) There is enough malware, password stealers or rats (trojans) that can bypass this setup. They are fully undedected to AV, bypass HIPS and can even bypass FW's. And the black market is full of them starting at ~20%. So easy to use that every 13 year old can configure them. The bottom line is: I have seen to much malware and worked with too much malware to know how easy it is to infect a system. Or lets put it different: how easy it is to make malware bypass security products. All I am asking for a rule for system files that are running and used on every windows pc. Rules that allow those files to do what they do but nothing more. Allow rundl32.dll to connect to the 1-3 ports it needs and to the microsoft servers. Nothing else. Of course, the Internet is a dirty place every one knows that. But you are exaggerating the chance of getting infected. Finding malware that can bypass a product isn't hard if you go looking for them, but coming across malware during normal usage is pretty hard (unless you have some crazy habits) I have not come across malware in years. If you are that concerned then start using Linux until it becomes too popular and the malware for that platform will rise. So, Automatic is O.K for the average user hence it is the default. But it is not safe for you which is an above average user. You insist on using interactive mode so you are creating these annoyances that normally doesn't exist. We told you interactive mode is not that convenient to use because you said that you didn't want to be bombarded, but you don't listen. You make a very easy to use product look very inconvenient and annoying to use. It seems you think it is better to pack in as much pre-defined OS rules as possible, because you insist on using interactive mode from the start. And if that were to happen, then users like me should have to spend time going through all pre-defined rules after install to see if there is stuff we want to get rid of or not. If privacy really is that important to you then it's even more weird that you talk about all these pre-defined OS rules you want implemented. I really hope ESET does not follow your suggestion on this. Actually, if you now are that worried then maybe you should consider to invest in a UTM that will stop a lot of attacks and malware before they reach your network, computers, and other connected devices. I wonder how anyone knows that he didn't came across malware for years. I have high security habbits and I am not sure myself. A password stealer gets on your system via flash/java/frame drive-by or by opening a movie/office file as they are all or have all been vulnearble. The password stealer runs for a few seconds, sends all the information it wants and then removes itself from your system. All that in a few seconds. And malware these das is spreading very fast by self-spreading via torrent, communicators, ftp, filesharing, usb devices, local network etc... 1000 infections per hour are a normal rating. You don't have to particulary "search for an infection" to get infected. Someone in your local network with an infected laptop/usb stick is enough to get you infected too. Or a hidden drive-by on a random website. The possibilities are endless.. especially when you have 100$ to buy an exploit pack that puts multiple exploit (hidden) on a webpage and is able to infect you via more drive-bys than just java. But I don't want to talk about how dangerous and easymalware is these days Linux or Mac OSX is maybe even more dangerous. The same malware already exists for those OS just that their security products aren't as developed as it is in windows (in my opininon). There even is a trojaner that you can buy for 50$ where you can control all your infected mac osx bots via android/iOS. So yes, that's why "I didn't listen" and decided to use interactive mode. because nothing else comes into my mind when I think about a secure setup. You don't seem to udnerstand what I am asking for: I ask for pre-defined rules for system files (that every user has on his system). And pre-defines rules mean that what ever setup you use (automatic or interactive), you will never have to care about those files because the best rules already exist for them. The same already happend for svchot, winlogon and a few others. And no, ESET isn't that complicated to use. it is actually the easiest product I used so far and has the best interface I have seen yet. But there is room for doing better and I have suggestion for that. Besides that, even if I would have problems with ESET because interactive mode is complicated, isn't the forum here to help with such problems? ;P I am less worried about privacy than I am about malware. Edited December 18, 2014 by Utini Link to comment Share on other sites More sharing options...
SweX 871 Posted December 18, 2014 Share Posted December 18, 2014 (edited) I don't know what to tell to make you see some sense in all this. Do you want to hear about my friend that uses outdated OS, browsers, flash, java...the lot, (despite what I tell him to do) and STILL manage to stay clean and have all the money left on their bank account. Or do you want to hear about another friend that is more like you with loads of security in-place but still managed to get infected not that long ago. (he blamed the failure on his security setup btw and not himself, hilarious) I tell you anything to calm your mind down a little. Staying clean is not only about security software. You will come very far by keep everything up to date, not clicking on every link, and use your brain while browsing around. And the USB or whatever the friend or co worker might give to you, don't connect it to your main system the first thing you do, and when a friend or family member wants to use your computer, say no. "But I don't want to talk about how dangerous and easymalware is these days" Too late, I think you just did that, again. You talk too much about what "could" happen even if the chance that it will happen to you is 0,001%. "and I am not sure myself" I agree, you are not sure about what you want, and you worry way too much, but what ever you do, don't become paranoid it will only make your life harder. Yes some malware exists for Linux and OSX, but it's 98% less malware for those platforms than it is for windows. That percentage speaks for itself. Same with iOS and Android if you stay in the "official" store the chance of getting a rotten egg is very small. "You don't seem to udnerstand what I am asking for:" Yes, I totally understand what you mean, but it is not needed due to the way the product works in the defaults. "I am less worried about privacy than I am about malware." Yeah I can see that. But these days it should be the other way around, or at least 50/50. And that's one reason why I don't want too many pre-defined rules. "Besides that, even if I would have problems with ESET because interactive mode is complicated, isn't the forum here to help with such problems? ;P" Yes, but you don't have any problems with it as far as I can see, you know exactly how the interactive mode works, but a normal recommendation for an interactive mode user that can't handle it or are tired of the popups would be to switch to the Automatic mode. Edited December 18, 2014 by SweX Link to comment Share on other sites More sharing options...
Utini 1 Posted December 18, 2014 Share Posted December 18, 2014 I don't know what to tell to make you see some sense in all this. Do you want to hear about my friend that uses outdated OS, browsers, flash, java...the lot, (despite what I tell him to do) and STILL manage to stay clean and have all the money left on their bank account. Or do you want to hear about another friend that is more like you with loads of security in-place but still managed to get infected not that long ago. (he blamed the failure on his security setup btw and not himself, hilarious) I tell you anything to calm your mind down a little. Staying clean is not only about security software. You will come very far by keep everything up to date, not clicking on every link, and use your brain while browsing around. And the USB or whatever the friend or co worker might give to you, don't connect it to your main system the first thing you do, and when a friend or family member wants to use your computer, say no. "But I don't want to talk about how dangerous and easymalware is these days" Too late, I think you just did that, again. You talk too much about what "could" happen even if the chance that it will happen to you is 0,001%. "and I am not sure myself" I agree, you are not sure about what you want, and you worry way too much, but what ever you do, don't become paranoid it will only make your life harder. Yes some malware exists for Linux and OSX, but it's 98% less malware for those platforms than it is for windows. That percentage speaks for itself. Same with iOS and Android if you stay in the "official" store the chance of getting a rotten egg is very small. "You don't seem to udnerstand what I am asking for:" Yes, I totally understand what you mean, but it is not needed due to the way the product works in the defaults. "I am less worried about privacy than I am about malware." Yeah I can see that. But these days it should be the other way around, or at least 50/50. And that's one reason why I don't want too many pre-defined rules. "Besides that, even if I would have problems with ESET because interactive mode is complicated, isn't the forum here to help with such problems? ;P" Yes, but you don't have any problems with it as far as I can see, you know exactly how the interactive mode works, but a normal recommendation for an interactive mode user that can't handle it or are tired of the popups would be to switch to the Automatic mode. Obiously keeping your system up to date is one of the main things to do to keep malware out of your system. I am not going to argue if you or anyone else ever got infected (because 90% of people don't even realize when they got infected). And I will also not continue about how easy it is to get infected or what kind of malware exists because our experiences/opinions and maybe knowledge go different ways here. Privacy is a big factor but you can't tell ESET to block "privacy concerns with microsoft on windows". Because that could also break the system itself (altough I would love a pre-configured rule set that works and block privacy problems with windows & microsoft) ;P Actually I am having a problem and that is how to configure rules for those windows processes. And I hoped someone could help me with that and ESET could add that to their pre-defined rules just like they also did with svchost, winlogon, etc. Link to comment Share on other sites More sharing options...
Patch 16 Posted December 20, 2014 Share Posted December 20, 2014 I ask for pre-defined rules for system files (that every user has on his system). And pre-defines rules mean that what ever setup you use (automatic or interactive), you will never have to care about those files because the best rules already exist for them. The same already happend for svchot, winlogon and a few others. If ESET add a predefined rule it must be broad enough to cover the requirements for all users. It also announces to malware writers that all ESET installation are open to communication along that path. If all users need to create such a rule then it is sensible for ESET to add it to their predefined rules, as doing so simplifies set up with no change in the resultant firewall users actually use. If many users will not use or need communication along a particular path, or they will only use a subset of a general rule, then users wanting a tight firewall are are best served by not having unnecessary broad predefined rules. The learning mode can then be used to create the specific rules each individual actually needs. For most users, who want ease of use and a strong AV suite of defences, the default automatic mode is appropriate. So in summary, if ALL users actually need the SAME rule then I agree it should be added to the predefined set. If not, then I would prefer to build my own rule. I hope this clarifies the contention. Link to comment Share on other sites More sharing options...
Utini 1 Posted December 20, 2014 Share Posted December 20, 2014 I ask for pre-defined rules for system files (that every user has on his system). And pre-defines rules mean that what ever setup you use (automatic or interactive), you will never have to care about those files because the best rules already exist for them. The So in summary, if ALL users actually need the SAME rule then I agree it should be added to the predefined set. If not, then I would prefer to build my own rule. I hope this clarifies the contention. Sounds good and possible i think Link to comment Share on other sites More sharing options...
blabsaway22 0 Posted December 21, 2014 Share Posted December 21, 2014 guys i just read through your whole debacle about security and rules.. your conversation is so ridiculous..here is the answer.. 1. turn your firewall mode to block everything but always ask you if anything wants to connect.. 2. when you notice you can't connect to internet start there by allowing firefox,chrome, whatever browswer you use to connect. 3. when you notice you can't get windows updates, look at what service tries to connect only when you press the get updates button and allow that.. 4.repeat this process for any other programs you want to connect to the internet ONLY when YOU tell them to do somehting..Like update etc.. 5. dont worry about your computer being blocked from the internet as imagine a user with no internet connection.. they would still be able to use windows etc.. 5.a) which means only worry about something that you need to connect when you want to do something.. was that so difficult?? now get this, i don't use ESET firewall... (i do use the eset online scanner though that is amazing..) mac had a program called little snitch.. guess what it had?? predefined rules that were straight out of the box mac install rules that you needed to just use the mac normally.. yes predefined rules that allow your mac just after install to do what it needs to do.. i actually use binsoft windows firewal control and guess what?? it allows me to even press a temporary "just block this connection till restart" and i can test like that.. whats the big deal and problem? the OP wants predefined rules??? well.. turn your computer on.. disconnect the internet.. and watch your firewall and see what tries to connect.. block it.. then restart computer... see what tries to connect to the internet.. and set your pre definied rules by blocking everything you dont understand.. when you run into a problem like not being able to get updates.. then you probably know you blocked something you need to connect.. gosh.. this was an amazing conversation.. get a firewall by binsoft called windows firewall control Link to comment Share on other sites More sharing options...
Recommended Posts