Guilhermesene 1 Posted January 29, 2021 Share Posted January 29, 2021 (edited) Good evening. I would like to know if the default settings of ESET with only the options "Cleanliness Level: Always fix infections" are sufficient to avoid most current ransomware and malware and even the oldest ones? I put these links below the ESET website that I found and implemented in my ESET Smart Security and I would like to know from the most experienced users if this already makes me well protected. Note: I mainly implemented the second and third links Link 1 Link 2 Link 3 I would also like to know if these implementations mainly in HIPS affect the performance of the device. I attached the configuration that I do on my ESET for the specialists to look at and check if it is a good protection, remembering that I am not an ESET specialist despite wanting to learn more and more. Thanks for the personal help 😉 ESS v14.0.22 Config Recomendada.zip Edited January 29, 2021 by Guilhermesene Link to comment Share on other sites More sharing options...
itman 1,630 Posted January 29, 2021 Share Posted January 29, 2021 (edited) 12 hours ago, Guilhermesene said: I would also like to know if these implementations mainly in HIPS affect the performance of the device. I use both the HIPS and firewall rules and have observed no performance degradation on my very dated PC. 12 hours ago, Guilhermesene said: I would like to know if the default settings of ESET with only the options "Cleanliness Level: Always fix infections" are sufficient to avoid most current ransomware and malware and even the oldest ones? A bit of history first in regards to Eset recommended HIPS and firewall rules noted in links 1 & 2. These were recommended prior to Eset Endpoint products implementing advanced ransomware protection that existed in its consumer products. This advanced protection now exists in the latest Eset Endpoint versions. As such, it is debatable if these custom HIPS and firewall rules are still needed on Eset consumer and Endpoint products. Also these rules especially if set to the specified block versus ask mode, do have the potential to adversely affect some legit applications; especially in commercial installations. Finally, the Eset HIPS and rule recommendations have not been updated in some time to reflect the latest and greatest Windows "living off the land" abused methods deployed by current ransomware attackers. If your specific question is if these rules are sufficient to block future new ransomware methods, the answer is obviously no. Bottom line - creating these above rules have minimal adverse effects for most. I for one have changed all rules to ask versus block mode since my PC is always attended to and I have the technical knowledge to properly respond to the alert. Edited January 29, 2021 by itman Link to comment Share on other sites More sharing options...
Recommended Posts