Jump to content

Eset Smart Security And Eset Nod32 Antivirus 8 Beta Available


Recommended Posts

  • ESET Insiders

I'm joining the party a little late, but I guess it's best to be a little late than never.  I have only read a few post, but I saw some discusion about the GUI. I'm glad Eset does not feel they have to change the GUI with each new product release. It's just a silly waste of time unless it's to facilitate the addition of a new feature. I don't think there is anything wrong with V7 GUI so I think it's best Eset uses their time to actually improve how their products perform instead of being worried about eye candy. Also making changes to the GUI risk introducing unnecssary new bugs. Eset please use your time to improve what really counts like detection, blocking capability, removal capability, imrproved exploit mitigation, and keep it light on system resources like you always have. One of the reasons I use Eset is because they don't use the gimmic of changing their GUI with each new product release. If its not broke then there's no need to fix it. I know this is only the opinion of 1 user, but I just wanted Eset to know polices like not changing the GUI for the sake of eye candy is what has kept me using Eset since 2003. Well, i'm going to give this beta a try now. I hope version 8 works as well for me as version 7 has.

 

Keep up the good work!

cutting_edgetech

Edited by cutting_edgetech
Link to comment
Share on other sites

  • ESET Insiders

I have ESS (Eset Smart Security) firewall in interactive mode, and each time I allow an application internet request UAC prompts me asking if I want to allow that action. What is ESS doing when allow an application internet request that needs permission from UAC?

 

I had a minor issue with the firewall prompt. When I expanded the firewall prompt for more detail the bottom edge of the prompt was cut off. I had to drag the prompt to a higher position on the screen in order to access the hide advanced options button. I only had to do this once since the prompt appeared in the position I dragged it to from then on. I would suggest that Eset position the Firewall prompt just a little higher on the screen so all users can see the full prompt when it is expanded for more detail. I think I only had to drag the prompt about 2-3 inches higher.  I'm using a Sony Vaio Laptop with a 15.5" LCD monitor resolution 1366 X768. Windows 7X64.

Edited by cutting_edgetech
Link to comment
Share on other sites

  • ESET Insiders

Is ESS exploit shield only going to monitor java for exploits? You should also monitor Adobe reader, and Adobe flash by default. Maybe you could even give an option for the user to add additional applications to be monitored for exploits.

Link to comment
Share on other sites

Is ESS exploit shield only going to monitor java for exploits? You should also monitor Adobe reader, and Adobe flash by default. Maybe you could even give an option for the user to add additional applications to be monitored for exploits.

It is not only monitoring java, but also PDF readers, mail clients and browsers.

 

See this topic: Hitman Pro Alert

Link to comment
Share on other sites

Is ESS exploit shield only going to monitor java for exploits? You should also monitor Adobe reader, and Adobe flash by default. Maybe you could even give an option for the user to add additional applications to be monitored for exploits.

The ESET Exploit Blocker already covers more apps in V7 too, it's just that it have been improved against Java exploits in V8 wich is why they highlight that in the changelog I guess.

Edited by SweX
Link to comment
Share on other sites

  • ESET Insiders

I did not know Eset Smart Security's exploit shield was protecting other vulnerable applications since I use Online Armor, and NOD 32 except for this beta build of Eset Smart Security 8. I'm thinking about switching to Eset Smart Security though on all my machines due to Emsisoft's complete lack of development of Online Armor. The only products they care about anymore are EAM, and EIS. They don't even respond to bug reports for OA anymore, and have not since about the beginning of the year. I was informed by Emsisoft that the development tools that were used to code OA with were outdated so it would be a major job to update OA since the code would have to be migrated to another compiler, and IDE. Emsisoft was responding to my request to enable ASLR, and DEP for OA when providing me with this information. It may be time to retire Online Armor into my Hall of Fame retirement home lol  If Eset spends more time improving their firewall, and further development of it's exploit mitigation shield then I will definitely switch. My license for NOD 32 expires 10/22/14 so I will probably switch to Eset Smart Security then.

Edited by cutting_edgetech
Link to comment
Share on other sites

Sorry i'm not sure if you mean the Vulnerability Shield (ESS only as it works at the network level as an extension of the firewall) or the Exploit Blocker found in both NOD32 and ESS. As there is no feature called Exploit Shield in ESET's products.

 

In any case, it's the Exploit Blocker that looks out for exploit typical behaviors, this is a good page to find out more about these and the other features.

hxxp://www.eset.com/int/about/technology/

 

Regarding the ability for the user to add applications to the Exploit Blocker (like you can in another product). I don't think that is needed I believe it all works in an automatic way so the users doesn't need to think about what to add or not, the Exploit Blocker work like an extension of the HIPS. Of course details are sparse so we don't know exactly how. But like I mentioned elsewhere I think it would have performed better in the PCSL test if V8 were tested with the improved Java Exploit protection.

Edited by SweX
Link to comment
Share on other sites

  • ESET Insiders

Yes, I was referring the exploit blocker. I have it disabled in NOD 32 since it is part of the HIPS. I was afraid it would interfere with Online Armor HIPS. Exploit blocker does not show in the settings anymore after disabling it so I couldn't remember what it was called. Thank You.

Edited by cutting_edgetech
Link to comment
Share on other sites

  • ESET Insiders

I'm going to have to look into Eset's exploit blocker more. The link above leads me to believe that Eset's exploit blocker is a behavior blocker with HIPS to assist when needed. Here is a one sentence description they have of it, :it monitors the behavior of processes and looks out for suspicious activities that are typical for exploits". I want to make recommendations for the exploit blocking feature used by Eset, but I would need more detailed information about how it works. Does it also use similar methods to that of EMET, Hitman Pro Alert 3, or Malwarebytes AE?

Link to comment
Share on other sites

Hi, I really don't need any UI changes but please consider adding few more features like Sandboxing, AdBlocking etc.. Also please change way of tweaking Firewall. For now it is very very confusing and hard while going through Firewall settings. Also reduce resoure usage. Recently Eset's service, ekrn.exe has been consuming too much of RAM. Nothing more in my point of view. Thank You.

Link to comment
Share on other sites

  • Administrators

Also please change way of tweaking Firewall. For now it is very very confusing and hard while going through Firewall settings.

Please be more specific. Common users don't have to adjust firewall settings at all. If something doesn't work because a communication is blocked by the firewall, you should switch to learning mode for a while and that's it. Advanced users can tweak firewall to their needs, however.

 

Also reduce resoure usage. Recently Eset's service, ekrn.exe has been consuming too much of RAM.

Ekrn normally allocates about 100 MB or RAM which is not much given that current systems are usually shipped with 4-8 GB RAM at minimum. ESET uses RAM efficiently to speed up operations that would otherwise take more system resources.
Link to comment
Share on other sites

Also reduce resoure usage. Recently Eset's service, ekrn.exe has been consuming too much of RAM. Nothing more in my point of view. Thank You.

If ESET would change the way the product works, so ekrn.exe would use 5-10mb of ram then it will also decrease the system performance. And instead you might say that it slows you down despite having a low resource usage.

In this case, the resource usage is the key to the system performance. Reducing the resource usages will not make your system feel any faster only the opposite. :)

Edited by SweX
Link to comment
Share on other sites

  • ESET Insiders

RAM usage used to be a big deal back in the day on forums such as Wilders (I'm talking Nod32 version 2.7). The ESS beta and ESS version 7 use around 100MB of RAM which is nothing in a modern system that will likely have 4GB of RAM or more (mine has 8GB). I find web browers (Firefox, Chrome, Opera etc) use far more RAM than ESS. The other aspect to remember is ESS uses next to none CPU when scans aren't being run & it's something I really appreciate. Quite a few other AV vendors could learn from Eset's approach.

Link to comment
Share on other sites

  • ESET Insiders

My DNS always leaks with Eset Smart Security 8 beta when using Boleh VPN. It never did leak when using Online Armor with Boleh VPN.  Boleh VPN client uses OpenVPN protocols. What do you need to trouble shoot this problem? I already tried using learning mode so ESS would properly configure the Firewall for Boleh VPN Client. That did not work. My DNS still leaked after connecting to a Boleh route. I also tried interactive mode, and that failed to resolve the issue as well. The firewall log is blank in the UI. Where are the logs you will need? Its really late here so I will check back in the morning to see what is needed to resolve this issue.

Edited by cutting_edgetech
Link to comment
Share on other sites

  • ESET Insiders

 I think I figured out what settings I need to use for my logging needs.  The logging options just seem to be a little confusing to me. I'm trying to think of better language to use in the options.

Edited by cutting_edgetech
Link to comment
Share on other sites

  • ESET Insiders

If I set the filtering to not specified then it says filtering is off. It that expected behavior? I want ESS to log traffic continuously without specifying a time period.

Edited by cutting_edgetech
Link to comment
Share on other sites

I found lack in a design of an in-browser alert pages a while ago.

https://kb.eset.com/library/ESET/KB%20Team%20Only/SOLN3100/SOLN3100FIG1-1.png

https://forum.eset.com/uploads/post-3663-0-53871900-1398320438.png

Their controls need JavaScript enabled to work. This is pain in the (_!_) for people who are blocking JavaScript by default and enabling it on per site basis too because they can't enable JavaScript for the alerts only. The alerts should be rewritten to be JavaScript free. Is this already fixed in this beta version?

For admins: this account already did its job and has no reason to live. I don't even remember password anymore so feel free to terminate it, not me. :)

Edited by AlertMessagesSucks
Link to comment
Share on other sites

but I would need more detailed information about how it works. Does it also use similar methods to that of EMET, Hitman Pro Alert 3, or Malwarebytes AE?

Hey cutting_edgetech 

 

Like MBAE:https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-40#post-2405280.....

 

.....The ESET Exploit Blocker is/was patent-pending too, and MBAE and competing apps don't give out too much details about how their product actually work as the bad guys can take benefit from it as well, so i'm not sure how much details ESET is prepared to share. We know that it is an extension of the HIPS...but how it works exactly in detail I don't think its safe to share that, depending on what type of details we're talking about of course. :)

Link to comment
Share on other sites

  • ESET Insiders

Hello,

 

My comment is about the Idle State scanning. I would probably use it except for one thing, the scan process never ends. As soon as it finishes one scan, it will start another. I know this is probably by design and considered a feature, but it would be good to have an option to space the idle state scanning out and not have it continuously running. For example, have an option to select how often it should run, say once in a 3 day, 4 day, or 5 day, etc. period. In my case, I would like it to scan and once it had finished, instead of just starting another scan, only run once in any 7 day period. I know I can schedule a scan on a weekly basis but that works a bit differently. On the weekly scheduled scan, it scans whether the computer is idle or not, and if missed, I can set the option to scan as soon as possible which means basically on the next reboot. My system stays on for days at a time and I have seen the scheduled weekly scan missed by sometimes a week or more due to this. The idle state scan with the option to only scan once in a given period of time would solve this as well as have the actual scanning only happening during idle times on your system. This is just an observation as to a possible improvement and better functionality...

Link to comment
Share on other sites

  • ESET Insiders

 

but I would need more detailed information about how it works. Does it also use similar methods to that of EMET, Hitman Pro Alert 3, or Malwarebytes AE?

Hey cutting_edgetech 

 

Like MBAE:https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-40#post-2405280.....

 

.....The ESET Exploit Blocker is/was patent-pending too, and MBAE and competing apps don't give out too much details about how their product actually work as the bad guys can take benefit from it as well, so i'm not sure how much details ESET is prepared to share. We know that it is an extension of the HIPS...but how it works exactly in detail I don't think its safe to share that, depending on what type of details we're talking about of course. :)

 

I guess I should have stated my question more clearly. I understand they can't give out too detailed of description. I was looking for something more along the lines of a type of method being used. I was wondering if they use advanced memory protection methods used by applications like EMET, behavior blocking, HIPS, a combination, or some other method.

 

I'm trying to think of a better layout for the firewall now. I don't like the UI for the rules, and zones section of the firewall. It is not user friendly for the average user. I think they need to break things down more into tabs. I'm trying to think of a more detailed designed with things broken down into tabs more to propose as a possible option.

Edited by cutting_edgetech
Link to comment
Share on other sites

I see "Ashamp..." is that connected to some type of Ashampoo software perhaps. Could it be a PUA detection?

 

I don't use Ashampoo so I don't know if they bundle something with their software or not.

Edited by SweX
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...