ESET Insiders cutting_edgetech 17 Posted August 30, 2014 ESET Insiders Share Posted August 30, 2014 (edited) I'm joining the party a little late, but I guess it's best to be a little late than never. I have only read a few post, but I saw some discusion about the GUI. I'm glad Eset does not feel they have to change the GUI with each new product release. It's just a silly waste of time unless it's to facilitate the addition of a new feature. I don't think there is anything wrong with V7 GUI so I think it's best Eset uses their time to actually improve how their products perform instead of being worried about eye candy. Also making changes to the GUI risk introducing unnecssary new bugs. Eset please use your time to improve what really counts like detection, blocking capability, removal capability, imrproved exploit mitigation, and keep it light on system resources like you always have. One of the reasons I use Eset is because they don't use the gimmic of changing their GUI with each new product release. If its not broke then there's no need to fix it. I know this is only the opinion of 1 user, but I just wanted Eset to know polices like not changing the GUI for the sake of eye candy is what has kept me using Eset since 2003. Well, i'm going to give this beta a try now. I hope version 8 works as well for me as version 7 has. Keep up the good work! cutting_edgetech Edited August 30, 2014 by cutting_edgetech Link to comment Share on other sites More sharing options...
jadinolf 131 Posted August 30, 2014 Share Posted August 30, 2014 I installed it over V7 with no issues. Never let it be known that I follow instructions. Truthfully, I never noticed any instructions. Link to comment Share on other sites More sharing options...
ESET Insiders cutting_edgetech 17 Posted August 30, 2014 ESET Insiders Share Posted August 30, 2014 (edited) I have ESS (Eset Smart Security) firewall in interactive mode, and each time I allow an application internet request UAC prompts me asking if I want to allow that action. What is ESS doing when allow an application internet request that needs permission from UAC? I had a minor issue with the firewall prompt. When I expanded the firewall prompt for more detail the bottom edge of the prompt was cut off. I had to drag the prompt to a higher position on the screen in order to access the hide advanced options button. I only had to do this once since the prompt appeared in the position I dragged it to from then on. I would suggest that Eset position the Firewall prompt just a little higher on the screen so all users can see the full prompt when it is expanded for more detail. I think I only had to drag the prompt about 2-3 inches higher. I'm using a Sony Vaio Laptop with a 15.5" LCD monitor resolution 1366 X768. Windows 7X64. Edited August 30, 2014 by cutting_edgetech Link to comment Share on other sites More sharing options...
ESET Insiders cutting_edgetech 17 Posted August 31, 2014 ESET Insiders Share Posted August 31, 2014 Is ESS exploit shield only going to monitor java for exploits? You should also monitor Adobe reader, and Adobe flash by default. Maybe you could even give an option for the user to add additional applications to be monitored for exploits. Link to comment Share on other sites More sharing options...
rugk 397 Posted August 31, 2014 Share Posted August 31, 2014 Is ESS exploit shield only going to monitor java for exploits? You should also monitor Adobe reader, and Adobe flash by default. Maybe you could even give an option for the user to add additional applications to be monitored for exploits. It is not only monitoring java, but also PDF readers, mail clients and browsers. See this topic: Hitman Pro Alert Link to comment Share on other sites More sharing options...
SweX 871 Posted August 31, 2014 Share Posted August 31, 2014 (edited) Is ESS exploit shield only going to monitor java for exploits? You should also monitor Adobe reader, and Adobe flash by default. Maybe you could even give an option for the user to add additional applications to be monitored for exploits. The ESET Exploit Blocker already covers more apps in V7 too, it's just that it have been improved against Java exploits in V8 wich is why they highlight that in the changelog I guess. Edited August 31, 2014 by SweX Link to comment Share on other sites More sharing options...
ESET Insiders cutting_edgetech 17 Posted August 31, 2014 ESET Insiders Share Posted August 31, 2014 (edited) I did not know Eset Smart Security's exploit shield was protecting other vulnerable applications since I use Online Armor, and NOD 32 except for this beta build of Eset Smart Security 8. I'm thinking about switching to Eset Smart Security though on all my machines due to Emsisoft's complete lack of development of Online Armor. The only products they care about anymore are EAM, and EIS. They don't even respond to bug reports for OA anymore, and have not since about the beginning of the year. I was informed by Emsisoft that the development tools that were used to code OA with were outdated so it would be a major job to update OA since the code would have to be migrated to another compiler, and IDE. Emsisoft was responding to my request to enable ASLR, and DEP for OA when providing me with this information. It may be time to retire Online Armor into my Hall of Fame retirement home lol If Eset spends more time improving their firewall, and further development of it's exploit mitigation shield then I will definitely switch. My license for NOD 32 expires 10/22/14 so I will probably switch to Eset Smart Security then. Edited August 31, 2014 by cutting_edgetech Link to comment Share on other sites More sharing options...
SweX 871 Posted August 31, 2014 Share Posted August 31, 2014 (edited) Sorry i'm not sure if you mean the Vulnerability Shield (ESS only as it works at the network level as an extension of the firewall) or the Exploit Blocker found in both NOD32 and ESS. As there is no feature called Exploit Shield in ESET's products. In any case, it's the Exploit Blocker that looks out for exploit typical behaviors, this is a good page to find out more about these and the other features. hxxp://www.eset.com/int/about/technology/ Regarding the ability for the user to add applications to the Exploit Blocker (like you can in another product). I don't think that is needed I believe it all works in an automatic way so the users doesn't need to think about what to add or not, the Exploit Blocker work like an extension of the HIPS. Of course details are sparse so we don't know exactly how. But like I mentioned elsewhere I think it would have performed better in the PCSL test if V8 were tested with the improved Java Exploit protection. Edited August 31, 2014 by SweX Link to comment Share on other sites More sharing options...
ESET Insiders cutting_edgetech 17 Posted August 31, 2014 ESET Insiders Share Posted August 31, 2014 (edited) Yes, I was referring the exploit blocker. I have it disabled in NOD 32 since it is part of the HIPS. I was afraid it would interfere with Online Armor HIPS. Exploit blocker does not show in the settings anymore after disabling it so I couldn't remember what it was called. Thank You. Edited August 31, 2014 by cutting_edgetech Link to comment Share on other sites More sharing options...
SweX 871 Posted August 31, 2014 Share Posted August 31, 2014 Ahh right, no problem. I have never used OA so I have no idea how good or bad they would get along. Link to comment Share on other sites More sharing options...
ESET Insiders cutting_edgetech 17 Posted September 1, 2014 ESET Insiders Share Posted September 1, 2014 I'm going to have to look into Eset's exploit blocker more. The link above leads me to believe that Eset's exploit blocker is a behavior blocker with HIPS to assist when needed. Here is a one sentence description they have of it, :it monitors the behavior of processes and looks out for suspicious activities that are typical for exploits". I want to make recommendations for the exploit blocking feature used by Eset, but I would need more detailed information about how it works. Does it also use similar methods to that of EMET, Hitman Pro Alert 3, or Malwarebytes AE? Link to comment Share on other sites More sharing options...
Vignesh Raja 1 Posted September 1, 2014 Share Posted September 1, 2014 Hi, I really don't need any UI changes but please consider adding few more features like Sandboxing, AdBlocking etc.. Also please change way of tweaking Firewall. For now it is very very confusing and hard while going through Firewall settings. Also reduce resoure usage. Recently Eset's service, ekrn.exe has been consuming too much of RAM. Nothing more in my point of view. Thank You. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,595 Posted September 1, 2014 Author Administrators Share Posted September 1, 2014 Also please change way of tweaking Firewall. For now it is very very confusing and hard while going through Firewall settings.Please be more specific. Common users don't have to adjust firewall settings at all. If something doesn't work because a communication is blocked by the firewall, you should switch to learning mode for a while and that's it. Advanced users can tweak firewall to their needs, however. Also reduce resoure usage. Recently Eset's service, ekrn.exe has been consuming too much of RAM.Ekrn normally allocates about 100 MB or RAM which is not much given that current systems are usually shipped with 4-8 GB RAM at minimum. ESET uses RAM efficiently to speed up operations that would otherwise take more system resources. Link to comment Share on other sites More sharing options...
SweX 871 Posted September 1, 2014 Share Posted September 1, 2014 (edited) Also reduce resoure usage. Recently Eset's service, ekrn.exe has been consuming too much of RAM. Nothing more in my point of view. Thank You. If ESET would change the way the product works, so ekrn.exe would use 5-10mb of ram then it will also decrease the system performance. And instead you might say that it slows you down despite having a low resource usage. In this case, the resource usage is the key to the system performance. Reducing the resource usages will not make your system feel any faster only the opposite. Edited September 1, 2014 by SweX Link to comment Share on other sites More sharing options...
ESET Insiders TJP 125 Posted September 1, 2014 ESET Insiders Share Posted September 1, 2014 RAM usage used to be a big deal back in the day on forums such as Wilders (I'm talking Nod32 version 2.7). The ESS beta and ESS version 7 use around 100MB of RAM which is nothing in a modern system that will likely have 4GB of RAM or more (mine has 8GB). I find web browers (Firefox, Chrome, Opera etc) use far more RAM than ESS. The other aspect to remember is ESS uses next to none CPU when scans aren't being run & it's something I really appreciate. Quite a few other AV vendors could learn from Eset's approach. Link to comment Share on other sites More sharing options...
ESET Insiders cutting_edgetech 17 Posted September 2, 2014 ESET Insiders Share Posted September 2, 2014 (edited) My DNS always leaks with Eset Smart Security 8 beta when using Boleh VPN. It never did leak when using Online Armor with Boleh VPN. Boleh VPN client uses OpenVPN protocols. What do you need to trouble shoot this problem? I already tried using learning mode so ESS would properly configure the Firewall for Boleh VPN Client. That did not work. My DNS still leaked after connecting to a Boleh route. I also tried interactive mode, and that failed to resolve the issue as well. The firewall log is blank in the UI. Where are the logs you will need? Its really late here so I will check back in the morning to see what is needed to resolve this issue. Edited September 2, 2014 by cutting_edgetech Link to comment Share on other sites More sharing options...
ESET Insiders cutting_edgetech 17 Posted September 2, 2014 ESET Insiders Share Posted September 2, 2014 (edited) I think I figured out what settings I need to use for my logging needs. The logging options just seem to be a little confusing to me. I'm trying to think of better language to use in the options. Edited September 2, 2014 by cutting_edgetech Link to comment Share on other sites More sharing options...
ESET Insiders cutting_edgetech 17 Posted September 2, 2014 ESET Insiders Share Posted September 2, 2014 (edited) If I set the filtering to not specified then it says filtering is off. It that expected behavior? I want ESS to log traffic continuously without specifying a time period. Edited September 2, 2014 by cutting_edgetech Link to comment Share on other sites More sharing options...
AlertMessagesSucks 0 Posted September 2, 2014 Share Posted September 2, 2014 (edited) I found lack in a design of an in-browser alert pages a while ago. https://kb.eset.com/library/ESET/KB%20Team%20Only/SOLN3100/SOLN3100FIG1-1.png https://forum.eset.com/uploads/post-3663-0-53871900-1398320438.png Their controls need JavaScript enabled to work. This is pain in the (_!_) for people who are blocking JavaScript by default and enabling it on per site basis too because they can't enable JavaScript for the alerts only. The alerts should be rewritten to be JavaScript free. Is this already fixed in this beta version? For admins: this account already did its job and has no reason to live. I don't even remember password anymore so feel free to terminate it, not me. Edited September 2, 2014 by AlertMessagesSucks Link to comment Share on other sites More sharing options...
SweX 871 Posted September 3, 2014 Share Posted September 3, 2014 but I would need more detailed information about how it works. Does it also use similar methods to that of EMET, Hitman Pro Alert 3, or Malwarebytes AE? Hey cutting_edgetech Like MBAE:https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-40#post-2405280..... .....The ESET Exploit Blocker is/was patent-pending too, and MBAE and competing apps don't give out too much details about how their product actually work as the bad guys can take benefit from it as well, so i'm not sure how much details ESET is prepared to share. We know that it is an extension of the HIPS...but how it works exactly in detail I don't think its safe to share that, depending on what type of details we're talking about of course. Link to comment Share on other sites More sharing options...
ESET Insiders puff-m-d 120 Posted September 3, 2014 ESET Insiders Share Posted September 3, 2014 Hello, My comment is about the Idle State scanning. I would probably use it except for one thing, the scan process never ends. As soon as it finishes one scan, it will start another. I know this is probably by design and considered a feature, but it would be good to have an option to space the idle state scanning out and not have it continuously running. For example, have an option to select how often it should run, say once in a 3 day, 4 day, or 5 day, etc. period. In my case, I would like it to scan and once it had finished, instead of just starting another scan, only run once in any 7 day period. I know I can schedule a scan on a weekly basis but that works a bit differently. On the weekly scheduled scan, it scans whether the computer is idle or not, and if missed, I can set the option to scan as soon as possible which means basically on the next reboot. My system stays on for days at a time and I have seen the scheduled weekly scan missed by sometimes a week or more due to this. The idle state scan with the option to only scan once in a given period of time would solve this as well as have the actual scanning only happening during idle times on your system. This is just an observation as to a possible improvement and better functionality... Link to comment Share on other sites More sharing options...
rugk 397 Posted September 3, 2014 Share Posted September 3, 2014 (edited) Good suggestion, @puff-m-d! Edited September 3, 2014 by rugk Link to comment Share on other sites More sharing options...
ESET Insiders cutting_edgetech 17 Posted September 4, 2014 ESET Insiders Share Posted September 4, 2014 (edited) but I would need more detailed information about how it works. Does it also use similar methods to that of EMET, Hitman Pro Alert 3, or Malwarebytes AE? Hey cutting_edgetech Like MBAE:https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-40#post-2405280..... .....The ESET Exploit Blocker is/was patent-pending too, and MBAE and competing apps don't give out too much details about how their product actually work as the bad guys can take benefit from it as well, so i'm not sure how much details ESET is prepared to share. We know that it is an extension of the HIPS...but how it works exactly in detail I don't think its safe to share that, depending on what type of details we're talking about of course. I guess I should have stated my question more clearly. I understand they can't give out too detailed of description. I was looking for something more along the lines of a type of method being used. I was wondering if they use advanced memory protection methods used by applications like EMET, behavior blocking, HIPS, a combination, or some other method. I'm trying to think of a better layout for the firewall now. I don't like the UI for the rules, and zones section of the firewall. It is not user friendly for the average user. I think they need to break things down more into tabs. I'm trying to think of a more detailed designed with things broken down into tabs more to propose as a possible option. Edited September 4, 2014 by cutting_edgetech Link to comment Share on other sites More sharing options...
jadinolf 131 Posted September 6, 2014 Share Posted September 6, 2014 Version 8 beta found something. Don't believe I've ever seen a message like that. Link to comment Share on other sites More sharing options...
SweX 871 Posted September 6, 2014 Share Posted September 6, 2014 (edited) I see "Ashamp..." is that connected to some type of Ashampoo software perhaps. Could it be a PUA detection? I don't use Ashampoo so I don't know if they bundle something with their software or not. Edited September 6, 2014 by SweX Link to comment Share on other sites More sharing options...
Recommended Posts