Jump to content

Archived

This topic is now archived and is closed to further replies.

rugk

Small Bugs in ESET Smart Security + Suggestions

Recommended Posts

So here are my findings... :)

...and a few suggestions. (the majority of them I already posted, but I wanted to link them again here)

 

Everything was tested with ESS 8.0.304.x

 

Bugs

 

1. ESET LiveGrid: Wrong window title

I have already reported this to the support some time ago, but it don't seems to get fixed, so here is it again.

If you show the reputation of a file with right-clicking on a file there is a small issue: In the window it says "Running processes" even if the file (which can also be a non-executable file) in fact isn't running.

post-3952-0-18214700-1419193168_thumb.png

 

2. Issue with the calculation of the processor speed

This issue happened to me only when I'm installing ESS in a VM (Microsoft Windows Virtual PC)...

And there it will claim that my processor has a speed of 2 or 3 Mhz! So... ehm... that's wrong... :D

(The funny thing is that in my case the processor name already includes the processor speed, so it looks really funny)

This will claimed everywhere where it is calculated - in the "About"-Window and even in ESET SysInspector:

post-3952-0-55407800-1419193816_thumb.pngpost-3952-0-46688300-1419193817_thumb.png

I used the following version of ESET SysInspector:

post-3952-0-03837900-1419193818_thumb.png

I can send you the SysInspector log I created there if you want.

 

3. IDS - DNS Poisoning attack detection deactivated by default

I also saw that the DNS Poisoning attack detection is deactivated by default. That means when you click on the IDS settings on the button "default" and reset these settings it will deactivate this detection. Is this by design?

Additionally AFAIK this attack detection is normally activated after a clean installation of ESS, so a user using the default button in the settings will in fact reduce it's protection instead of restoring the "real" default settings?

post-3952-0-03347200-1419194283_thumb.png

 

4. Interactive mode - drop-down boxes in the advanced options

Another GUI "bug" is in the interactive prompts from HIPS and the firewall. It's just that the drop-down boxes have a different design.

Have a look at this post.

There you can see that they are different. The boxes from the interactive firewall have the "normal" Windows 7 design, but the boxes from HIPS have a strange white background behind their text.

 

5. Buggy default buttons in ThreatSense settings

And now another issue with these default-buttons. This time it's about the default buttons in the ThreatSense.

To make it short: They are just not working and if they are working (like the button in the "exclusions") then they are not restoring the real default settings.

But to make it easier to understand I made a video of this. There I at first show the real default settings, modify them and then test these default buttons and you can see what they (not) do.

 

Watch video on vimeo (the password you have to enter is: esetforum)

Or download it (in MP4, AVI or WMV) from mega.co.nz.

 

6. No Tray Icon-Bug

I have only saw this two times on two machines. One time it was with ESS v 8.0.301.x and a second time it was ESS v 8.0.304.x.

Detailed information you can find in this topic: icon in task bar

 

 

Suggestions

 

1. ESET Smart Security should use GPS for Anti-Theft

EMS already uses GPS to get the location if it is marked as stolen, but the Anti-Theft of ESS doesn't use this.

So I think it is very useful to use GPS (if available of course) there too to have a more accurate location.

More information: Does ESET Smart Security use GPS for Anti-Theft?

 

2. Exclude a threat by the threat name

I think it would be to have a possibility to exclude a threat by it's name. Actually you can do this, but it will still only affect a specific file. I would like to exclude a threat for every file it is detected.

For example it would be great if I could exclude Win32/OpenCandy, because I already created some rules by myself so that this PUA will be blocked. And because it is already blocked I don't want ESET still to recognize it.

 

3. Add an "apply" button to the settings

I think this is more or less self-explanatory. If not then have a look at the post I posted some time ago in another topic.

 

4. Add an option to block SSL v3 so you are better protected against the PODDLE attack

More information in this topic: Poodle Attack - Security flaw in SSL v3 - ESET blocking

Share this post


Link to post
Share on other sites

1, This is just a cosmetic issue that won't be fixed before v9.

3, I guess it's by design. The detection should be disabled if it causes FPs in certain system configurations. Otherwise it can remain enabled.

5, It's by design and it's been so since NOD32 v2. While one of the Default buttons sets the default extension set, the other one sets default settings.

6, I've experienced this behavior with other applications as well so it's rather a Windows' issue than ESET's. In the cases we've been reported, no bug in ESET's code was confirmed.

Share this post


Link to post
Share on other sites

1) No problem. I'm not in a hurry.

3) Well... the question is what is the default setting for this? AFAIK after a clean installation it was activated...

5) Have you watched my video? Okay, with your explanation the reaction of the default button under "exclusions" is understandable, but all the other default buttons (respectively the one default button which is always there)...

These buttons does nothing. (expect of some cases in "limits") E.g. you can see it in 1:57.

6) Okay, if you say this. Personally I only saw this bug with ESS, but anyway it seems to happen very rarely.

Share this post


Link to post
Share on other sites

3, We want to have it enabled by default after installation. However, since it may cause FPs, it doesn't enable when reverting settings to defaults.

5, I was unable to reproduce it and all settings were properly reverted to defaults when following steps from the video.

Share this post


Link to post
Share on other sites

3. Okay so this is really by design. I didn't knew this.

5. Well as you can see in the video it doesn't work. I even tested it on a few other VM's and a real system.
I will test it on another computer as well in the next days or maybe someone else in this forum can try it out.

Share this post


Link to post
Share on other sites

So what about the other issues and the suggestions?

Share this post


Link to post
Share on other sites

Isn't having DNS Poisoning detection turned off by default a serious drawback/weakness? Why even use ESET firewall if something this important is not turned on by default?

Or is this just another instance that with ESET having so many layers of protection the DNS Poisoning would have been caught by some other detection mechanism?

 

I believe ESET doesn't turn on Document Protection by default because there is on ongoing bug in the Office applications (that Microsoft knows about but won't fix). Even with document protection turned off ESET would detect something going on by other means/layers of protection.

Share this post


Link to post
Share on other sites

Well... when resetting the IDS settings and this setting isn't causing any issues I would reactivate it.

 

About the document protection: All Office documents are already scanned by the realtime-protection, so the document protection is only an additional protection layer.

Share this post


Link to post
Share on other sites

Thanks for the reply rugk.

I wouldn't have known about the DNS Poisoning not being enabled by default until I was reading your post about "small bugs" in ESET.

As I said, it just seems this is important and should be enabled by default but then again I am not a knowledgeable power user but more of a novice.

I understand having this set by default may cause problems on some systems.

I went back in and enabled DNS Poisoning but still wonder if this wasn't enabled would ESET protection be weakened? :unsure:

Share this post


Link to post
Share on other sites

I went back in and enabled DNS Poisoning but still wonder if this wasn't enabled would ESET protection be weakened? :unsure:

 

Well...

But we don't know how the DNS (cache) poising/spoofing detection works. I also assume there is only a protection for special kind of DNS spoofing which is able to be recognized from the clients side, because if a DNS server is compromised (or has a wrong cache entry) and returns wrong values then it would be very implausible if any client software could detect this.

 

Maybe I answer your question in the reverse order: Enabling DNS Poisoning detection is surely an increase of ESS protection.

Share this post


Link to post
Share on other sites

None of this issues was resolved until now...

Share this post


Link to post
Share on other sites

1, This is no longer an issue in Endpoint v6, ie. it will be fixed in the next major release.

2, Probably you have a wrong value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz, check it out.

3, This is not a bug but design / feature.

4, We don't plan to make any changes in the current gui. Let's wait for the next major release.

5, This is not a bug but a feature. It's always worked that way since v2.

6, This doesn't seem to be only ESET-related but the issue occurs with other application icons as well. Probably a Windows issue.

Share this post


Link to post
Share on other sites

I can agree to everything - except of 5.

 

5. I'm sure this is not a feature (at least not everything). Look at minute 2.40 - the default button behaves very strangely there.

Or look at 1:57! The button "default" next to the button "Cancel" does not work at all. It does just nothing...

 

And now a good message:

With 2 you're right - yes there stands 2 Mhz :D  (maybe this has to do with Microsoft Virtual PC...)

Share this post


Link to post
Share on other sites

As for point 5, on my ESS v8 clicking the Default button checks both boxes enabling the use of default settings. As for extensions setup, clicking Default to the right of the Cancel button checks the "Scan all files" box and the extension set is ignored which is the default setting. It also unchecks the "Do not scan extensionless files" box. Not sure why it behaves differently on your pc, never seen it work like that.

Share this post


Link to post
Share on other sites

Not sure why it behaves differently on your pc, never seen it work like that.

Yeah, I think that's the problem.

 

I have tried this on a real system and a few virtual machines.

And just now even on another "real system" with the same result.

The buttons are behaving strangely... :)

 

Do you maybe want a SysInspector log to see the system specifications?

Maybe even another user can test it and confirm or deny whether it works on his system.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...