ESET Insiders cutting_edgetech 25 Posted May 28, 2017 ESET Insiders Share Posted May 28, 2017 I'm still waiting on a top notch behavior blocker, or a more usable HIPS like itman has also requested. I would like to see a behavior blocker that can be tuned to different levels of sensitivity. If Eset is worried about it causing false positives, especially in test like AV comparatives then just leave it disabled by default. Quote Link to comment Share on other sites More sharing options...
Seth 2 Posted May 28, 2017 Share Posted May 28, 2017 2 hours ago, TomFace said: Is this is what you are referring to? If so, it exists today. Yes but you have to type something in "Find text". It doesn't show just those bad files. Quote Link to comment Share on other sites More sharing options...
TomFace 539 Posted May 28, 2017 Share Posted May 28, 2017 (edited) It works without typing anything in "find text". Have you tried it? Try choosing different "record types" and see how the display changes. Edited May 28, 2017 by TomFace Quote Link to comment Share on other sites More sharing options...
Seth 2 Posted May 28, 2017 Share Posted May 28, 2017 9 hours ago, TomFace said: It works without typing anything in "find text". Have you tried it? Try choosing different "record types" and see how the display changes. It did work when I tried different record types. Thanks. Quote Link to comment Share on other sites More sharing options...
TomFace 539 Posted May 28, 2017 Share Posted May 28, 2017 No problem...if you make any changes to see how it affects things, keep in mind you can always reset it back to default settings (if that's the setting you are using). Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted May 29, 2017 Administrators Share Posted May 29, 2017 On 25. 11. 2013 at 8:33 AM, nishadrox said: There are some features I'd like ESET to add to their suites 1. Less talkative HIPS 2. Sandbox with full virtualization 3. Non-explorer GUI 4. Ability to clean detected malware on scan completion windows without using the option "Scan and clean" 5. Sound alerts on detection All features have been there for ages: 1, It's called Smart mode (can be set in the advanced HIPS setup). 2, ESET has employed advanced heuristic, an emulator for running code in a virtual environment for more than 10 years. 3, Set Strict cleaning mode for the appropriate on-demand scanner profile. 4, Available in the on-demand scanner setup since NODv1 if I remember well. Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted June 16, 2017 Share Posted June 16, 2017 Please compile Eset .dlls with CFG support ASAP so that they can't be exploited by a ROP bypass as noted here: https://improsec.com/blog//bypassing-control-flow-guard-on-windows-10-part-ii Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted June 16, 2017 Administrators Share Posted June 16, 2017 2 hours ago, itman said: Please compile Eset .dlls with CFG support ASAP so that they can't be exploited by a ROP bypass as noted here: https://improsec.com/blog//bypassing-control-flow-guard-on-windows-10-part-ii It's enabled as of v10.1 and we will continue gradually enabling it for modules after making sure there's no adverse effect on performance. Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted June 16, 2017 Share Posted June 16, 2017 (edited) 1 hour ago, Marcos said: It's enabled as of v10.1 and we will continue gradually enabling it for modules after making sure there's no adverse effect on performance. It is not enabled for Eset browser adds-ons/plug-ins; at least for IE11. I am on ver. 10.1.210. Suspect same applies to Outlook. Will check other areas and report back if I find more. -EDIT- None of Eset program module .dlls i.e. em0xxx_64.dll are compiled with CFG. Granted they only exist in equi.exe I believe, but that is not a protected process like ekrn.exe. Additionally, none if Eset's drivers are complied with CFG. Edited June 16, 2017 by itman Quote Link to comment Share on other sites More sharing options...
Wolf Igmc4 6 Posted July 2, 2017 Share Posted July 2, 2017 Another suggestion: We all know that we can change the settings to predeterminated, but we are forced for do this for all the settings. Ok, instead of this, Eset could add a button to do this in all sections of the settings (Antivirus, firewall, etc.). Quote Link to comment Share on other sites More sharing options...
TomFace 539 Posted July 2, 2017 Share Posted July 2, 2017 (edited) 38 minutes ago, Wolf Igmc4 said: Another suggestion: We all know that we can change the settings to predeterminated, but we are forced for do this for all the settings. Ok, instead of this, Eset could add a button to do this in all sections of the settings (Antivirus, firewall, etc.). It's possible to reset certain sections to default today. Click on reverse arrow. (I use ESS) Edited July 2, 2017 by TomFace Quote Link to comment Share on other sites More sharing options...
Wolf Igmc4 6 Posted July 2, 2017 Share Posted July 2, 2017 58 minutes ago, TomFace said: It's possible to reset certain sections to default today. Click on reverse arrow. (I use ESS) Oh thanks! I didn´t see it Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted July 2, 2017 Share Posted July 2, 2017 (edited) 59 minutes ago, TomFace said: It's possible to reset certain sections to default today. Go into each sub-section. For example, real-time protection. The "curved arrow" default setting option is there for it in Smart Security. Edited July 2, 2017 by itman Quote Link to comment Share on other sites More sharing options...
UKUser 0 Posted July 10, 2017 Share Posted July 10, 2017 Allowing user interface to be resized would be good... Quote Link to comment Share on other sites More sharing options...
Azure Phoenix 11 Posted July 13, 2017 Share Posted July 13, 2017 Improve compatibility with SUA accounts. Discussion (And how reproduce issue): https://forum.eset.com/topic/12197-is-eset-compatible-with-standard-user-accounts/?do=findComment&comment=61708 Thanks Quote Link to comment Share on other sites More sharing options...
Super_Spartan 56 Posted July 26, 2017 Share Posted July 26, 2017 Another suggestion, I was using Emsisoft Anti-Malware for a while and I love how easy it is to whitelist/exclude files with it. The reason it's easier in EAM is because once you exclude a certain file or folder, the next time you open the exclude button, it automatically navigates to the last folder you were in. so let's say I went to C:\Program Files, then selected a folder to exclude, the next time I open exclusions to browse for the file/folder I want to exclude, it automatically starts the navigation in C:\Program Files making it very easy to whitelist the folders of programs I definitely want to exclude rather than having to start navigating from the beginning and going to C:, then expanding it, then again expanding Program Files. Takes a lot of time when one has a lot of stuff he wants to exclude. Another way we can do it is to have a checkbox selection in the exclude window so one can exclude multiple folders and/or files at the same time Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted July 26, 2017 Share Posted July 26, 2017 (edited) 1 hour ago, Phoenix said: The reason it's easier in EAM is because once you exclude a certain file or folder, the next time you open the exclude button, it automatically navigates to the last folder you were in. I second this. I believe this current Eset HIPS behavior stated in ver. 9 when the Metro GUI was introduced much to many dislike of it. In ver. 8 as I recollect, the HIPS did remember what the last selected directory was in rule creation and auto navigated to it when adding a new application. Edited July 26, 2017 by itman Quote Link to comment Share on other sites More sharing options...
JoMos 2 Posted July 28, 2017 Share Posted July 28, 2017 Dear ESET Team, Following feature would be nice in a future version: Description: Firewall rules cleanup of unnecessary / invalid entriesDetail: I've set my firewall filter setting to interactive mode, meaning that I can define for every program what the firewall should do. Over the time, you have entries in the firewall rule set about programs that are not existing on the computer anymore. A button for an automatic cleanup of those rules (delete all firewall rules that are pointing to applications that don't exist on the computer anymore) would make it easier to keep the firewall rule list tidy and it also benefits the administration of the rule set. Quote Link to comment Share on other sites More sharing options...
Claudiano 0 Posted August 31, 2017 Share Posted August 31, 2017 I love ESET, but one thing I miss is a behavior blocker, AV in today's times without a behavior blocker gets very vulnerable to 0 day malware and ransomware. I hope the ESET team has plans for this, thank you. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted August 31, 2017 Administrators Share Posted August 31, 2017 59 minutes ago, Claudiano said: I love ESET, but one thing I miss is a behavior blocker, AV in today's times without a behavior blocker gets very vulnerable to 0 day malware and ransomware. I hope the ESET team has plans for this, thank you. A behavior blocker would cause quite a lot of false positives or would bother the user to make a decision him/herself every while and then. Our aim is to keep ESET install-and-forget, without asking the users for an action. The more questions, the higher probability of wrong decisions and subsequent infection. ESET leverages a handful of advanced technologies explained at https://www.eset.com/int/about/technology/ to achieve maximum protection without nagging the user or causing false positives. Claudiano 1 Quote Link to comment Share on other sites More sharing options...
Wolf Igmc4 6 Posted August 31, 2017 Share Posted August 31, 2017 26 minutes ago, Marcos said: A behavior blocker would cause quite a lot of false positives or would bother the user to make a decision him/herself every while and then. Our aim is to keep ESET install-and-forget, without asking the users for an action. The more questions, the higher probability of wrong decisions and subsequent infection. ESET leverages a handful of advanced technologies explained at https://www.eset.com/int/about/technology/ to achieve maximum protection without nagging the user or causing false positives. Eset Live Grid know lot of programs to avoid false positives, so a behavior blocker isn´t a bad idea... Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted August 31, 2017 Administrators Share Posted August 31, 2017 9 minutes ago, Wolf Igmc4 said: Eset Live Grid know lot of programs to avoid false positives, so a behavior blocker isn´t a bad idea... There are tons of legitimate files that would appear suspicious to LiveGrid because of low age or count. It could be custom applications made for and used by particular companies or new versions of legitimate software after the release. Quote Link to comment Share on other sites More sharing options...
Wolf Igmc4 6 Posted August 31, 2017 Share Posted August 31, 2017 33 minutes ago, Marcos said: There are tons of legitimate files that would appear suspicious to LiveGrid because of low age or count. It could be custom applications made for and used by particular companies or new versions of legitimate software after the release. In my opinion, I'd rather sacrifice usability for security, but you are right Quote Link to comment Share on other sites More sharing options...
Claudiano 0 Posted August 31, 2017 Share Posted August 31, 2017 2 hours ago, Marcos said: Um bloqueador de comportamento causaria muitos falsos positivos ou incomodaria o usuário tomar uma decisão a si mesmo a cada momento e depois. Nosso objetivo é manter ESET instalar e esquecer, sem pedir aos usuários uma ação. Quanto mais perguntas, maior probabilidade de decisões erradas e infecção subseqüente. O ESET aproveita um punhado de tecnologias avançadas explicadas em https://www.eset.com/int/about/technology/ para obter a máxima proteção sem irritar o usuário ou causar falsos positivos. It was proved then then we will not see a behavior blocker in ESET products, since the idea is to preserve usability without user intervention so. We only have to respect and trust ESET so, since you know better than us about security, thank you very much for the attention, Marcos, here is one of the few forums that reassess the customer is treated with respect, of the taste participate here , Since the doubts are always clarified, thanks again and always success for our dear ESET. Quote Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted September 1, 2017 Most Valued Members Share Posted September 1, 2017 20 hours ago, Wolf Igmc4 said: In my opinion, I'd rather sacrifice usability for security, but you are right It's the tricky part of security. Balancing security with ease of use. Make something too sensitive and you end up blocking too much and causing issues for non technical users Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.