Scheduled Scans

[peteyt 394]

Description: change the way update is displayed when installing or updating to a newer version

Detail: when updating to a newer version via the live installer the latest updates are downloaded. The user will be alerted after installation that an update has not been ran yet. However if they run the updater and already have the latest updates as no update has been ran the alert telling the user no update has been ran will remain.

I have seen many confused by this not realising they already have the latest version. This alert should be either removed or reworded into a way that lets them know that they have the current version

[MasterTB 8]

PLEASE, add Opera to the list of compatible Browsers for the Banking & Payment Protection module.

It uses the Chrome (ENGINE) Browser and It's far better than Chrome, Firefox or IE.

Thanks.

Edited March 15, 2018 by MasterTB

[EnjoyBoast 1]

macOS network firewall (pf) -- GUI in Cyber Security Pro

 

Many ESET customers will be using Virtual Private Networking services. Cyber Security Pro includes an application firewall but not a network firewall. The latter is important to stop packets travelling outside the tunnel. It just so happens that macOS includes a powerful network firewall, called pf (for packet filter), that Apple brought from OpenBSD via FreeBSD. There is no operating system-included GUI to make it easy for novices to configure. Some third party front ends to pf exist, like Murus, but if ESET included its own, that would be a very powerful statement about its seriousness in helping customers to achieve sound security.
 

[brynn 0]

Hi Friends,

This is more of a complaint about a (new?) feature, than a suggestion.  But I guess I could make a suggestion as a summary to the complaint.  (Note that I have not read the previous 30 pages of messages in this topic.  I was just referred here as the best place to provide feedback about the program.)  I'm using ESET SS 11.0.159.0, Windows 7 Pro, 64-bit

A few months ago, I got an alert from WinPatrol that something wanted to install a new startup program.  Since I had not downloaded anything, and couldn't find any reason for it, I used WinPatrol to block it.  Since it claimed to be from ESET (a commandline interface), I contacted ESET support to find out if it was legitimate.  After an extended back and forth (via email), I was told about this feature which is installing program upgrades, apparently a little bit at a time, instead of just putting out a whole new version.  (Advanced Setup > Update > Profiles > Update Mode > Application Update)

I don't really know how long this has been going on, that I've been getting upgrades in bits and pieces, but this commandline interface is the first time I was aware of it.

It's not necessarily this feature that I object to.  It's (1) the fact that the option for it was enabled by default, without the knowledge or consent of the user, and (2) that these upgrade/updates are installing features without telling me what they are, or asking me if I want them.  Effectively, ESET SS is behaving exactly like the malware which it is supposed to be protecting me against.  Even after these few months, which I gave myself to let the idea sink in, I still find it shocking.  In the moments when I get over the shock, the anger starts bubbling through.  This is one of those times when I have to wonder "What were they thinking?" when they came up with this idea.  And I guess the management which approved it must have been asleep at the switch!

My suggestion would be, when you send through these updates, that you either send an email notification first, or some sort of notification pops up on the screen when the update comes through, so that the user is allowed to learn about what new features are being offered, and make a decision about whether they want to enable it.  And then the upgrade/update does not get installed until the user OKs it.

Of course, judging by the frequency these upgrade/updates are coming through (since I enabled the yes/no notification) this would be an incredibly disruptive to the work week.  So that leads me to think the best idea would be to use the traditional way of upgrading a program.  Just put out a whole new version, so users can read about them ahead of time, and know what they're getting and decide what to enable or disable, and choose when they want to install it.  To my way of thinking, this is a much more reputable way of doing business with computer programs -- especially internet security suites -- than sneaking in features without the users' knowledge or consent. 

Note that I'm sure you don't intend to be sneaking, but that's what it looks like and feels like.

Thanks for listening 

[itman 1,707]

1 hour ago, brynn said:

A few months ago, I got an alert from WinPatrol that something wanted to install a new startup program.  Since I had not downloaded anything, and couldn't find any reason for it, I used WinPatrol to block it.  Since it claimed to be from ESET (a commandline interface)

The only startup program via registry means I am aware of is for the Eset GUI desktop taskbar icon as show in the below screen shot. It has been so as long as I have been using Eset.

I suggest you download SysInternals Autoruns which will show you all possible startup locations which processes can run from:

Edited March 28, 2018 by itman

[brynn 0]

Yes, that's exactly the startup program which was trying to be installed.  I didn't think it was necessary to identify it for you, since it's only marginally relevant to my complaint.  That part is not a mystery.

The mystery, at least for me, is the reason for putting through upgrades - especially of this level of significance, which are coming through, without the knowledge or consent of the user.  I don't understand the reason for being so stealthy about it -- especially for a security program! 

(yes, another one just tried to come through a couple of hours ago -- I haven't been counting, but I'd guess approx the 8th one, since I found out about it) (of course I have no idea what they are or what they do -- NO ONE does, except for developers and probably management) (so they're blocked, until I can find out what they are or do)

Edited April 1, 2018 by brynn

[Marcos 5,143]

ESET, like many other applications, installs in the system and makes the necessary modifications to the registry and run keys to ensure that it's started automatically. When performing upgrade, it basically consists of uninstallation of the former version and installation of a new one, ie. registration is performed again.  There's absolutely nothing stealthy about this.

[brynn 0]

Well as I said before, I don't think you intend for it to be stealthy.  But it seems that way to me.  I might be just now finding out about this, but it represents a significant change to me.   And one which I would have liked to know about beforehand.

I just found this page:  hxxp://help.eset.com/eis/11/en-US/idh_page_update.html

Is that what this is?  ESET is providing regular updates like Windows does?  (omg)

I just found Show All Modules.  It looks like these updates have been coming through since....wow, 2 years!  It looks like only the last few months they are coming so frequently.

You know, it used to be the Update window allowed you to configure or initiate virus definition updates.  But now it looks like it's been "re-purposed" to handle program updates.  So far, I can't find where to handle the virus definition updates anymore.  Where can I manage those updates now?

[Hpoonis 7]

I had a power outage at home and when power was restored my bios clock had reset. The date difference causes Smart Security, etc to flag all websites, certificates, etc as invalid. It took me some clicks to realise it was the clock that was the problem. However, now a few sites do not show images or comments, etc as I had blocked a few things which looked suspicious and ESET declared were invalid/unknown certificates but were not.

It would be a good idea to clearly indicate that the clock may be the problem (time synchronisation). This surely cannot be a problem to achieve if the ESET software can figure out that a datestamp for a certificate may be out of synch.

As an aside, how do I now fix the blocked links I previously clicked?

[Marcos 5,143]

26 minutes ago, Hpoonis said:

As an aside, how do I now fix the blocked links I previously clicked?

Try clearing browser's cache. Please do not report issues in this "Future changes..." forum since this is intended only for posting suggestions for future versions.

[jems 4]

separate scans for  - a vulnerability scan AND a root-kit scan - ala - KTS

[mar122999 1]

Description: UI Overhaul to consolidate settings and make them easier to access

Detail: Settings in the newer ESET versions are more difficult to find. Previous versions of ESET (I believe around ESET 8 and under) were simpler to navigate. Thanks for your time  

Edited May 10, 2018 by mar122999

[persian-boy 22]

Hello,
Pls, add DNS cache history(ipconfig /displaydns)/ARP entries/Windows Routing Table/ recently modified+accessed files and shimcache to SysInspector.Ty.

Edited May 19, 2018 by persian-boy

[nexon 8]

Please add virtual keyboard for entering password on screen with mouse on vritual keyboard.

[Marcos 5,143]

1 hour ago, nexon said:

Please add virtual keyboard for entering password on screen with mouse on vritual keyboard.

Keystrokes are already scrambled in a secure browser to prevent keyloggers from stealing what you type.

[itman 1,707]

Add a column showing PID number in the following logs after the noted existing log column headings:

1. HIPS - Application

2. Network - Source

This is necessary to properly identify the origin for multiple same process occurrences such as svchost.exe. 

[persian-boy 22]

Add new option in the firewall to block all network connections when the screen saver is running.

[Clark T 3]

Description: A Quick-Scan to scan the most important files.

Detail: A Quick-Scan to scan registry, startup files, rootkit scan etc. and the most threatened folders.

I know this is done in the background of ESET Internet Security, but I would find it useful to have a Quick-Scan button for this.

[Samet Chan 2]

Add - Dark Mode on ESET Nod32 would be great.

[persian-boy 22]

On 7/8/2018 at 5:40 PM, persian-boy said:

block all network connections when the screen saver is running.

Eset any feedback on this? isn't useful? pls.

[Marcos 5,143]

8 hours ago, persian-boy said:

Quote

block all network connections when the screen saver is running.

Eset any feedback on this? isn't useful? pls.

First of all, this topic serves for gathering various ideas from users and we normally do not confirm or deny whether a particular idea will be accepted and implemented. In this case, I for one, don't see any real use case for blocking network communication when the screen saver is active.

[nexon 8]

58 minutes ago, Marcos said:

First of all, this topic serves for gathering various ideas from users and we normally do not confirm or deny whether a particular idea will be accepted and implemented. In this case, I for one, don't see any real use case for blocking network communication when the screen saver is active.

I agree with Marcos...

[itman 1,707]

Add option to realtime scanner to block obfuscated Powershell scripts. Option would be dependent upon Win 10 AMSI option enabled in the Eset GUI.

Justification

Microsoft added a like mitigation in the form of a Windows Defender Exploit Guard ASR mitigation effective with Win 10 1709. ASR mitigations are only effective if Windows Defender is enabled as the realtime scan engine.

Further justification is Eset's failure to detect malware in highly obfuscated PowerShell script in a Malware Research Group ad hoc test: https://www.mrg-effitas.com/research/current-state-of-malicious-powershell-script-blocking/

[Guest]

Microsoft has patched Windows to check if there is a vulnerability in Intel MEI firmware. E.g. event id 1794 is for CVE-2017-15361 but windows in not notifying users to check for bios updates. The latest MEI issues are also logged in event viewer.

I think it would be a nice feature for eset to read out these event ids and notice (advanced) users about such firmware vulnerabilities.

Edited July 15, 2018 by timse201

[MaximilianoNah 1]

Description: Running this app sandboxed
Detail: Use sandbox technology to run applications that we decide, using contextual menu and list of "always run sandboxed" (just like Comodo Internet Security).