Scheduled Scans

[Marcos 5,074]

Description: ESET Smart Security V9 support for Japanese language

Detail: Currently live installer of ESS V9 isn't supporting Japanese. Hope its translation will be completed soon. I'm testing ESS V9 and almost satisfied except for this issue(may be addressed in future), and I'll definitely recommend ESET products to my friends when Japanese edn will be available  Cheers!

 

ESET products have been available in Japanese since v2 which was released in 2002. You should be able to download it from our Japanese partner www.canon-sol.jp who has exclusive rights for distribution of ESET's products in your country.

[breezyhill 0]

 

Description: ESET Smart Security V9 support for Japanese language

Detail: Currently live installer of ESS V9 isn't supporting Japanese. Hope its translation will be completed soon. I'm testing ESS V9 and almost satisfied except for this issue(may be addressed in future), and I'll definitely recommend ESET products to my friends when Japanese edn will be available  Cheers!

 

ESET products have been available in Japanese since v2 which was released in 2002. You should be able to download it from our Japanese partner www.canon-sol.jp who has exclusive rights for distribution of ESET's products in your country.

 

 

Thanks for your reply Marcos. The latest ESS in Japanese is V8.0.304 (not 319) and that has some translation glitches. I can't update to 8.0.319 because it hasn't been released yet by the distributor. V9 isn't available for now as well. Kind of frustrating because it takes a bit more time till I can recommend to others

[Marcos 5,074]

The Japanese distributor releases product updates with a bigger delay as they must pass their strict QA testing in addition to QA testing performed by ESET HQ. There's no need to hurry with upgrade to v9 anyways, at least not before the upcoming service build which will address issues reported by users so far.

 

As for the garbled string in your screen shot, I wonder if you could post another one where the ESET window would be completely visible. Without it it's hard to figure out the problematic string.

[mkataro 0]

Description: have option to remove notification from parent control not configured.

Detail: I use parental control on myself so that it can filter my google results. as a result it is constantly orange and my eset home screen is orange. I use eset smart security 9 on windows 10.

 

thanks.

Massimo

[mkataro 0]

Request: keep the emergency system rescue disk windows base.

Detail: I have 2 raid 0 drives and linux doesnt detect more then one raid volume. I have a intel z97x chipset motherboard.

[cybot 1]

I would like to see, when implementing a major UI overhaul, an option to use the previous versions UI design, when I went from ESS 8 to ESS 9, I was a little disoriented by the UI change, and still find the new UI more clunky and more difficult to navigate than ESS 8's simpler UI

[shocked 60]

I would like to see, when implementing a major UI overhaul, an option to use the previous versions UI design, when I went from ESS 8 to ESS 9, I was a little disoriented by the UI change, and still find the new UI more clunky and more difficult to navigate than ESS 8's simpler UI

actually it's the same thing

[stackz 112]

In HIPS File Operations - the ability to Block file read for specific applications like cmd.exe, rundll32.exe, regsvr32.exe etc

[shocked 60]

blocking the read attribute of those files will prevent even the most critical functions of Windows OS

[stackz 112]

blocking the read attribute of those files will prevent even the most critical functions of Windows OS

This is about being able to block selected applications reading data from folders that I select.

i.e. being able to prevent batch file, js, vbs execution from typical malware user space folders.

[cybot 1]

 

I would like to see, when implementing a major UI overhaul, an option to use the previous versions UI design, when I went from ESS 8 to ESS 9, I was a little disoriented by the UI change, and still find the new UI more clunky and more difficult to navigate than ESS 8's simpler UI

actually it's the same thing

 

 

what do you mean it's the same thing? there is a clear difference in the UI of ESS7, 8 and ESS9

[... 1]

In interactive mode, when incoming connections/requests are received, ESET does an initial determination of whether the connection should be allowed, or not, and pops up the GUI as either green (should be safe) or red (likely unwanted). From that GUI pop-up, clicking on "Show advanced options" (bottom-left) displays a "Custom rule" button. Clicking on that button brings up the "Edit rule:" dialog box, pre-populating it with information from the incoming request. However, it appears the dialog box always pre-populates with "Allow", even when the GUI had determined the connection was likely unwanted (i.e., was red). It would be great if the custom rule dialog box would default to "Allow" if the GUI was green, and would default to "Deny" if the GUI was red, instead of always defaulting to "Allow".

[cutting_edgetech 25]

It would be nice to see Eset incorporate a Behavior Blocker into their products. If something slips through then the behavior blocker can help detect the malware when it executes. They could have the feature disabled by default if they are worried about it causing false positives when being tested by independent test organizations.

[SweX 871]

It would be nice to see Eset incorporate a Behavior Blocker into their products. If something slips through then the behavior blocker can help detect the malware when it executes. They could have the feature disabled by default if they are worried about it causing false positives when being tested by independent test organizations.

 

hxxp://www.eset.com/int/about/technology/#advanced-memory-scanner

"Advanced Memory Scanner complements Exploit Blocker, as it is also designed to strengthen protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation and/or encryption. This causes problems with unpacking and can pose a challenge for common anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of malicious processes and scans them once they decloaks in the memory. This allows for effective detection of even heavily obfuscated malware. Unlike Exploit Blocker, this is a post-execution method, which means that there is a risk that some malicious activity could have been performed already. However, it steps into the protection chain when everything else fails."

 

I assume you had something like Emsisoft's Behavior Blocker in mind when you made this request. Just wanted to mention the purpose of AMS and what it does.

 

hxxp://static3.esetstatic.com/fileadmin/Images/INT/Docs/Other/ESET-Technology-Overview.pdf

Edit: This PDF literally explains the ins and outs of the software itself and what happens behind the scene on the back-end systems. Every customer/user that is interested in this kind of geek information (it is very informative) should take time and read through the whole PDF.

Edited February 7, 2016 by SweX

[cutting_edgetech 25]

 

It would be nice to see Eset incorporate a Behavior Blocker into their products. If something slips through then the behavior blocker can help detect the malware when it executes. They could have the feature disabled by default if they are worried about it causing false positives when being tested by independent test organizations.

 

hxxp://www.eset.com/int/about/technology/#advanced-memory-scanner

"Advanced Memory Scanner complements Exploit Blocker, as it is also designed to strengthen protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation and/or encryption. This causes problems with unpacking and can pose a challenge for common anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of malicious processes and scans them once they decloaks in the memory. This allows for effective detection of even heavily obfuscated malware. Unlike Exploit Blocker, this is a post-execution method, which means that there is a risk that some malicious activity could have been performed already. However, it steps into the protection chain when everything else fails."

 

I assume you had something like Emsisoft's Behavior Blocker in mind when you made this request. Just wanted to mention the purpose of AMS and what it does.

 

hxxp://static3.esetstatic.com/fileadmin/Images/INT/Docs/Other/ESET-Technology-Overview.pdf

Edit: This PDF literally explains the ins and outs of the software itself and what happens behind the scene on the back-end systems. Every customer/user that is interested in this kind of geek information (it is very informative) should take time and read through the whole PDF.

 

Sorry for the late reply.  I have not been on the forum in a while. I didn't think I was going to get a reply to my post. Thank you for the .pdf manual. I will have to look more at AMS, but I don't think it is the same as something like Emsisoft's BB. Marcos said AMS only triggers a memory scan here. https://forum.eset.com/topic/5283-behavior-blocker/So the question is if it only triggers a memory scan then is it only looking for already blacklisted executables.

[itman 1,659]

 

 

It would be nice to see Eset incorporate a Behavior Blocker into their products. If something slips through then the behavior blocker can help detect the malware when it executes. They could have the feature disabled by default if they are worried about it causing false positives when being tested by independent test organizations.

 

hxxp://www.eset.com/int/about/technology/#advanced-memory-scanner

"Advanced Memory Scanner complements Exploit Blocker, as it is also designed to strengthen protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation and/or encryption. This causes problems with unpacking and can pose a challenge for common anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of malicious processes and scans them once they decloaks in the memory. This allows for effective detection of even heavily obfuscated malware. Unlike Exploit Blocker, this is a post-execution method, which means that there is a risk that some malicious activity could have been performed already. However, it steps into the protection chain when everything else fails."

 

I assume you had something like Emsisoft's Behavior Blocker in mind when you made this request. Just wanted to mention the purpose of AMS and what it does.

 

hxxp://static3.esetstatic.com/fileadmin/Images/INT/Docs/Other/ESET-Technology-Overview.pdf

Edit: This PDF literally explains the ins and outs of the software itself and what happens behind the scene on the back-end systems. Every customer/user that is interested in this kind of geek information (it is very informative) should take time and read through the whole PDF.

 

Sorry for the late reply.  I have not been on the forum in a while. I didn't think I was going to get a reply to my post. Thank you for the .pdf manual. I will have to look more at AMS, but I don't think it is the same as something like Emsisoft's BB. Marcos said AMS only triggers a memory scan here. https://forum.eset.com/topic/5283-behavior-blocker/So the question is if it only triggers a memory scan then is it only looking for already blacklisted executables.

 

The equivalent to Emsisoft's behavior blocker in Eset is advanced heuristics using DNA signatures with internal sandboxing. It is part of the Threat Sense real-time engine. As far as which is more effective, only testing with some previously unknown malware will determine that.  

[Marcos 5,074]

Sorry for the late reply.  I have not been on the forum in a while. I didn't think I was going to get a reply to my post. Thank you for the .pdf manual. I will have to look more at AMS, but I don't think it is the same as something like Emsisoft's BB. Marcos said AMS only triggers a memory scan here. https://forum.eset.com/topic/5283-behavior-blocker/So the question is if it only triggers a memory scan then is it only looking for already blacklisted executables.

 

Your assumption is wrong. A memory scan serves to discover malicious code already unpacked in memory which means that otherwise protected executables on a disk may not be detected by other scanners. It's a common technique to evade detection by just improving the packer while the malicious code beneath the envelope remains more-less same. This is when memory scan or AMS comes into play.

[hazardass 3]

Description:  A few suggestions to make the Firewall rules list more user-friendly, again. 
 

Detail:  Up until (and including) version 8 the rules list had the following useful features which are now missing in v.9:

 

- "Detailed view" was available where the list could be sorted by various categories, most importantly by name and date modified.  Detailed view is gone in v.9 for not apparent reason, and so the list cannot be sorted anymore.  Please either bring back Detailed view with sorting, OR enable sorting in the main rules list.

 

- Program icons were shown next to each application name.  The icons made the list very easy to browse and made all safe applications easy to identify.  Icons have been removed in v.9.  Please bring back program icons in the list.

 

-  The application column in v.9 shows the full directory path, and the app name at the very end of it.  This makes the rules list even more difficult to read.  The whole thing is just a big blob of text, very tedious to go through.  I have to extend the app name column, scroll to the end of the line and find the actual app name at the end of the path.  In version 8 only the app name was shown, and the full path was displayed as a tooltip when scrolling over the app name.  That was much more user-friendly.  Please either use a tooltip for the path, or create a separate column for the path. 

 

- The column width is reset every time I enter the rules list.  I have to extend the application name column every time in order to read the name.  This is especially hard with the long path name shown in that column.  Up until v.8 ESET remembered the column widths and it did not reset them every time the list was opened.  Please let ESET save the column width settings.

 

The list in version 8 worked well and it didn't need 'fixing' since it wasn't broken.  I understand the need to modernize the GUI once in a while, but that really doesn't mean just gutting a bunch of useful features and replacing them with a 'search' button (the magnifier glass icon in the top right corner), which is not a replacement for all the things I mentioned above.  The search is useful, but most of the time I do not need to search for a specific application.  Instead, I regularly go through the entire list to remove any outdated entries and look for anything that may seem suspicious, or revise the list for whatever reason.  That's very difficult to do in version 9. 

 

I'm not asking for any new features, all I'm asking is bring back the user-friendly list style from previous versions, or give us an alternative, instead of just gutting the user-friendly sortable list. 

 

Thank you for your consideration.

 

 

EDIT:

 

- Another feature that's been removed, that was present in the Detailed View in v.8, was the green / red arrow-icon identifier for 'allowed' and 'denied' inbound or outbound traffic.  This allowed me to very easily identify all blocked and non-blocked programs in the list.  All this color-coding was very convenient.  I don't understand why it has been removed. 

 

For comparison:

 

v.8  hxxp://s5.postimg.org/akn0j22yf/ESET_rules_list_v8.png

 

v.9  hxxp://s5.postimg.org/45nzmdw8n/ESET_rules_list_v9.png

Edited February 21, 2016 by hazardass

[Seth 2]

Description:  A few suggestions to make the Firewall rules list more user-friendly, again. 

 

Detail:  Up until (and including) version 8 the rules list had the following useful features which are now missing in v.9:

 

- "Detailed view" was available where the list could be sorted by various categories, most importantly by name and date modified.  Detailed view is gone in v.9 for not apparent reason, and so the list cannot be sorted anymore.  Please either bring back Detailed view with sorting, OR enable sorting in the main rules list.

 

- Program icons were shown next to each application name.  The icons made the list very easy to browse and made all safe applications easy to identify.  Icons have been removed in v.9.  Please bring back program icons in the list.

 

-  The application column in v.9 shows the full directory path, and the app name at the very end of it.  This makes the rules list even more difficult to read.  The whole thing is just a big blob of text, very tedious to go through.  I have to extend the app name column, scroll to the end of the line and find the actual app name at the end of the path.  In version 8 only the app name was shown, and the full path was displayed as a tooltip when scrolling over the app name.  That was much more user-friendly.  Please either use a tooltip for the path, or create a separate column for the path. 

 

- The column width is reset every time I enter the rules list.  I have to extend the application name column every time in order to read the name.  This is especially hard with the long path name shown in that column.  Up until v.8 ESET remembered the column widths and it did not reset them every time the list was opened.  Please let ESET save the column width settings.

 

The list in version 8 worked well and it didn't need 'fixing' since it wasn't broken.  I understand the need to modernize the GUI once in a while, but that really doesn't mean just gutting a bunch of useful features and replacing them with a 'search' button (the magnifier glass icon in the top right corner), which is not a replacement for all the things I mentioned above.  The search is useful, but most of the time I do not need to search for a specific application.  Instead, I regularly go through the entire list to remove any outdated entries and look for anything that may seem suspicious, or revise the list for whatever reason.  That's very difficult to do in version 9. 

 

I'm not asking for any new features, all I'm asking is bring back the user-friendly list style from previous versions, or give us an alternative, instead of just gutting the user-friendly sortable list. 

 

Thank you for your consideration.

 

 

EDIT:

 

- Another feature that's been removed, that was present in the Detailed View in v.8, was the green / red arrow-icon identifier for 'allowed' and 'denied' inbound or outbound traffic.  This allowed me to very easily identify all blocked and non-blocked programs in the list.  All this color-coding was very convenient.  I don't understand why it has been removed. 

 

For comparison:

 

v.8  hxxp://s5.postimg.org/akn0j22yf/ESET_rules_list_v8.png

 

v.9  hxxp://s5.postimg.org/45nzmdw8n/ESET_rules_list_v9.png

 

Yes I agree. Please ESET add this.

[tagwolf 0]

Automatic Rule Consolidation

• Automatically consolidate / composite rules which offer the same allow permissions but for different files, paths, functions, etc.
• Each executable should fit into ONE rule per allow / deny type.
• This would make users MUCH safer by actually being able to audit their HIDS and Firewall rules.
• If a DENY rule negates an ALLOW rule, disable / delete the ALLOW.
• Allow users to see how rules are going to be composited and allow them the option to keep individual rules
• This would prevent having 1000+ rules are 1 week of learning mode. Some of my install exe's have literally 20 rules that are duplicate!
• I currently had to write a script to do this to an exported XML ruleset. I then re-import.
• Wildcard paths, IP's, registry paths, etc. To further consolidate rules.
  • Example, allow Setup.msi Access to Registry on HKEY_LOCAL.../Application/installer/*, and Write,Delete on C:/temp/*.ex_ (One rule, two at most to do something like this.
• Perform intelligent allow/block based on current operation and user choice.
  • Something like a SMART ALLOW button which allows This processes and all CHILD processes that spawn from this an ALLOW TIL QUIT (For installers) or an ALLOW AND ADD SMART RULE for launching new applications.
  • Having the Allow/Block pop up literally 90 times during an install or a first time application launch and adding just as many rules is not fun or encouraging security.
• REGEX Matching in rules

Rule Sorting by Column

• The current column headers do not appear to function.
• Should be able to sort rules by name, path, port, etc.

Rule Window Resizable

• I currently cannot resize my rule window.
• When you have 1000+ rules (see above), it makes it impossible to sort or audit them.

Edited March 12, 2016 by tagwolf

[SCR 195]

In the next release of ESS (V10x I assume) I would like to see the GUI go back to something similar to v8x. The GUI is not something I normally get overly concerned with but v8 was much easier to use then v9x. Specifically the "firewall rules" screen which in v9 is just not easy to use at all.

Edited March 12, 2016 by SCR

[Navara 2]

Description: Return of colors in GUI

 

Detail: Recent version of GUI is sad black-and-white with rare occurence of turquoise or lime.

We got monitors, tablets,... with millions of colors and yet software uses only 2-4 of them.

It brings deppression and sadness to use it.

[SweX 871]

In the next release of ESS (V10x I assume) I would like to see the GUI go back to something similar to v8x. The GUI is not something I normally get overly concerned with but v8 was much easier to use then v9x. Specifically the "firewall rules" screen which in v9 is just not easy to use at all.

Also, I may be a nice pale person   but I really wish there was a bit more colors in the GUI here and there. It is so white/grey/pale in its current state. Well, except the "home" screen where the ESET robot is where we have a bit blue and green. But I want nothing extreme and/or sharp color contrasts, that would be even more annoying/worse compared to its current look.

Edited March 14, 2016 by SweX

[toxinon12345 32]

Description: counting of "OFF/stopped" items

Detail: I would like to see counting of "Permanently disabled" items at "Setup Pane".

Also with no-color always. (Black and white)

something similar to this, but in that case would be a '3' in Black/white

https://forum.eset.com/uploads/post-6339-0-20654900-1457971762.png

Edited March 15, 2016 by toxinon12345

[cybot 1]

In the next release of ESS (V10x I assume) I would like to see the GUI go back to something similar to v8x. The GUI is not something I normally get overly concerned with but v8 was much easier to use then v9x. Specifically the "firewall rules" screen which in v9 is just not easy to use at all.

 

I made a very similar post on this thread too saying the sating the same thing so.... +1