Future changes to ESET Internet Security and ESET Smart Security Premium

[Trauko 3]

I use HIPS "Smart Mode" Plus some manually added basic Reg Protection rules set to "Ask". The issue is when I found a confirmed malicious activity coming from an infected process. And I am asked by HIPS to allow or block this activity, I can perfectly deny it. But it does not mean that the malicious process wil be terminated and move to quarantine, so it won't be able to start again.

In this picture the option if selected, would end and quarantine the pcoess "clt.exe".

Edited October 8, 2014 by Trauko

[Marcos 4,609]

The biggest problem with eset is the HIPS the way it's setup by default it doesn't do anything and it does not provide any zero day protection this problem has been there with eset since versions 5,6,7,8 please fix this.

 

Smart mode in HIPS is indeed what you're looking for. By default, internal self-defense HIPS rules have always blocked potentially dangerous operations. HIPS is not a magic thing that would block 100% of malicious operations and no legitimate operations.

[cohbraz 0]

Feature Request:

 

I think it would be great if we could locate a device without having to mark it as lost or stolen. This would allow us to be able to look at the location of the device on a map without having to lock it.

 

Usage Example: Sometimes I have to drive good distances for work, and my wife would like to check on my progress coming home. It would be easier for her to be able to look at the location of the phone on-line without it being locked. 

[rugk 397]

Feature Request:

 

I think it would be great if we could locate a device without having to mark it as lost or stolen. This would allow us to be able to look at the location of the device on a map without having to lock it.

 

Usage Example: Sometimes I have to drive good distances for work, and my wife would like to check on my progress coming home. It would be easier for her to be able to look at the location of the phone on-line without it being locked. 

Sorry, but this is not the sense of ESET Anti-Theft.

[cohbraz 0]

 

Feature Request:

 

I think it would be great if we could locate a device without having to mark it as lost or stolen. This would allow us to be able to look at the location of the device on a map without having to lock it.

 

Usage Example: Sometimes I have to drive good distances for work, and my wife would like to check on my progress coming home. It would be easier for her to be able to look at the location of the phone on-line without it being locked. 

Sorry, but this is not the sense of ESET Anti-Theft.

 

 

Maybe, but many other "anti-theft" services from other AV vendors provide this functionality that I suggested ESET adopt. 

Locking the device would still be an option, and could work just as it does now. This would just add the option to locate the device. 

[mark.fox7768 0]

Finally! eset you are catching up with zero day protecion by putting in smart mode in your HIPS for version 8 all you need to do now is improve it to make it more responsive and enable it by default.

Edited October 9, 2014 by mark.fox7768

[amir 1]

Wow

ESET smart security 8 is perfect

It is better than smart security 7 and other antivirus

Thank you

[User 11]

Version 8.0.304.X seems to be online now including additional languages.

[surfer1000 6]

I'd like to see a notification pop up when ESS is checking my email, I just like to see something to reassure me!

[thelastdreamer 1]

Description: Missing device crypting 

Hi i want to suggest you to add a option in your smart security system to be able in case which your laptop is stolen to be able to crypt(with a private key) all the sensitive info or even the erase them ex. crypt(document folder, pictures, desktop folders) or to let us to choose(when installing or later) which files we want to be crypted and all of that to be accesible via the my.eset.com as we already have the option in case of our device is missing to lock all the users accounts but this is not enought protection...thanks!

[amir 1]

Hello

Thank you for ESET smart security 8

Please add a sandbox to ESET smart security

Best regards

Edited November 8, 2014 by amir

[Arakasi 549]

Hello

Thank you for ESET smart security 8

Please add a sandbox to ESET smart security

Best regards

 

While agree with sandbox, i think the protection from ESET is stronge enough to not require it.

The primary customer base however, does not want ESET to switch to the bulky app embedded software protection like most, and i would stress the importance of that in relation to sandbox. I would ask for a web browser sandbox only.

Thanks

[rugk 397]

I think a sandbox as a stand-alone utility or something similar wouldn't be a bad idea.

 

Including the sandbox in ESS I think would require a large (internal) discussion before.

[hqsec 12]

Please add a sandbox to ESET smart security

 

I wouldn't like to see sandbox added to ESS. The product would become too bloated. Some applications (Chrome...) already have their own sandbox so another sandbox from Av would be unnecessary. 

Edited November 9, 2014 by hqsec

[King Kong 0]

Please include smart mode in firewall filtering mode which reduce pop-ups, example there is no need to ask user whether to block Windows own process eg. dashost, svghost......ect trying to connect to Akamai or Microsoft, or any other whitelisted apps from live grid, Norton has intelligent firewall. 

 

U can see PCMAG review about this too hxxp://www.pcmag.com/article2/0%2c2817%2c2469995%2c00.asp

[rugk 397]

Please include smart mode in firewall filtering mode which reduce pop-ups, example there is no need to ask user whether to block Windows own process eg. dashost, svghost......ect trying to connect to Akamai or Microsoft, or any other whitelisted apps from live grid, Norton has intelligent firewall.

You already opend a topic about this, so I think it's good to link it here: Suggest to include firewall smart mode

[rugk 397]

I'd like to link to two other suggestion I gave in different posts:

 

1.

Description: Increase the power of the protocol filtering by giving the possibility to block SSL v3 - and with that the so called Poodle Attack.

Detail: Recently there was found a new attack against the SSL (used for HTTPS e.g.) connection. This is the Poodle Attack.

It would be nice if ESET gives the possibility to block this attack with blocking SSL v3 communication. More information in this topic

 

2.

Description: Add the possibility for two product upgrade channels so you can get a new version directly after it was released.

Detail: I understand the reasons why you don't release product upgrades via the built-in "updater" instantly, but there should be a optional setting where you can change this (similar to the pre-release-updates of the VSD). More information in this topic

[SweX 871]

"Add the possibility for two product upgrade channels so you can get a new version directly after it was released."

 

But anyone that wants new releases ASAP can already get them if they want, by just visiting the website.

Having a second update channel for those that are, well, let's call them lazy, and don't have time navigating to the website....hmmm sounds like unnecessary work for ESET to me. I mean ESET shouldn't need to serve new versions on a silver plate like that, my answer is  -> "if you want it NOW then come and get it!"

 

IMO, users that want to get their hands on a new version ASAP (before a PCU release) they already know where to find it.

And the users that choose to wait, I don't think they are interested in using a PR update channel for new versions even if it existed.

 

One reason why new versions is released as PCUs a bit later is because they go through some serious internal testing before they are pushed out to every customer. Because once they are pushed out to the customers there is no simple way of going back.

[hqsec 12]

If people don't want to check about new releases on website they can use RSS to get info about new releases. Here are some feeds: hxxp://www.eset.com/us/rss/

You can subscribe to support news channel and get the info...

[rugk 397]

@hqsec

Good idea.

 

@SweX

Good arguments. However it would have been more useful if you would had posted this in the separate topic.

But I think the option is quite hidden, so already only the users who want get it ASAP find this option.

 

But it should be quite simple to implement and yes - maybe it's for the "lazy ones"...

Edited November 12, 2014 by rugk

[Utini 1]

 

Description: Live Grid execution blocker unless file is known safe.

 

It is quite rare that I of all people post feature requests or in this case request added functionality to a feature we already have.

 

But it's something I have thought about before, several times actually, that I believe could be useful for basically all above average users, and users that know how to respond to a prompt once in a while, would be a function that is found in some other products and that works with file info from the cloud in this case Live Grid. I guess you could say it works like a cloud based whitelist.

 

In ESET that could be a function like, unless the file we execute is "green/known safe" in Live Grid we would be prompted with a "allow, block, quarantine" popup notification.   

 

That means nothing that is not known safe "green tagged" in Live Grid will not be allowed to execute without that we allow it first.

 

Of course this should be a function having a checkbox like everything else that users can enable and disable. And it should not be enabled by default for obvious reasons. 

 

P.S 

Not to mix this up with file reputation / how many users have this file similar to -> "only 5 users have this file are you sure you want to allow the file to execute?" 

 

That is NOT my idea, so even if only 1 user have this file and it is "green tagged" known safe in Live Grid it will be allowed to execute just fine.

 

Thank You.

 

 

This !

[rugk 397]

... is a great idea!

 

(link to original post)

[Utini 1]

... is a great idea!

 

(link to original post)

 

Yep, today I did a few more tests with ESS and compared it to CIS (which is the product I used for the last 1-2 years):

 

ESS seems to have the better AV and HIPS compared to CIS. How ever, CIS has the advanted of blocking & notifying me for every "unknown" file that I execute. This way I get the chance to validate the file e.g. on virustotal. I will also be notified that this file might not be original (e..g. if I download ccleaner.exe but I get a block & notification, I will know this can't be the original ccleaner.exe).

 

In the end this little advantage of CIS gave better dedection & block results.

 

ESS has advantages over CIS (and other security produtcs) but I believe that one (major?) disadvantage is to not have an "online backround check" of apps.

[mar122999 1]

Description: Default Deny

Detail: Incorporate a default deny for people wanting rock hard protection. (EX: Kaspersky Trusted Application Mode and Avast Hardened Mode Aggressive).

[Marcos 4,609]

Description: Default Deny

Detail: Incorporate a default deny for people wanting rock hard protection. (EX: Kaspersky Trusted Application Mode and Avast Hardened Mode Aggressive).

 

Deny where? It appears only in interactive mode of firewall and HIPS but selecting Deny automatically would not only render interactive mode useless but would also cause too many troubles if every action/communication was denied without asking the user.