Future changes to ESET Internet Security and ESET Smart Security Premium

[VigenTests 6]

Thank you very much

I was wrong. I thought it only affected version "current" ^^

Thank you very much for that.

 

Have a nice day.

 

Vigen.

[rugk 397]

You're welcome.

 

BTW if you find a post helpful, you can give a kudo...

[VigenTests 6]

[VigenTests 6]

Does the toolbar "antispam"'ll be back soon in Thunderbird?

Much more convenient than "wasting time" in the product interface.

 

There had been a discussion there there's some time ago on the forum.

 

Vigen.

[Octavian 5]

I advice to be included in section ''Tools'' options connected with feedback. Users of Eset Smart Security to have possibility to express opinion and to make suggestions for future versions.

User opinion is important and the easiest way to share it is  directly through the program. 

[rugk 397]

Don't you think it's enough to ask for feedback in this forum?

Additionally you can already submit feedback through the contact form in the product. There is an option "Feedback".

Edited February 20, 2015 by rugk

[SweX 865]

ESET already have a small "problem" in that too many people submit what they think is malware via the in-built submission form, but what really is no malicious files at all, it's usually just "junk".

 

If they also were to include a "future changes" (purpose of this thread), in the GUI they would get loads of unnecessary suggestions all day long such as "hello, my computer is so slow, can you please add a system speedup function to make it faster ?"

 

No, doing that would be a big mistake and a waste of staff resources that would need to wade through all "ideas". Many users doesn't even know what the product is and how it works, they just read in a Mag that it was good so they installed it, or it got installed on their machine by a friend, technician, or someone knowledgeable that knows it's a good bloat free product. So how would these users know what type of features that fits in the program, they could submit all sorts of irrelevant product feature suggestions. And most users don't want the product flooded with new features in every new versions, they want it to stay small and slim.

 

Besides, people that actually are interested in ESET software already knows where they should go with their ideas and suggestion. 

 

And yes of course, all ESET users can express their opinion freely on the Internet if they like, but not through the program itself, it's not a chat client that we are using :-P.

Edited February 21, 2015 by SweX

[Octavian 5]

Don't you think it's enough to ask for feedback in this forum?

Additionally you can already submit feedback through the contact form in the product. There is an option "Feedback".

 

Option Feedback from contact section is present and can be placed at sigh, maybe in Tools.

Edited February 20, 2015 by Octavian

[rugk 397]

AFAIK the word number isn't limited. For a  support/feedback request this wouldn't be useful anyway...

[mar122999 1]

Not sure if this was mentioned: Rollback/journal feature similar to Webroot Secure Anywhere. 

 

How it works:

 

-Unknown file is detected > File gets journaled after install > if file is found bad at a later date, all changes the file made are reverted back and file is deleted/quarantined OR if file is found good, it is removed from journaling and added to good list.

[yongsua 16]

Not sure if this was mentioned: Rollback/journal feature similar to Webroot Secure Anywhere. 

 

How it works:

 

-Unknown file is detected > File gets journaled after install > if file is found bad at a later date, all changes the file made are reverted back and file is deleted/quarantined OR if file is found good, it is removed from journaling and added to good list.

 

Well, I would prefer Active heuristic and I believe ESET has implemented it. 

 

"Active heuristics are referred to by a variety of names by different vendors. Some call the technique “sandboxing”, others call it “virtualization” or “emulation.” In all cases the idea is to create a safe virtual environment, run the code to be inspected and watch the behaviors in order to assess risk." (Source:hxxp://static2.esetstatic.com/us/resources/white-papers/Understanding_Heuristics.pdf)

 

If any unknown infection is found, ESET will move or have a copy of that infected files after deletion into the quarantine. Based on what I know, ESET will rescan those infected files after every virus definition update by default. I, as a user, have my responsibility to ensure that the infected files in the quarantine are indeed infected and are not false positive detected files. If it is false positive, I could then safely restore back the file and let it execute freely, otherwise I would just delete it. Besides, I would also prefer ESET to detect the unknown infection before the infection could do any irreversible damage to my system, rather than journaling it and letting it execute freely. 

Edited March 6, 2015 by yongsua

[yongsua 16]

I would like to suggest that if the upcoming ESS could include PID for each process in the Rule and Zone editor as it would be much helpful for me to determine which svchost and the thread inside it is attempting to connect to Internet. Thank You.

 

 

As you can see from the above pic, I really have no idea which svchost is attempting to connect to the Internet. 

 

 

[Marcos 2,968]

I would like to suggest that if the upcoming ESS could include PID for each process in the Rule and Zone editor as it would be much helpful for me to determine which svchost and the thread inside it is attempting to connect to Internet. Thank You.

 

It makes no sense to display current PID for a process in the rule editor as it's different each time a process starts.

[yongsua 16]

Maybe ESS can be implemented with some sort of PID mapping or positioning system? Is it possible? Or at least the current PID is displayed on the interactive mode alert. Although PIDs vary each time a process starts but at least knowing the current PID can be helpful to identify which svchost and the thread that is attempting to connect to the Internet, which gives a chance to the user to initially jot down the threads or handles or DLLs involved by using basic dynamic analysis tool such as Process Explorer so that the user can just refer to the services or handles or DLLs involved from what the user has jotted down without referring to PID anymore and regardless how the PID varies.

Edited March 19, 2015 by yongsua

[rugk 397]

@yongsua

Yes, to show this in the interactive alerts/questions is a great and useful idea. I already had the issue that ESS showed "rundll.exe" is attempting to connect to a site (e.g. with OpenCandy) and I don't know which process it was, because there were running multiple instances.

Edited March 19, 2015 by rugk

[agasoft 0]

Hello,
I hope that developers will hear my voice.
I am Aleksandar, totally blind person. I used NOD32 from version 2.0/2.5, had a legal license too.

I am testing all available security solutions for home users, how they are accessible with screen readers, such as JAWS or NVDA.

I am now testing Eset Smart Security, and acording to my few days tests, I will suggest you and ask you for the following:

1. On the installation, turn back option to disable praphical user interface during installation. We can disable it later on settings, but, for the blind users, graphical user interface is not accessible with screen readers and keyboard.

2. Add our screen readers to exclusion list on Antivirus, firewall and HIPS, and on self defence too.

I encountering difficulties when I am using  JAWS with self defence, because JAWS wont anounce in settings does tree view is opened, or closed.

When I turn off self defence, JAWS reading everything properly.

3. I set HIPS to interactive mode, and its blocked screen reader too, and some applications, without asking what to do. I am ready to cooperate with you, to fix it for me.

4. Some sound alert when warning pops up will be welcome for us too.

You can contact me frely, I am ready to test upcoming versions with your team.

[rugk 397]

Well... AFAIK you can a also navigate with the keyboard in the graphical user interface. However for screen readers it may be more difficult to handle this graphical UI.

It's expectable that the screenreader could have problems with the self-defense. The self-defense is just doing their job and protecting access to egui.exe, so yes a rule is needed for this. No antivirus (in terms of scanning) exception and no firewall exception are needed as it should work without it, but a HIPS rule (which includes self-defense) is needed.

And ESS has a HIPS rule editor. However it's quite complex and may be difficult to use. On the other hand I don't think that ESET will add a pre-defined HIPS rule for all screen readers as such pre-defined rules could also be misused (e.g. if a malware imitates a screen reader). But if such a rule is configured once you should be able to let the self-defense (and HIPS) enabled and use ESS without problems with a screen reader.

 

As for HIPS interactive mode it could also be difficult as the interactive mode will block some actions of the screen reader and ask the user what to do. Probably with creating the necessary rules for the screen reader it could be solved, but apart from that I wouldn't recommend the interactive mode anyway as it will cause really many questions. If you still like to control your system you can enable the Smart mode, which will only trigger at suspicious events.

 

Sounds are currently played very rarely, but in situation where a threat is found or a on-demand scan is finished they are there. However an option to expand this sounds may be indeed useful.

[agasoft 0]

Maybe we can navigate with keyboard, but its not useful for us. If you remember, option to disable graphical interface existed in installations until version 5, I think.

I was not able to find, where to add rule specific to the self defence. I understand that its doing there job.

Firewall acception is needed, do the screen reader updates and some internet remote actions.

HIPS rules editor is not so complex to used, I am advanced user enough to handle it, just if the screen reader reading all to me, and if I can navigate with keyboard. I added all .exe and .dll files screen reader depending, but, I still have blocks in interactive mode.

Malware cannot imitate the screen reader, if Eset add in rules file signatures. Every screen reader file have a valid digital company signature, and I think that it will be hard for malware to take it off.

HIPS interactive mode, its really something because I came back to Eset.

Honestly, I am Outpost firewall fan, and HIPS working as I expected. Really many questions, yes, but just once, on the beginning.

I set firewall to interactive, too, and its working in Eset as expected. I am just curious, which firewall engine Eset using, if you know?

Fake, sounds are not played when threat found, in realtime protection module, which I also set to interactive.

No any antivirus will be my boss, and I wont to be slave, and I like take control of everything

Edited March 26, 2015 by agasoft

[rugk 397]

I don't know exactly about the installations, but did you used the live installer or the offline installer? The offline installer has more options and it could be that such an option is there too.

In automatic firewall mode this communication should automatically be allowed. As long as there is no incoming communication it should work fine.

Okay, if they can verify the authenticity of the screen reader then it could be possible.

Like I said I wouldn't use HIPS interactive mode. And if you exclude every EXE and DDL file then the automatic (or smart) mode without this rules may be even more secure.

Personally I like the smart mode quite well.

About the outpost firewall: If you'd like to use it you can do of course. However I would strongly recommend to only let 1 firewall enabled.

[agasoft 0]

Sure, I dont using Outpost firewall together with Eset, I just mentioned Outpost as HIPS working example. I like that I can use Eset HIPS on the same way. In Outpost exist option to exclude something just from self defence module, and its working perfectly there. I think that ESS is better then Outpost security Suite, because their antivirus is not so strong. I want to use ESS again, but currently cannot find a way to set HIPS as I need.

Also, I would recommend one more feature to Eset smart security. AD blocker. In Outpost, all ads are blocked, and I think that ESS deserve such useful protection.

[rugk 397]

No, please no adblocker. That's not a kind of protection... It protects you from such malicious apps?

There are a plenty other nice and free adblockers available online. So just choose your favourite one and use it. ESS doesn't need an adblocker. That would just bloating the product.

[agasoft 0]

I respect your thoughts. However, dont forget that some ads are really malicious. Finally, acording to your logic, eset should continue with Antivirus only, because exists a bunch of standalone firewalls, HIPS, antispam, and so on...

[rugk 397]

No if ads are really malicious then driveby-downloads or similar things of these ads should be blocked by ESET correctly.

HIPS, firewalls and co are other things. They are really protecting the user from threats or malware. So this is the difference not that there are many other tools for it.

[SCR 193]

I respect your thoughts. However, dont forget that some ads are really malicious. Finally, acording to your logic, eset should continue with Antivirus only, because exists a bunch of standalone firewalls, HIPS, antispam, and so on...

The Ad Block thing comes up about once a month. See posts #407 and #408 for the most recent:

https://forum.eset.com/topic/51-future-changes-to-eset-smart-security/page-21

[cutting_edgetech 14]

The HIPS needs to be made more configurable. I think the user should be able to select their applications from a list, and choose what permissions their applications have. Also make better use of white listing for harmless system executions. I tried using interactive, and policy based mode. Interactive mode is unusable without better whitelisting. I was prompted to death. I could no use my computer for anything due to answering prompts the entire time I was on my computer. I used my computer in learning mode while running all my applications, and booting in learning mode several times. I then tried using policy-based mode, and the HIPS still blocked some of my applications even though I used those applications while in learning mode. The HIPS did not give me any option to allow them by prompt so the HIPS behaved more like an ant-executable in policy-based mode. Automatic mode with rules, and Smart Mode are the only modes that I have found useable. I have never received any prompt from either mode though so it's not like any HIPS I have ever used.

Edited April 4, 2015 by cutting_edgetech