Future changes to ESET Internet Security and ESET Smart Security Premium

[V3.Firewall 2]

ESET Smart Security Company try to copy security has Anti DDoS Guardian 3.4 and add firewall eset smart security to detect flood attacks etc would be great

Edited March 17, 2016 by V3.Firewall

[beancounter 6]

The live installer needs to check for the presence of other AV products before proceeding with the installation. See https://forum.eset.com/topic/7755-installing-eset-smart-security-on-a-new-win10-laptop/

[Marcos 4,693]

The live installer needs to check for the presence of other AV products before proceeding with the installation. See https://forum.eset.com/topic/7755-installing-eset-smart-security-on-a-new-win10-laptop/

 

It does. Probably the version of Mcafee you had installed is not detected by AV Remover. Hence I asked for more information about what McAfee product you had installed and what system platform you use (x86 or x64) so that we could try to reproduce it.

[beancounter 6]

A bit late for that because I already uninstalled it. The laptop is brand new from ASUS if that helps

[beancounter 6]

Repeated just in case.

OK. I went back to the store that sold the laptop to me. The Mcafee version is 14.0.1122. The lockup only occurred after I rebooted with an active WiFi connection. I could only get in to uninstall Mcafee after disabling the WiFi connection.                       

[toxinon12345 32]

Not sure how feasible could be this, but a more user friendly HIPS...

Description: HIPS "application control". ESET harddened mode.

Detail: a HIPS extension with [Application Startup Control] leveraging reputation data for whitelisted and good prevalence executables.

[namtan 0]

I do really think next Eset's version could implement a system to notify users about third party software updates as Avast already does on its free version antivirus.

 

I also think Eset should to make its HIPS module much stronger to deals better with zero day threats.

 

Thanks!

 

 

[mar122999 1]

Description: Default Deny

 

Detail: Auto block applications that are not on a white-list determined by ESET.

[SweX 871]

Description: Default Deny

 

Detail: Auto block applications that are not on a white-list determined by ESET.

 

Default Deny (if you meant by default) will not work as the majority of ESET's customers want (and need) a product that is easy to use with no unnecessary popups or detection notifications with questions like "allow, block, quarantine".

 

I gave a suggestion myself a while ago that you may like which should work with the help of data from Livegrid.

https://forum.eset.com/topic/51-future-changes-to-eset-smart-security/page-14#entry17761

 

I am not a fan of auto block as that would automatically block everything that is not yet on the white-list. I want to control that myself, which is part of my suggestion above.

[toxinon12345 32]

Well, I guess Similarity digests are what extend a cloud for effective classification; in addition to reputation metadata (age/users). Of course, you should not expect blocking every executable out there with the premise of "Low reputation" only: that would create tons on FPs e.g. for developers; but an hybrid approach combining core routines with cloud classifier should readjust threshold levels for threat determination.

The problem with a dynamic whitelisting is the performance overhead, e.g. querying the cloud for every new installed PE program [ *.exe | *.dll ], if we add script execution: PowerShell, Batch, VBscript it would mean another filegroup to look at. Some other products claimed to have resolved, at least partially, that problem with what they call "prefetch scan", "solid asynchronous packet", and other sort of weird terms. Maybe it makes sense for interactive windows : PUA's for example.

Edited April 9, 2016 by toxinon12345

[SCR 195]

 

I do really think next Eset's version could implement a system to notify users about third party software updates as Avast already does on its free version antivirus.

 

I also think Eset should to make its HIPS module much stronger to deals better with zero day threats.

 

Thanks!

 

 

 

Why would you want Eset to advise you of a third party program update? The third party program should be doing that. If it isn't then you should be addressing the author of that specific software about the issue.

 

Personally I don't allow any programs, with the exception of Eset SS, to automatically update or even check for updates. It's the first thing I turn off on any new program install. The second thing I do is create a rule for that program to ask for permission to connect to the Internet for any reason. If I want to know if there is an update that may be necessary for security or a new feature I may want I check the website of the author.

 

I really don't see a need for Eset to be combing the web to find updates to third party software. If Eset considers this idea please include an off switch to disable it. But hey, that's just me.

[dlwat123 0]

I'm new to the Forum. What is a "pinned" notice?

[TomasP 302]

I'm new to the Forum. What is a "pinned" notice?

 

It means it stays at the top of the list so that everybody sees it.

[itman 1,538]

How about adding the ability to perform SSL certificate pinning validation without enabling SSL protocol scanning?

Believe this would be easy to do by using the existing excluded SSL certificate processing. Allow the feature to be enabled when SSL protocol scanning feature is disabled. Users would manually select SSL certificates as done presently using the "excluded/pinned certificate" option. Eset would add an option for certificate pinning checking only. This option could only be enabled if SSL protocol scanning was disabled. When Eset detects the certificate pinning option enabled, it would know to perform the web site to root CA certificate thumbprint validation check only.

This would enable Eset to provide EMET like certificate pinning protection w/o having SSL protocol scanned. That way users could still be protected against man-in-the-middle and phishing attacks on HTTPS web sites.

Also this option should be added to ver. 8 and above.

Edited May 17, 2016 by itman

[cdgmol 0]

I would like to have a "keyword" option for the white (and black) list of ESS.

 

I have a few e-mail subscriptions where the sender address is different every time. That means that adding such an address or domain to the white list is useless. And unfortunately, every new e-mail is marked as SPAM and saved at that location.

A few examples:

service=milieudefensie.nl@mail3.suw15.mcsv.net

service=milieudefensie.nl@mail91.atl71.mcdlv.net

service=milieudefensie.nl@mail85.atl71.mcdlv.net

service=milieudefensie.nl@mail9.suw15.mcsv.net

 

What should be possible is adding the stable part of such addresses to the white list (of course in a special notation/format). After that, all addresses that contain that "keyword", should be considered as safe.

[Marcos 4,693]

I would like to have a "keyword" option for the white (and black) list of ESS.

 

I have a few e-mail subscriptions where the sender address is different every time. That means that adding such an address or domain to the white list is useless. And unfortunately, every new e-mail is marked as SPAM and saved at that location.

A few examples:

service=milieudefensie.nl@mail3.suw15.mcsv.net

service=milieudefensie.nl@mail91.atl71.mcdlv.net

service=milieudefensie.nl@mail85.atl71.mcdlv.net

service=milieudefensie.nl@mail9.suw15.mcsv.net

 

What should be possible is adding the stable part of such addresses to the white list (of course in a special notation/format). After that, all addresses that contain that "keyword", should be considered as safe.

 

Please contact Customer care and provide them with examples of the emails that are incorrectly blocked. Maybe their sender has the IP address blacklisted due to sending out spam in the past and it might be safe to unblock it now.

[cdgmol 0]

 

I would like to have a "keyword" option for the white (and black) list of ESS.

.... (see original post)

 

Please contact Customer care and provide them with examples of the emails that are incorrectly blocked. Maybe their sender has the IP address blacklisted due to sending out spam in the past and it might be safe to unblock it now.

 

 

Hello Marcos, I have already had e-mail contact with ESET Support about this subject. It took many replies before the "supporter" understood the situation and what I was asking. The correspondence has Ticket ID: 23851, however it is in Dutch.

His final response was that this feature is available in 'ESET Mail Security' (however, I could not find something like that in the User Guide), but that there is no planning for implementing this feature in ESS.

 

The emails are NOT incorrectly blocked by ESS, but the addresses are not in the 'Safe addresses' list of Outlook and this annoying situation exist already very long. However, I never asked Microsoft for a solution and I'm hoping that ESET will add this feature to ESS.

 

Some details about my system and email situation. I have used Outlook 2003 with Windows XP for a very long time and changed to Outlook 2010 (under Win7 Pro) only a few months ago. Since a few years I'm using ESS and (v8) was not integrated in the old situation.

 

The old situation is the main reason why I use the Outlook lists (Safe, Blocking, etc.) and (for me) there is still no reason to transfer all that addresses and domains to the ESS lists.

Outlook is configured the usual way: emails from Safe Senders are directed to the Inbox i.s.o. to the "unwanted" folder. Then I have to 'manually' evaluate that emails and move them to the Inbox or to a temporary spam archive (folder).

 

Note. Till now I have always correctly recognised unwanted and dangerous emails (with my own eyes and brains).

 

Note. It is difficult (at least for me) to check how many computer users are familiar with this problem and has also accepted these annoyance (of Outlook?). An important reason for accepting, is that I don't know what keyword(s) are relevant for this problem and that makes it very hard to search for a solution or for (forum) discussions about this issue. During installing and configuring Outlook 2010 (at Win7 Pro with ESS v9) this issue was (re)activated and then I got the idea how it could be solved. And after the unsuccessful discussion with the ESET Support engineer, I decided to post my suggestion at this topic.

Edited May 22, 2016 by cdgmol

[Marcos 4,693]

The emails are NOT incorrectly blocked by ESS, but the addresses are not in the 'Safe addresses' list of Outlook and this annoying situation exist already very long. However, I never asked Microsoft for a solution and I'm hoping that ESET will add this feature to ESS.

I understand that you receive legitimate emails (probably a kind of newsletters) from email addresses like those you've mentioned and ESET's Antispam evaluates them as spam which is not what you want. Therefore we'd need to get some examples of such emails to find out the reason for evaluating them as spam. Also it might enable us to provide you with hints as to which IP addresses to allow to prevent these emails from being evaluated as spam. Since this topic is not intended for discussing particular issues, we'll move it to a separate topic, if needed.

[cdgmol 0]

 

The emails are NOT incorrectly blocked by ESS, but the addresses are not in the 'Safe addresses' list of Outlook and this annoying situation exist already very long. However, I never asked Microsoft for a solution and I'm hoping that ESET will add this feature to ESS.

I understand that you receive legitimate emails (probably a kind of newsletters) from email addresses like those you've mentioned and ESET's Antispam evaluates them as spam which is not what you want. ......

 

 

Hello Marcos, I thought (or at least was hoping) that my information was detailed enough to understand the situation.

 

#1. Very important is: it is not a problem that is caused by or related to ESS.

 

#2. Emails from unknown senders are directed/saved to the "unwanted" folder (that depends on my Outlook configuration).

 

#3. Adding "once-only" sender addresses to the 'Safe Sender' or 'White' list is useless.

 

#4a. Adding the feature as described in the last paragraph of my first post, could be the solution for considering the new emails of that sender as safe.

 

#4b. Another way of describing this feature is perhaps that during processing of incoming emails, there should be an additional check if an address is not white listed:

if the sender address contains "keyword", then it is a safe email.

 

Note. Adding [sPAM] to the email subject line is an ESS setting and I have switched off that option now. That makes the situation regarding the "unwanted" folder just the same as in the old situation.

Edited May 22, 2016 by cdgmol

[itman 1,538]

Probably the worst new feature added to ver. 9 is the Network Troubleshooting Wizard; namely the logging of blocked connection activity. I know the intent of the feature was well intentioned. However based on the number of postings in the Forum on normal and benign blocked activity, appears Eset has created a reporting mechanism totally unsuited for the average non-technical user.

Edited May 31, 2016 by itman

[cdgmol 0]

I would like to have a "keyword" option for the white (and black) list of ESS.

...............

What should be possible is adding the stable part of such addresses to the white list (of course in a special notation/format). After that, all addresses that contain that "keyword", should be considered as safe.

 

This feature (request) is not necessary anymore. Adding the address or domain of the second part (after "namens") to the ESS 'White list' is doing what I wanted.

 

Some additional information.

 

An example of the full sender address information of such emails:

<service=milieudefensie.nl@mail3.suw15.mcsv.net>; namens; Ike Teuling <service@milieudefensie.nl>

 

Until recently, I did not try e.g. @milieudefensie.nl in the ESS 'White list' because that domain is already in my Outlook 'Safe Sender List' and that don't work. So, it's nearly sure that Outlook is using the first address for processing the incoming emails.

But last week I was searching for emails with that special addresses and noticed that e.g. '@mail3' or 'service=' did not give any result. Then I tried 'milieudefensie.nl' and 'service@' and that search results were OK.

That means that for searching through already received emails, the second address is being used by Outlook. And that was the reason that I have added the second address of the special senders to the ESS 'White list'.

I'm glad that I have seen now a few times that this special sender emails are placed at the Inbox.

[Ensto 0]

Description:  Image/video thumbnail/URL filter support for search engines in Parental Control (similar to Google SafeSearch).

 

Detail:  ESET Parental Control does a good job when it comes to blocking website access but children doesn't have to visit those sites because search engines still show enough content.

             For example, if your Google search contains a sexual word Google will present you the world's biggest pornographic magazine with tons of pictures and motion pictures (GIF's). Even from websites

             that are blocked from access.

 

             I don't use Parental Control myself but I think it's a sort of false security for parents who think their children safely browse the Internet.

[itman 1,538]

This suggestion will save Eset some money. So hope that gets the Eset "powers to be" attention.

Adding locked-down Internet banking protection was a welcomed addition. However, the approach taken to implementing it by Eset was misdirected. Looking though the recent forum activity, all I see is posts about banking protection not working right. The problem is that trying to implement and maintain this feature for all browsers is problematic and expensive to say the least. Chrome for example is in a constant state of revision. Ditto for the other browsers.

What Eset should have done is follow Bitdefender's lead when they implemented the free version of SafePay. That is use an existing browser, Bitdefender used Chromium, and modify that browser for secure e-commerce purposes. When a person wanted to perform e-commerce activities, they would use this modified browser. Eset would then only have to maintain a single browser for any OS enhancements that would impact its functionality. It also goes without saying that this specialized browser could contain security enhancements that would be impossible to incorporate in a general purpose browser.

Additionally since this Eset browser would be a standalone product but integrated with all currently supported Eset versions, it could be offered for download for such users.

[glugy 11]

Change icon for ESS in the notification area .

[adam 2]

Description:  Startup Monitor

 

Detail: Monitor the registry, Startup folder, Services, and anywhere else where a program may try to attach itself to 'start on windows startup' and then run a function if it detects any changes.

 

The options for configuration could be:

 

- Allow All

- Warn and Confirm

- Block All (Without confirmation)...

 

This way a user could decide whether they want to allow a program to be added to the Windows Startup.

 

There are tonnes of various programs that try to add themselves to the Windows Startup list without asking the user first. And then there is of course malicious software as well.

 

I have been using a small custom application to notify me everytime a program attempts to add itself to windows startup - but think that this would be a wonderful feature to include as part of Esets security features.