Future changes to ESET Internet Security and ESET Smart Security Premium

[Marcos 4,705]

On 25. 11. 2013 at 8:33 AM, nishadrox said:

There are some features I'd like ESET to add to their suites

 

1. Less talkative HIPS

2. Sandbox with full virtualization

3. Non-explorer GUI

4. Ability to clean detected malware on scan completion windows without using the option "Scan and clean"

5. Sound alerts on detection

All features have been there for ages:
1, It's called Smart mode (can be set in the advanced HIPS setup).
2, ESET has employed advanced heuristic, an emulator for running code in a virtual environment for more than 10 years.
3, Set Strict cleaning mode for the appropriate on-demand scanner profile.
4, Available in the on-demand scanner setup since NODv1 if I remember well.

[itman 1,538]

Please compile Eset .dlls with CFG support ASAP so that they can't be exploited by a ROP bypass as noted here: https://improsec.com/blog//bypassing-control-flow-guard-on-windows-10-part-ii

[Marcos 4,705]

2 hours ago, itman said:

Please compile Eset .dlls with CFG support ASAP so that they can't be exploited by a ROP bypass as noted here: https://improsec.com/blog//bypassing-control-flow-guard-on-windows-10-part-ii

It's enabled as of v10.1 and we will continue gradually enabling it for modules after making sure there's no adverse effect on performance.

[itman 1,538]

1 hour ago, Marcos said:

It's enabled as of v10.1 and we will continue gradually enabling it for modules after making sure there's no adverse effect on performance.

It is not enabled for Eset browser adds-ons/plug-ins; at least for IE11. I am on ver. 10.1.210. Suspect same applies to Outlook.

Will check other areas and report back if I find more.

-EDIT-

None of Eset program module .dlls i.e. em0xxx_64.dll are compiled with CFG. Granted they only exist in equi.exe I believe, but that is not a protected process like ekrn.exe. Additionally, none if Eset's drivers are complied with CFG.

Edited June 16, 2017 by itman

[Wolf Igmc4 6]

Another suggestion: We all know that we can change the settings to predeterminated, but we are forced for do this for all the settings.

Ok, instead of this, Eset could add a button to do this in all sections of the settings (Antivirus, firewall, etc.).

[TomFace 539]

38 minutes ago, Wolf Igmc4 said:

Another suggestion: We all know that we can change the settings to predeterminated, but we are forced for do this for all the settings.

Ok, instead of this, Eset could add a button to do this in all sections of the settings (Antivirus, firewall, etc.).

It's possible to reset certain sections to default today. Click on reverse arrow. (I use ESS)

Edited July 2, 2017 by TomFace

[Wolf Igmc4 6]

58 minutes ago, TomFace said:

It's possible to reset certain sections to default today. Click on reverse arrow. (I use ESS)

Oh thanks! I didn´t see it

[itman 1,538]

59 minutes ago, TomFace said:

It's possible to reset certain sections to default today.

Go into each sub-section. For example, real-time protection. The "curved arrow" default setting option is there for it in Smart Security.

Edited July 2, 2017 by itman

[UKUser 0]

Allowing user interface to be resized would be good...

[Azure Phoenix 10]

Improve compatibility with SUA accounts.

 

Discussion (And how reproduce issue): https://forum.eset.com/topic/12197-is-eset-compatible-with-standard-user-accounts/?do=findComment&comment=61708

 

Thanks

 

[JoMos 2]

Dear ESET Team,

Following feature would be nice in a future version:

Description: Firewall rules cleanup of unnecessary / invalid entries
Detail: I've set my firewall filter setting to interactive mode, meaning that I can define for every program what the firewall should do. Over the time, you have entries in the firewall rule set about programs that are not existing on the computer anymore. A button for an automatic cleanup of those rules (delete all firewall rules that are pointing to applications that don't exist on the computer anymore) would make it easier to keep the firewall rule list tidy and it also benefits the administration of the rule set.

[Claudiano 0]

I love ESET, but one thing I miss is a behavior blocker, AV in today's times without a behavior blocker gets very vulnerable to 0 day malware and ransomware. I hope the ESET team has plans for this, thank you.

[Marcos 4,705]

59 minutes ago, Claudiano said:

I love ESET, but one thing I miss is a behavior blocker, AV in today's times without a behavior blocker gets very vulnerable to 0 day malware and ransomware. I hope the ESET team has plans for this, thank you.

A behavior blocker would cause quite a lot of false positives or would bother the user to make a decision him/herself every while and then. Our aim is to keep ESET install-and-forget, without asking the users for an action. The more questions, the higher probability of wrong decisions and subsequent infection. ESET leverages a handful of advanced technologies explained at https://www.eset.com/int/about/technology/ to achieve maximum protection without nagging the user or causing false positives.

[Wolf Igmc4 6]

26 minutes ago, Marcos said:

A behavior blocker would cause quite a lot of false positives or would bother the user to make a decision him/herself every while and then. Our aim is to keep ESET install-and-forget, without asking the users for an action. The more questions, the higher probability of wrong decisions and subsequent infection. ESET leverages a handful of advanced technologies explained at https://www.eset.com/int/about/technology/ to achieve maximum protection without nagging the user or causing false positives.

Eset Live Grid know lot of programs to avoid false positives, so a behavior blocker isn´t a bad idea...

[Marcos 4,705]

9 minutes ago, Wolf Igmc4 said:

Eset Live Grid know lot of programs to avoid false positives, so a behavior blocker isn´t a bad idea...

There are tons of legitimate files that would appear suspicious to LiveGrid because of low age or count. It could be custom applications made for and used by particular companies or new versions of legitimate software after the release.

[Wolf Igmc4 6]

33 minutes ago, Marcos said:

There are tons of legitimate files that would appear suspicious to LiveGrid because of low age or count. It could be custom applications made for and used by particular companies or new versions of legitimate software after the release.

In my opinion, I'd rather sacrifice usability for security, but you are right

[Claudiano 0]

2 hours ago, Marcos said:

Um bloqueador de comportamento causaria muitos falsos positivos ou incomodaria o usuário tomar uma decisão a si mesmo a cada momento e depois. Nosso objetivo é manter ESET instalar e esquecer, sem pedir aos usuários uma ação. Quanto mais perguntas, maior probabilidade de decisões erradas e infecção subseqüente. O ESET aproveita um punhado de tecnologias avançadas explicadas em https://www.eset.com/int/about/technology/ para obter a máxima proteção sem irritar o usuário ou causar falsos positivos.

It was proved then then we will not see a behavior blocker in ESET products, since the idea is to preserve usability without user intervention so. We only have to respect and trust ESET so, since you know better than us about security, thank you very much for the attention, Marcos, here is one of the few forums that reassess the customer is treated with respect, of the taste participate here , Since the doubts are always clarified, thanks again and always success for our dear ESET. 

[peteyt 360]

20 hours ago, Wolf Igmc4 said:

In my opinion, I'd rather sacrifice usability for security, but you are right

It's the tricky part of security. Balancing security with ease of use. Make something too sensitive and you end up blocking too much and causing issues for non technical users

[Wolf Igmc4 6]

Eset could add folder protection too.

[persian-boy 22]

 You don't know to allow or block the connection When the IDS system alerts you for an internet connection.
Can we have this ability to trace the IP with Eset?
I mean Eset design an option to trace the IP and show me the IP location and the isp.

 

[persian-boy 22]

On 7/28/2017 at 1:01 AM, JoMos said:

Description: Firewall rules cleanup of unnecessary / invalid entries

Good suggestion, same for the Hips rules list.

[persian-boy 22]

Eset needs to update the Hips module and make it work like this:
If a command wants to run via the cmd then Hips(in interactive mode)must show that command line for the user.
I mean not only show an access alert for the cmd also show the command itself and let the user see the command and then ask to allow or block it.
Also, provide an option to add our safe command lines to the Hips rules.
Im sorry for my bad English but I guess you know what I mean.
 

Edited September 7, 2017 by persian-boy

[persian-boy 22]

Whats up?
Can we have this feature?or should I rely on my Rehips for cmd? I'm happy because no one cares about this hips

[Wolf Igmc4 6]

An option to block individually notifications of a particular threat.

[Marcos 4,705]

6 hours ago, Wolf Igmc4 said:

An option to block individually notifications of a particular threat.

You can exclude potentially unwanted and unsafe applications from detection by name.