Jump to content
Aryeh Goretsky

Future changes to ESET Internet Security and ESET Smart Security Premium

Recommended Posts

Parental Control: 

More selective Web content parsing and blocking similar to that of eScan Web protection

Edited by toxinon12345

Share this post


Link to post
Share on other sites

"Tools > Submit sample for analysis" needs a progress bar for the uploads, I never know if they were sent or not.

Share this post


Link to post
Share on other sites

Description : A data leak prevention that detects and prevents data breach by network monitoring.

 

Motivation : In a case of a system infection, and the bypass of the HIPS protection, it could be interesting to inspect the traffic and block protected content(like users passwords, credit card numbers, etc...).

 

P.S : excuse my bad English ;)

Share this post


Link to post
Share on other sites

I think Eset should include a product updates to solve various problems facing by some users after upgrading to a newer version. I read sevaral posts regarding to problems after upgrading to v7. Eset should pay more attention to these users otherwise they will change to other AV products and give negative comment to Eset as well.

Share this post


Link to post
Share on other sites

I think Eset should include a product updates to solve various problems facing by some users after upgrading to a newer version. I read sevaral posts regarding to problems after upgrading to v7. Eset should pay more attention to these users otherwise they will change to other AV products and give negative comment to Eset as well.

 

What do you mean in particular? Any software contains certain bugs, including operating systems developed by thousands of engineers. ESET's goal is to provide as flawless products as possible even at the cost of postponing the release if a more serious issue is found. V7 had been thoroughly tested also by users around the world in various system environments for several months before it went gold. Basically the only known bug in v7 is that Antiphishing doesn't get automatically re-enabled from the disabled state as other protection modules do. Then there have been some performance issues with Advanced memory scanner reported which are caused by the behavior of particular applications. These are not bugs but rather something that requires optimization of AMS so that the applications don't cause any issues to AMS.

Share this post


Link to post
Share on other sites

 

I appreciate that Eset is putting a lot of efforts to make it flawless product. I  just joined this forum a couple days ago and I saw some posts  that Eset may still having some bugs. I know it is just invidual case but new users may worry that Eset has lot of bugs and lose confidence with Eset. By the way I'm having a good time with Eset Smart Security. What I meant is I wish that when Eset should lauch an update to fix some known bugs which Eset is currently doing or create a bug report topic to let users report bugs and solve it permanatly ( I know that this is quite imposiible to have a perfect product which satisfy everyone because bugs appear from time to time and every bugs is differ from others), FInal words,  I love Eset and thats why I want Eset to be better.

 

Edited by Weng

Share this post


Link to post
Share on other sites

Motivation  : My thought with this Site Advisor or guide is, that it could supplement the parental control, and give the young user or any user, a visual notification about a link/web sites immediate reliability, as Eset see it. 

 

You are refering to Web content filtering

Anti-Spam parsers are proven to be also very effective when combined to URL blocking

Recently ESET won First place thanks to the Anti-Phishing module,,,you can view it here

 

Currently Parental Controls trust only in reactive methods as URL blocking; without using specific proactive algorithms

If Web parsing could be added into Parental Controls, it would be great

 

Anyway the yearning of Web reputation seems to be added long time ago

post-973-0-79409700-1384736193_thumb.png

Edited by toxinon12345

Share this post


Link to post
Share on other sites

ESET's response was that a site is either good or bad, there's nothing inbetween wich is why they haven't added a traffic light system for links. If it's bad or potentially suspicious then it's blocked, and if it's good then you're allowed access. I am split in this question, but I do agree with ESET on this that's it's not really needed. Useful perhaps but not needed. I guess I belong in the group that thinks "only add features if it's really needed" to keep the product as small as possible. And nothing will prevent the user from clicking on a link with a red mark only because ESET says so. "Red mark why? pffft I will go there anyway"  :)

Share this post


Link to post
Share on other sites

Traffic lights for Setup Pane

 

post-973-0-76433200-1384973960_thumb.png

 

Most people would fix problems by means of Home Screen the way it currently does

Edited by toxinon12345

Share this post


Link to post
Share on other sites
Guest

There are some features I'd like ESET to add to their suites :)

 

1. Less talkative HIPS

2. Sandbox with full virtualization

3. Non-explorer GUI

4. Ability to clean detected malware on scan completion windows without using the option "Scan and clean"

5. Sound alerts on detection

Share this post


Link to post
Share on other sites

There are some features I'd like ESET to add to their suites :)

 

1. Less talkative HIPS

2. Sandbox with full virtualization

3. Non-explorer GUI

1. It doesn't "talk" at all in the default automatic mode, for obvious reasons. The other modes are only meant for advanced and experienced users.

2. As usual I will recommend Sandboxie or other standalone sandbox  for people who likes sandbox type programs.

3. A new GUI is in the works, that's all we know for now.

Edited by SweX

Share this post


Link to post
Share on other sites
Guest

 

There are some features I'd like ESET to add to their suites :)

 

1. Less talkative HIPS

2. Sandbox with full virtualization

3. Non-explorer GUI

1. It doesn't "talk" at all in the default automatic mode, for obvious reasons. The other modes are only meant for advanced and experienced users.

2. As usual I will recommend Sandboxie or other standalone sandbox  for people who likes sandbox type programs.

3. A new GUI is in the works, that's all we know for now.

 

 

Automatic mode allows almost all (if not all) requests automatically. So it defeats the purpose of having a HIPS in the first place.

 

Glad to hear that a new GUI is in the works.

Share this post


Link to post
Share on other sites

Automatic mode allows almost all (if not all) requests automatically. So it defeats the purpose of having a HIPS in the first place.

 

 

Turn On the new  HIPS Advanced Memory Scanner, it is a post-execution detection layer

It is available in version 7

Edited by toxinon12345

Share this post


Link to post
Share on other sites
Guest

 

Automatic mode allows almost all (if not all) requests automatically. So it defeats the purpose of having a HIPS in the first place.

 

 

Turn On the new  HIPS Advanced Memory Scanner, it is a post-execution detection layer

It is available in version 7

 

 

It's turned on. I haven't turned off any module in it.

Share this post


Link to post
Share on other sites

Description: Warn users when opening an unknown file to Eset (using live grid features)
Detail: I think users should be warned when an unknown file is being ran since it could be malicious.

Share this post


Link to post
Share on other sites

Description: Warn users when opening an unknown file to Eset (using live grid features)

Detail: I think users should be warned when an unknown file is being ran since it could be malicious.

 

There are hundreds of thousands of legitimate applications that are new to LiveGrid so your suggestion would produce a lot of warning to users who wouldn't know whether to allow the application to run or not.

Share this post


Link to post
Share on other sites

 

Description: Warn users when opening an unknown file to Eset (using live grid features)

Detail: I think users should be warned when an unknown file is being ran since it could be malicious.

 

There are hundreds of thousands of legitimate applications that are new to LiveGrid so your suggestion would produce a lot of warning to users who wouldn't know whether to allow the application to run or not.

 

 

Well, what I meant is when a file is downloaded. I know they could be some legitimate files but if you narrow it down to factors such as:

 

- File has a digital signature

- The source of the file

- How long the file has been created

- Amount of users with the file

- Where the file has been downloaded from

 

And some other factors it would narrow it down. Most major AVs use the cloud to their advantage so this was just like an idea.

Share this post


Link to post
Share on other sites

factors such as:

 

- File has a digital signature

- The source of the file

- How long the file has been created

- Amount of users with the file

- Where the file has been downloaded from

 

Low prevalent and rare files with suspicious packed PE --> Query reputation data after successfully downloaded such file

Also, I think AMS possibly could benefit speed from the whitelist

Edited by toxinon12345

Share this post


Link to post
Share on other sites

Hello,

it's better for searching and browsing malware names that the type of malware is to be available in 'ESET signature database' page, for example:

Win32/Dorkbot.B

"This is the the available information of update info in the current update info page".

Win32/Dorkbot.B worm

"The preffered formula of that information".

Share this post


Link to post
Share on other sites

I request ESET to remove the Activate product context menu after a successful activation:

 

Activate Product still appears after product is activated

 

This is very annoying and misleading

 

My product IS activated and valid till December 2015 so why does this choice of activating the product still appear when I right click on the NOD32 program in the taskbar

 

please inform ESET to fix this it's very unprofessional

 

 

post-1272-0-09607100-1388683255_thumb.png

Share this post


Link to post
Share on other sites

I request ESET to remove the Activate product context menu after a successful activation:

 

Activate Product still appears after product is activated

 

This is very annoying and misleading

 

My product IS activated and valid till December 2015 so why does this choice of activating the product still appear when I right click on the NOD32 program in the taskbar

 

please inform ESET to fix this it's very unprofessional

Tweak Arena, did you vote? See below:

https://forum.eset.com/topic/1651-tray-menu-options-poll/

Share this post


Link to post
Share on other sites

Does ESET SysInspector | ESETOnlineScanner have these features for better LiveGrid tracking?
 
 

 

 the snapshot of the running processes has to contain information extracted by the following three components:

The file information component extracts information such as Portable Executable structure abnormalities, entropy, whether or not the file is digitally signed with a valid digital signature, imported functions, etc. are all helpful in determining whether a file is suspicious.

The memory information component analyses the in-memory image of modules. Since the modules are already executing, it is safe to assume that, at this stage, most modules are decrypted/decompressed and we have access to their unencrypted memory image. Among information retrieved, we mention:

  • Exploits and shellcode.
  • Embedded executables (particularly device drivers!).
  • Strings used by various protocols, interesting registry keys, etc.
  • Whether the in-memory code section exactly matches the on-disk code section (of course, after we apply relocation information).

The System information component analyses the way the module interfaces with the system, and possibly other systems, by taking in consideration the following:

  • A hidden process, or a hidden module within a process, is a warning sign.
  • A process that waits on a specific port, or is connected to a server on a specific port may be a warning sign, depending on the port, server address and other flags.
  • A process with multiple valid and visible windows may be considered less suspicious than a process with no windows, or with windows outside the viewing area of the screen.
  • PI hooking, although used in legitimate software as well, is mostly used by malware, typically by injecting unconditional branches to the new handler function.
  •  A presence in a ‘hot’ area of the file system (the Windows or System32 directories, Startup, Temporary Folder, etc.) or presence of an executable in a file’s list of streams, may represent a warning sign, depending on other factors.
  • Different ways of loading a DLL into the system are important flags in determining whether a file is suspicious.
  • The way a process is started may reveal interesting information. A process automatically started via an autorun registry key may receive a different score compared to a process manually started by the user

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...