Jump to content

Unable to disable certain Security Alerts in ESET Smart Security 9


Recommended Posts

I ugraded to Eset Smart Security 9 without notable issues.

 

However, the "Application statuses" settings are apparently ignored, see attached screenshots.

 

I don't currently want to use the protocol content filter and the features that go along with that. So I disabled those and the status alerts that go with it - however, the latter setting seems to have no visible effect at all. Even a reboot changed nothing.

 

How do I disable undesired security alerts on the Home screen and on the tray icon in v9? They are counterproductive and prevent me from noticing real and desired security alerts.

post-9242-0-89752500-1444807611_thumb.png

post-9242-0-35355200-1444807615_thumb.png

Link to comment
Share on other sites

  • Administrators

We'll check it out. Anyways, disabling any of the protection features is not recommended. In particular, web protection utilizes a strong url address blocker to block access to websites known to host malware. That said, by disabling it you lose an important protection layer and your computer may get infected when visiting a compromised legitimate website for instance.

Link to comment
Share on other sites

We'll check it out. Anyways, disabling any of the protection features is not recommended. In particular, web protection utilizes a strong url address blocker to block access to websites known to host malware. That said, by disabling it you lose an important protection layer and your computer may get infected when visiting a compromised legitimate website for instance.

 

 

That is not the point.

Not all users are stupid. If a user knows how to disable this in the settings it is probably because he knows what he is doing.

Maybe the user uses another way of web protection?

If you offer the option to disable it (that is why I love ESET), it should work.

No offence of course!

 

Anyway : I notice exactly the same problem. This seems to be a bug.

Link to comment
Share on other sites

  • Administrators

The program should not say that maximum protection is ensured if it's not. So if a crucial protection module is disabled and the program doesn't fully protect you against threats, it's ok to change the protection status to red to draw user's attention.

We've confirmed that this behavior is not a bug and the notification can be disabled only for temporary disabled protection modules. Until v9, it wasn't possible to control the notifications at all.

Link to comment
Share on other sites

The program should not say that maximum protection is ensured if it's not. So if a crucial protection module is disabled and the program doesn't fully protect you against threats, it's ok to change the protection status to red to draw user's attention.

We've confirmed that this behavior is not a bug and the notification can be disabled only for temporary disabled protection modules. Until v9, it wasn't possible to control the notifications at all.

 

I use Fossamail and having ESET scan my email is making it slower.

That is why I disable the email scanning.

 

But ok, seems I have to live with the red cross all the time :(

Link to comment
Share on other sites

  • Administrators

I use Fossamail and having ESET scan my email is making it slower.

That is why I disable the email scanning.

 

It'd be definitely better to troubleshoot the issue than leaving email protection disabled. Basically you shouldn't notice any difference in the speed of email delivery with ESET email protection enabled so we'll try to reproduce it and look into it. Please create a new topic for this issue and let us know if enabling email protection slows down email reception by seconds, dozens of seconds or minutes.

Link to comment
Share on other sites

The program should not say that maximum protection is ensured if it's not. So if a crucial protection module is disabled and the program doesn't fully protect you against threats, it's ok to change the protection status to red to draw user's attention.

We've confirmed that this behavior is not a bug and the notification can be disabled only for temporary disabled protection modules. Until v9, it wasn't possible to control the notifications at all.

 

I'm sorry, but what?

 

The option explicitly says that it toggles the "Anti-Phishing protection alert message" but doesn't and you consider that "not a bug" but intended behavior? Really?

 

I do not want or need protocol filtering. It comes with problematic root certificate injection that in itself poses a security risk, is simply impossible to implement without network performance loss and it's entirely unnecessary with a modern browser which already does the same bloody thing and with half a brain.

 

I do not need or want your Anti-Phishing filter, it's of no use to me and does not enhance my protection. That's why I disabled it and the alert for "Web access and Anti-Phishing protection is currently disabled" and I simply do not see how the fact that the "Web access" alert message disappears but the "Anti-Phishing" alert message inexplicably does not could possibly not be considered a bug.

 

Now I'm left with a product that constantly yells for my attention for no good reason at all which makes me miss when it actually requires my attention - how exactly does that help to protect me, please?

It's like Homer Simpson's "Everything's O.K. Alarm".

 

Quite honestly, this change will make me stop using your product if not resolved. My license expires in February, I don't think I'll renew it at this point.

 

And it was very much possible to disable the bloody annoying web filter in Smart Security 8 without being constantly alerted of that fact. I know, because that's exactly what I did in that version.

Edited by freibooter
Link to comment
Share on other sites

  • Administrators

 

It comes with problematic root certificate injection that in itself poses a security risk

 

It is not clear what security risk you mean, please clarify. At any rate, SSL scanning can be disabled without affecting protocol filtering or http scanning itself.

 

Protection warnings that can be disabled in the Application statuses setup are only meant for temporarily disabled protection. We'll change the wording to make it clear. Disabling any protection features that affect protection capabilities and thus expose users at risk will always be indicated by turning the protection status red.

Link to comment
Share on other sites

 

 

It comes with problematic root certificate injection that in itself poses a security risk

 

It is not clear what security risk you mean, please clarify. At any rate, SSL scanning can be disabled without affecting protocol filtering or http scanning itself.

 

Protection warnings that can be disabled in the Application statuses setup are only meant for temporarily disabled protection. We'll change the wording to make it clear. Disabling any protection features that affect protection capabilities and thus expose users at risk will always be indicated by turning the protection status red.

 

Marcos, I understand your point.

But I have to agree with freebooter here. Having the ability to use the features I want was a major reason for buying ESET. And this was all possible with version 8.

I do not want to constantly see that I am not protected in the maximum way. This is my decision. No need to remind me all the time with an annoying message and a red cross.

This makes me feel I am using a product made for noobs. No offence.

Edited by Daffie
Link to comment
Share on other sites

Marcos, I honestly do not want to argue with you why I want to use certain feature or why I do not. I think I gave you valid reasons (here are some more: there has been a litany of bugs directly connected to this feature in the past, it's prone for conflicts with other network related software, it can not operate without impacting network performance and it's simply not something I ever want to deal with) but even if I did not that does not matter!

 

I'll try to summarize this one more time:

 

 

I intentionally disabled Protocol filtering and therefore Anti-Phishing filtering can no longer function - I don't want or need these features.

 

I unchecked the Alert option labeled "Web access and Anti-Phishing protection is currently disabled".

 

This option does not remove these alerts.

 

Please explain to me once again why this is intended behavior and not a bug.

 

 

 

Now a non-removable security warning for a feature I never wanted to use in the first place is permanently displayed with no option to remove it (well, there is an option, but it doesn't work). This actively decreases my security since Smart Security now can no longer successfully draw my attention to security warnings of actual interest to me.

 

Given the option to be forced into using a feature I do not want to use or to purchase an alternative security software I will choose the latter. Absurdly enough, your company offers such software at a lower price since not all of your products even come with this glorious Anti-Phishing protection that is of such vital importance that security alerts for it can't possibly be disabled. But trust me, I wouldn't pick an ESET product if I were forced to switch products.

 

So, please, tell me again why this new, mandatory and permanent alert is only for your and my benefit.

Edited by freibooter
Link to comment
Share on other sites

  • Administrators

ESET's mission is to provide our users with maximum available protection against newly emerging threats. Unfortunately, we've come across too many cases when home users unwittingly misconfigured ESET and became infected just because of that, complaining that ESET didn't protect them and didn't warn them that maximum protection was not provided. The product should work silently in the background. If you are having some performance or other kind of issues that force you to disable anti-phishing protection or other important protection features, we'll be happy to assist you with pinpointing the issue. If you don't encounter any issues with those features enabled, ignore the red icon color and that's it. We cannot afford giving a false sense of safety to our users by showing a green icon if they are vulnerable to threats and maximum protection is not ensured. Needless to say that exclusions for the protection status could lead malware authors to misuse them.

If there are actual issues that you encounter with important protection features enabled, we will be happy work with you and eventually resolve them.

Link to comment
Share on other sites

Again, I do want to be warned about certain security risks. I do want to know if any of the components I willingly enabled failed, I do want to know if my signature database is out of date, I do want to know if my AV encountered a virus etc.

Smart Security 8 had no problem doing just that.

 

That's why "ignore the red security icon" simply does not work - it prevents me from seeing if there is an actual security warning! This has become a security problem for me!

 

How many users "accidentally" misconfigure their security in its advanced options and disable both security features they did not mean to disable as well as the alerts for them in several vastly different locations?

 

Is that really such a wildly common occurrence that it's worth making Smart Security less security and less usable for those who actually know what they are doing? If you design a product foolproof only fools will want to use it.

 

 

But if advanced users are no longer your target audience, then I guess I have no choice but to take the hint and my business elsewhere. I'm just unhappy that I did not get to use the full amount of time I paid for this product.

Edited by freibooter
Link to comment
Share on other sites

ESET's mission is to provide our users with maximum available protection against newly emerging threats. Unfortunately, we've come across too many cases when home users unwittingly misconfigured ESET and became infected just because of that, complaining that ESET didn't protect them and didn't warn them that maximum protection was not provided. The product should work silently in the background. If you are having some performance or other kind of issues that force you to disable anti-phishing protection or other important protection features, we'll be happy to assist you with pinpointing the issue. If you don't encounter any issues with those features enabled, ignore the red icon color and that's it. We cannot afford giving a false sense of safety to our users by showing a green icon if they are vulnerable to threats and maximum protection is not ensured. Needless to say that exclusions for the protection status could lead malware authors to misuse them.

If there are actual issues that you encounter with important protection features enabled, we will be happy work with you and eventually resolve them.

 

Should probably make a warning message before they fiddle with settings they don't understand. A if you proceed, your system will not be fully protected then they have to agree/disagree to continue and a check box to 'do not show again' message as well. That way you won't be held liable for a bad product because you warned them and that if they do continue, it's their stupidity that will be held accountable. Shouldn't have to punish/annoy those that 'do' know what they're doing with all these blaring warning signs. It was totally fine in ESET 8 but its become an issue in ESET 9.

Link to comment
Share on other sites

Again, I do want to be warned about certain security risks. I do want to know if any of the components I willingly enabled failed, I do want to know if my signature database is out of date, I do want to know if my AV encountered a virus etc.

Smart Security 8 had no problem doing just that.

 

That's why "ignore the red security icon" simply does not work - it prevents me from seeing if there is an actual security warning! This has become a security problem for me!

 

How many users "accidentally" misconfigure their security in its advanced options and disable both security features they did not mean to disable as well as the alerts for them in several vastly different locations?

 

Is that really such a wildly common occurrence that it's worth making Smart Security less security and less usable for those who actually know what they are doing? If you design a product foolproof only fools will want to use it.

 

 

But if advanced users are no longer your target audience, then I guess I have no choice but to take the hint and my business elsewhere. I'm just unhappy that I did not get to use the full amount of time I paid for this product.

 

I totally agree with this 100%.

Link to comment
Share on other sites

Again, I do want to be warned about certain security risks. I do want to know if any of the components I willingly enabled failed, I do want to know if my signature database is out of date, I do want to know if my AV encountered a virus etc.

Smart Security 8 had no problem doing just that.

 

That's why "ignore the red security icon" simply does not work - it prevents me from seeing if there is an actual security warning! This has become a security problem for me!

 

How many users "accidentally" misconfigure their security in its advanced options and disable both security features they did not mean to disable as well as the alerts for them in several vastly different locations?

 

Is that really such a wildly common occurrence that it's worth making Smart Security less security and less usable for those who actually know what they are doing? If you design a product foolproof only fools will want to use it.

 

 

But if advanced users are no longer your target audience, then I guess I have no choice but to take the hint and my business elsewhere. I'm just unhappy that I did not get to use the full amount of time I paid for this product.

I'm another in this camp.  If I disable a feature e.g. anti-phishing, spam etc. I don't want to be alerted to this; I have made a concious decision.  This will cause me to look elsewhere for a software package I can configure rather than pandering to the lowest common denominator.

Link to comment
Share on other sites

Well, looks like their decision is final. This is not a bug but intended behavior.

 

So how is Avast these days, any screaming alert messages that can't be disabled and drown out all actually important alerts in that one?

Link to comment
Share on other sites

  • ESET Insiders

I tried to turn on Parental Control but it force me to set a password to all settings and when i do any rule i must enter the password every time

 

What about i don't have kids? i'm the only one who use the pc? i know what i'm doing? and i only use Parental Control to block Security and Malware

 

V9 force me to set annoying password that i don't need

Link to comment
Share on other sites

  • Administrators

I tried to turn on Parental Control but it force me to set a password to all settings and when i do any rule i must enter the password every time

What about i don't have kids? i'm the only one who use the pc? i know what i'm doing? and i only use Parental Control to block Security and Malware

 

Parental control is basically of no use if you are the only person who works with the computer. Password protection is important when other persons use the computer to prevent them from disabling or altering Parental control configuration set by the supervisor (e.g. parent).

Link to comment
Share on other sites

  • ESET Insiders

 

I tried to turn on Parental Control but it force me to set a password to all settings and when i do any rule i must enter the password every time

What about i don't have kids? i'm the only one who use the pc? i know what i'm doing? and i only use Parental Control to block Security and Malware

 

Parental control is basically of no use if you are the only person who works with the computer. Password protection is important when other persons use the computer to prevent them from disabling or altering Parental control configuration set by the supervisor (e.g. parent).

 

Block Security and Malware is not important ? i been using it in v8 and it block alot of unknown and strange sites that open when i browse

Edited by BALTAGY
Link to comment
Share on other sites

  • Administrators

Block Security and Malware is not important ? i been using it in v8 and it block alot of unknown and strange sites that open when i browse

It is but Parental Control classifies innocuous websites into categories. ESET uses its own list of malicious urls as well as various 3rd party phishing url databases to provide anti-malware and anti-phishing protection. Parental Control is an optional feature and as such cannot have impact on protection capabilities.

The category you mentioned should cover websites dealing with security and malware from the informative point of view.

Link to comment
Share on other sites

Marcos, would you mind telling me the forum rule that my previous post broke? You just removed it silently but even after studying the rules, even rule 6, I completely fail to see why that happened. I was reasonably polite and entirely on topic.

 

I showed how a competitor solves the exact same problem, with almost identical options, to a much more satisfying degree - disabled modules are still prominently shown on the main status page but once the alert is disabled in the options, no longer cause a permanent security warning to appear on the tray icon and inside the app that drown out desired security warnings. That's the solution I was hoping for in Smart Security 9.

 

Yes, I already used this bug as a reason to switch to a competitor and I'm now very happy with my choice, but I don't know how this kind of censorship will help to improve your product in the future.

 

In fact, your entire attitude so far has been quite disappointing and instead of hoping for ESET to improve and eventually revisit my choice once the newly purchased competitor's subscription expires, this attitude towards your still paying customers will make me avoid ESET entirely in the future. And that's a shame, because I like having the choice between good software.

Link to comment
Share on other sites

Yes, This v9 is a big step in the wrong direction. What a shame. It is more sluggish, is not made for experienced users - quite the opposite! - and is not as configurable as v8.

I purchased my 3 year license 1 month ago. I will ask for my money back.

What a shame to see my favourite product go down this route :(

Link to comment
Share on other sites

Oh, and I love the sandbox module for suspicious files, how did I live without this for so long? That alone should have made me switch years ago, that offers better security to advanced users than any on-access scanner could.

 

Why ask "how is Avast these days" when your post and your passionate writing gives me the feeling that you have used Avast for quite a while and have good knowledge about the ins and outs of Avast, especially when you say that you just bought a license... "newly purchased competitor's subscription"...and you already "love" a specific feature that you couldn't live without.

 

ESET has the HIPS which can be used to tight up the system if users want to, it's not all about

the on-access scanner in ESET.

 

If you like Sandbox-type software then look up "Sandboxie".

 

Yes, I totally agree that Avast offers better security for you - when you wish to disable so much in ESET that the product would perform on par with MSE.

 

The Web access protection in ESET is incredibly effecting and also incredibly important to keep enabled in the product for several reasons.

 

Not sure why you disable Anti-Phishing, I get Anti-phishing protection from OpenDNS and ESET at the same time, using two sources is better than one. And it doesn't make sense to disable something in the product that doesn't use any extra system resources and get's updated every 20min with new phishing data. Do I currently use an e-mail client, no (but maybe in the future). Do I disabled e-mail client protection, no, because it doesn't affect the system resource usage in any way - enabled or disabled the resource usage is the same.

 

Edit: I can see both yours plus others - as well as ESET:s point of view in this question. But I think some need to improve their knowledge so they better understand the product and what disabling e.g Webaccess protection does - and how it affects the protection and detection abilities of the product.

Edited by SweX
Link to comment
Share on other sites

  • Administrators

Just to make it clear, we plan to make improvements in terms of the ability to disable warnings so it's not that we'll keep status quo forever. However, any changes in this regard must be done carefully so that we don't make it easy for malware to make the protection status green and thus giving a false sense of safety to the user even if antivirus protection was not running. Also users who need to temporarily disable critical settings for whatever reason have to be notified about that in case they forget to re-enable them. This all needs to be taken into consideration when making a decision about future changes in status notifications.

 

If somebody needs to have a particular feature affecting protection from threats permanently disabled, we'd like to hear more about that and the reasons that make you disable such features so we better understand your situation.

Link to comment
Share on other sites

@SweX, I have used it for a little over two hours now and haven't used it for years before that. ESET has been my security software provider of choice for a long time. Only Smart Security 9's obnoxious and 100% counter productive changes to the alert system changed my satisfaction with the product. That, and the attitude towards my and several other user's reasonable complaints about it. As you can see, Marcos now removes my posts and entirely ignores me and others otherwise.

 

Avast offers one feature I wasn't even aware of that has been suggested on these forums multiple times but never really implemented. It offers a full sandbox to execute and examine suspicious files in, much like Sandboxie did back in the day, that's awesome and yeah - I did fall in love with that feature in less than two hours time. It's truly stand out and does provide better protection for me.

 

Other than that, you are showing the same attitude as Marcos: I did not wish to disable "that much", I only wish to disable what actively interferes with my network connection. I have other tools (and half a brain) that are protection me on that front. And that's my decision. That's why I now chose security software that still respects this decision.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...