Jump to content

ESET Advanced Heuristics vs Cylance or SentinelOne?


cpetry
 Share

Recommended Posts

I've been testing Cylance and SentinelOne against ESET in a VM environment.  I'm more impressed with SentinelOne for other reasons (such as rollback for Ransomware).

 

I'm not convinced either products are "ready" yet but SentinelOne does seem promising.  I love how you can see exactly what a process did as it executed.  It's also amazing that you can leverage shadow copies to rollback an action.

 

I've been a huge fan of ESET for around 10 years.  There doesn't seem to be much development for their business product.  We've been using ESET File Security 4.5 and ESET AV 5.0 for endpoints for 3+ years in our corporate environment.

 

ESET has missed things.  We've seen Randsomware hit systems protected by ESET as well as some newer state of the art Trojans. 

 

I'm also displeased with how ESET upgrades have gone in the past (I've seen component upgrades uninstall ESET vs upgrading a client, etc).  I'm also sick of seeing error 1603's, etc during install.  It's almost a battle to get ESET installed in the corporate environment. 

 

We are going to upgrade to ESET 6.3 from 4.5/5.0 very soon and I'm *really* hoping it's a much better product.

 

I plan to run ESET 6.3 until Q1 next year before I decide to push for another product. 

 

So does ESET actually update the advanced heuristics between versions?  Or is their algorithm set in stone?

 

Is there any progress being made by ESET for business customers?  I haven't seen a lot of activity.  :(

 

Comments?  I'd love to hear what people think about emerging threats and is the traditional AV really "dead"?

Link to comment
Share on other sites

  • Administrators

You are talking about advanced heuristics but there are many other mechanisms to detect and protect you from new borne malware, including ransomware (Filecoders). Namely it's LiveGrid, Exploit Blocker, Advanced Memory Scanner, Network scanner (utilizes regularly updated network signatures) as well as certain internal mechanisms to detect Filecoder behavior and to prevent further encryption. All these features are included only in Endpoint Security v6 (Antivirus Security v6 doesn't have the network scanner yet as it requires ESET's firewall but this will change).

 

I wonder if you've been having 1603 issues or some other with clean install of Endpoint v6. Personally I very rarely see complaints from users. Speaking about Filecoders, it's users with older versions or with LiveGrid disabled or non-functional are those who get hit by Filecoders. We've received very few reports of infection from users with the very latest versions and all protection features enabled and working. We've actually made a big leap between older and the latest versions.

Link to comment
Share on other sites

Yeah, I have version 4.5/5.X of the ESET Anti-Virus, not the Security w/firewall version.  Perhaps that's why we've seen ransomware hit us so hard?  My biggest concern with the ESS suite was the "personal firewall" bit.  I can't imagine trying to control personal firewalls on 1650 endpoints.  Can that portion be turned off while still reaping the other benefits you speak of?

 

ESET support is going to help us rip and replace upgrade to version 6.3.  So hopefully there's been worth wild enhancements made to the newest business version.

 

If the regular AntiVirus will be greatly improved soon to include those Filecoder protections that would be great.. We've seen a huge uptick in ransomware and specialised Trojan software on our network in the last year.

 

PS - I keep LiveGrid on but we are only the older software (I just verified LiveGrid is on for us). 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...