Future Changes to ESS

[stackz]

Quote:

Originally Posted by encus

Ok, correct me if I'm wrong, so a file can not be infected with trojan but only with virus. A trojan is a single thing but on the other hand a virus always sticks within a file .

Yes, in the true sense a virus is a file infector. In simplistic terms, the original infected file can run as usual, but malicious code will be embedded and execute when said file is run before regular code execution is passed back to the file.

[Teraclips]

i would like an option for an universal cleaning parameter, unless im missing something it is a hassle to set one by one each cleaning module to strict

other than that, ESS is looking better and better... loving ESS6 (testing in some old machines and new ones)

[Marcos]

Quote:

Originally Posted by Teraclips

i would like an option for an universal cleaning parameter, unless im missing something it is a hassle to set one by one each cleaning module to strict

It is not wise to use strict cleaning or crucial system files may be removed automatically if detected, rendering the OS unbootable.

[McCovican]

Single Firewall Rule for Multiple Applications


This is a feature that I always thought was beyond the reasonable, but I noticed that a system at work with Comodo on it has it. I have multiple files on my computer with the same name, in different locations. Instead of creating a many dozen rules for each and every one, I'd like to be able to either just put "file.exe" in the Local Application box when creating a rule and have that rule apply to all files with that name, or be able to at least use wildcards in the path for the application, (eg: D:\*\file.exe) - even if I had to specify a wildcard for each directory level (eg: D:\*\*\*\file.exe), that would still make things so much better; it would take me down from ~80 rules for that to ~3.

[Teraclips]

Quote:

Originally Posted by Marcos

It is not wise to use strict cleaning or crucial system files may be removed automatically if detected, rendering the OS unbootable.

i like this option when i use it on pc were the owners are oblivious to their safety and are the type the just click in open or "x" on everything they dont know what it is (mostly my family)

it might be true but it has never happened to me so still that option could be nice

[toxinon12345]

Quote:

Originally Posted by Teraclips

i like this option when i use it on pc were the owners are oblivious to their safety and are the type the just click in open or "x" on everything they dont know what it is (mostly my family)

it might be true but it has never happened to me so still that option could be nice

With the option you see there you can set the cleaning to interactive/automatic/semiautomatic.
It is not intended for more removal agressiveness, as this is the default

[SweX]

I have been thinking about this for a while. If it would be a nice feature to have or not......

And Yes I do think that it would be a useful feature to have.

And that is the ability to scan a link with Nod32/ESS.

Like you right click on the link and choose "Scan link with ESET" from the menu.

I mean this would be useful in situations where you are about to visit a new unknow site, or a site that have a suspicious url name etc etc.

I know that I could just visit the site and ESET would block it, or detect something malicious. But if the site actually is malicious and ESET doesn't block or detect anything then i'm screwd so to speak.
Therefore I think that having the ability to manually scan a link before visiting the site is useful.

What do you think?

Thanks

P.S
URL scanning services like VT and URLVoid are great and very useful.
But before using those services I could just right click on the link and scan it with ESET. If ESET finds that the site is OK/clean then you could consider a second scan with services that I mention above.

[Marcos]

Quote:

I know that I could just visit the site and ESET would block it, or detect something malicious. But if the site actually is malicious and ESET doesn't block or detect anything then i'm screwd so to speak.

If ESET didn't block a particular website, you would get good reputation when checking it via "Scan link". So in the end, the result would be the same but impractical as now links are evaluated automatically without user's intervention. Another thing to consider is that otherwise clean websites may have scripts or iframes injected and only scanning the code with the web scanner can reveal such injections.

The problem would also be a wide variety and quick development of browsers. Continually adjusting plug-ins would not add any value but exhaust valuable resources.

As for various URL scanners, always take the results with a grain of salt. There have been numerous cases when all scanners evaluated them clean but in fact they were infected and detected by ESET!

[SweX]

Quote:

Originally Posted by Marcos

If ESET didn't block a particular website, you would get good reputation when checking it via "Scan link". So in the end, the result would be the same but impractical as now links are evaluated automatically without user's intervention.

Hi Marcos thanks for the answer.
Yes I had that discussion with myself as well.
But to get the answer you would still need to click on the link and actually visit the site to find out. But I understand what you mean.

Quote:

Another thing to consider is that otherwise clean websites may have scripts or iframes injected and only scanning the code with the web scanner can reveal such injections.

Yes I love the web scanner and I have seen it detect and terminate the connection on affected websites many times.
So my idea was to actually take advantage of the web scanner when clicking on the "Scan link with ESET" Or are you saying that one have to load the actual page in the browser for the web scanner to be able to scan the content? If that's the case then I fully understand that it's impossible to use it in the way I had in mind.

Quote:

The problem would also be a wide variety and quick development of browsers. Continually adjusting plug-ins would not add any value but exhaust valuable resources.

Yes I thought about that too. Though I also thought that since ESET's products is browser independant, and afaik it doesn't use any type of plugin (Wich is good since I hate plugins and that's another good reason for me to use ESET) so I thought that wouldn't be an issue.

Quote:

As for various URL scanners, always take the results with a grain of salt. There have been numerous cases when all scanners evaluated them clean but in fact they were infected and detected by ESET!

Oh yes I know that very well. ESET's web scanner is one of the best ones for sure, it's very very effective, but still doesn't impact the browsing experience in a bad way like other web scanners tend to do
It even blocked an AD on cnet.com couple of months ago that was advertising a software that ESET classified as a PUP

Cheers, SweX

[Marcos]

Quote:

Originally Posted by SweX

Or are you saying that one have to load the actual page in the browser for the web scanner to be able to scan the content? If that's the case then I fully understand that it's impossible to use it in the way I had in mind.

Exactly. The scanner won't know about possible (malicious) scripts on the target site / page unless its content is downloaded. Even if there was a way to scan links manually (e.g. via a special option in the main panel of the ESET's product), you would rarely get accurate results for the above mentioned reason, ie. because the scanner cannot check a web page content until it's downloaded.

[wadeduck58]

Just sent this below letter to Eset Marketing....

Does anyone else have the same concerns with ESS 6 Beta?

---(copy of letter below)---

Hello Friends,

I recently received an offer to "Try out the free Smart Security 6 beta with Anti-Theft"...

I have to tell you that I have been a faithful customer for 7 years, and use your products exclusively on all four of our personal home computers, as well as recommend ESET to all my customers...

My business is probably only responsible for bringing 15-30 new customers a year your way, but even though I am a small repair outfit, I thought that others would share my worries, and stop endorsing you as well...

I have to be honest; your constant expansion to new areas to refresh your products could do more damage than help :-(

I am very worried about your trend to incorporate "Anti-Theft" features onto your newest releases!

In theory, additional features seem like new ways to reach more customer wants, but not if they conflict with your original products security!

I hoped to shed some light, if it is not too late, for your newest released Smart Security 6, because originally after reading the additions this year, I was simply going to find another product to use personally and endorse with my customers...

Being a retired microwave engineer/department manager, I know from experience that managers sometimes are the last to know of a problem, and/or critical customer feedbacks!

(I just wanted to respectfully let you know why I am sadly leaving your product line, and want to humbly thank you for so many years of great protection!)

Now the tough part:
With all due respect Friends, have you considered how comments like these below, make your product look like a (hackable and overall) security risk now

"Automatic monitoring of the device is activated allowing you to follow the device's position on the map;

When the device comes online, you have access to all the gathered information;

See who has your computer through the built-in camera, without them knowing;

View screen shots of various screens on your computer that can tell you which programs are being used;

Collects snapshots of the missing laptop’s screen"


I seriously wonder why the best anti-virus product in the world would not think about how your customers would respond to "designed-in security compromises"

I saw Norton, PC-Cillin, McAfee, and several others lose their appeal to hard core security customers, as they sadly followed the false marketing belief that "more is better"... and bloatware eventually crippled their products!

Had you made your newest "Anti-Theft" features (security compromises) a separated "stand alone" option from your Security Products, I could still whole heartily endorse your newest release, but now I am worried your marketing department may have trumped your design department:-(

Again Friends, I mean no ill will and I am truly the most sad to leave your product line; I just thought that one retired manager should help out his fellow managers whenever possible :-)

Thank You again for so many years of top notch products,

and I am truly hopeful that I am wrong about your potential customer exodus,

God Bless,

wadeduck58

PS: (Please Friends; If I am completely wrong about any of the above concerns, let me know as soon as possible, as I would truly wish to stay your customer:-)

[agoretsky]

Hello,

A response to your message, below, was posted here in this message, where you posted the same message as you did, below.

Regards,

Aryeh Goretsky

Quote:

Originally Posted by wadeduck58

Just sent this below letter to Eset Marketing....

Does anyone else have the same concerns with ESS 6 Beta?

---(copy of letter below)---

Hello Friends,

I recently received an offer to "Try out the free Smart Security 6 beta with Anti-Theft"...

I have to tell you that I have been a faithful customer for 7 years, and use your products exclusively on all four of our personal home computers, as well as recommend ESET to all my customers...

My business is probably only responsible for bringing 15-30 new customers a year your way, but even though I am a small repair outfit, I thought that others would share my worries, and stop endorsing you as well...

I have to be honest; your constant expansion to new areas to refresh your products could do more damage than help :-(

I am very worried about your trend to incorporate "Anti-Theft" features onto your newest releases!

In theory, additional features seem like new ways to reach more customer wants, but not if they conflict with your original products security!

I hoped to shed some light, if it is not too late, for your newest released Smart Security 6, because originally after reading the additions this year, I was simply going to find another product to use personally and endorse with my customers...

Being a retired microwave engineer/department manager, I know from experience that managers sometimes are the last to know of a problem, and/or critical customer feedbacks!

(I just wanted to respectfully let you know why I am sadly leaving your product line, and want to humbly thank you for so many years of great protection!)

Now the tough part:
With all due respect Friends, have you considered how comments like these below, make your product look like a (hackable and overall) security risk now

"Automatic monitoring of the device is activated allowing you to follow the device's position on the map;

When the device comes online, you have access to all the gathered information;

See who has your computer through the built-in camera, without them knowing;

View screen shots of various screens on your computer that can tell you which programs are being used;

Collects snapshots of the missing laptop’s screen"


I seriously wonder why the best anti-virus product in the world would not think about how your customers would respond to "designed-in security compromises"

I saw Norton, PC-Cillin, McAfee, and several others lose their appeal to hard core security customers, as they sadly followed the false marketing belief that "more is better"... and bloatware eventually crippled their products!

Had you made your newest "Anti-Theft" features (security compromises) a separated "stand alone" option from your Security Products, I could still whole heartily endorse your newest release, but now I am worried your marketing department may have trumped your design department:-(

Again Friends, I mean no ill will and I am truly the most sad to leave your product line; I just thought that one retired manager should help out his fellow managers whenever possible :-)

Thank You again for so many years of top notch products,

and I am truly hopeful that I am wrong about your potential customer exodus,

God Bless,

wadeduck58

PS: (Please Friends; If I am completely wrong about any of the above concerns, let me know as soon as possible, as I would truly wish to stay your customer:-)

[SweX]

Quote:

Originally Posted by Marcos

Exactly. The scanner won't know about possible (malicious) scripts on the target site / page unless its content is downloaded. Even if there was a way to scan links manually (e.g. via a special option in the main panel of the ESET's product), you would rarely get accurate results for the above mentioned reason, ie. because the scanner cannot check a web page content until it's downloaded.

Thanks for the follow up answer

[toxinon12345]

ESET Endpoint security GUI:

Group Control features in a single category:
+ [Firewall / HIPS] rule editor
+ [Web control]
+ [Device control]

Show protection module name in notifications/alerts.
e.g. Web access protection

[maaster]

sandbox

[XenonS]

Ability to shut down ESS when offline, or, more liberally: an option to chose to not run at system start.

I'm working with some Java programs that need maximum performance and RAM. So, when I'm offline I want to make sure that there are no speed-downs of any kind.

Game mode is a good idea: ESS should not interfer with any heavily 3D demanding games or other apps and speed down the performance by scanning or simply checking files. But is this really the same as shuting down ESS ? I don't think so, still there are 1x 75.000 KB + 1x 8000 KB in the RAM.

I used Kaspersky for some time and although there's also a game mode, here you can just right-click and select Exit which will unload it from memory.

I find ESS most useful in interactive mode in both the HIPS and firewall !

Congrats and regards,
XenonS

[XenonS]

Ability in Custom Scans to skip subfolders from the scan while scanning the content of the main folder.

For example, if I setup a scheduled scan for e.g. "Critical areas" it would be fine to scan (amongst other things) Windows\System32 without all the subfolders which would take a lot of time (and system resources).

XenonS

[Marcos]

Quote:

Originally Posted by XenonS

For example, if I setup a scheduled scan for e.g. "Critical areas" it would be fine to scan (amongst other things) Windows\System32 without all the subfolders which would take a lot of time (and system resources).

That would be a security hole. There's also malware that copies under windows\system32\malware_folder so omitting it from scanning would leave the malware on the system.

[bobbiaC]

Simple:

Lean and Mean.

I know it's generic, but this is where companies seem to want to get away from these days. ESET's #2 selling point is it's footprint. Minimal resource consumption is something I ALWAYS look for in an antivirus.

Side note: Kaspersky seems to be following this trend .. it's sad really. I work retail for Staples (where the *bleep* are you guys? huh? i want to sell your product!) and now am sadly back to selling Norton. Have had ESET for 2 years and loved every minute of it.

Also:

Site licensing for households. In my opinion, the family pack should be a site license. It makes more sense. Obviously there would be a fair use clause. This clause would not be in the traditional license.

[X0Refraction]

For Smart Security, give an option on the network connections viewer to limit download/upload speed per process.

This would be extremely useful for those on slow connections, I often wish I could stream a video in the background while playing an online game, but cannot as it normally doubles my ping. Yet when using a download manager that allows me to limit the speed I have no problem.

[LnSrocks]

Can we replace the wildcard "?" with another symbol that isn't used in urls?
eg. "`"

"*" wildcard works perfectly for urls, since it's not used. But "?" wildcard is used in some urls.

eg. abcdef.com/rtr.php?aid= "?" acting as a wildcard would filter urls such "phpaaid" or be replaced by any letter or symbol. I want to filter only the question mark.

[encus]

Lighter and more powerful

[SweX]

Quote:

Originally Posted by encus

Lighter and more powerful

It's already very light, and very powerful. But I guess you want it to be super duper powerful

[Sacles]

Hello,

I would have liked, it is a automatic cleaning for rules (firewall and HIPS) which relate to things that have been uninstalled.

Watch the rules one to one that is not very practical.

[encus]

Quote:

Originally Posted by SweX

It's already very light, and very powerful. But I guess you want it to be super duper powerful

No doubt!