ESET NOD32 Antivirus 5 and ESET Smart Security 5 beta available

[Thankful]

Quote:

Originally Posted by toxinon12345

i cant see that

It's there.

Quote:

Originally Posted by Thankful

It would be extremely useful for the HIPS to notify if a new executable currently not on computer is attempting to run or copy to disk.

Not really sure, a lot of ESET users don't want a chatty HIPS, in my eyes the Automatic mode with exceptions should be as silent as possible.

[Thankful]

Quote:

Originally Posted by Matthijs5nl

Not really sure, a lot of ESET users don't want a chatty HIPS, in my eyes the Automatic mode with exceptions should be as silent as possible.

Don't you think if a new piece of malware, currently not detected by Eset, is trying to run on your computer, you would want to know? Any decent HIPS has this property.

Quote:

Originally Posted by Thankful

Don't you think if a new piece of malware, currently not detected by Eset, is trying to run on your computer, you would want to know? Any decent HIPS has this property.

Well, now the ThreatSense.Net is also more involved in collecting reputation data later you could use the reputation data as whitelist and then enable more advanced HIPS options by default.

[Thankful]

Quote:

Originally Posted by Matthijs5nl

Well, now the ThreatSense.Net is also more involved in collecting reputation data later you could use the reputation data as whitelist and then enable more advanced HIPS options by default.

If I can't have an anti-executable, I'd rather have a behavior blocker. I don't see the current HIPS providing additional protection.

Quote:

Originally Posted by Thankful

If I can't have an anti-executable, I'd rather have a behavior blocker. I don't see the current HIPS providing additional protection.

I think it is too early to conclude that, let's see if Marcos or an other ESET employee will give some more detail about how the HIPS in automatice mode actually works in the real world.

[Trooper]

Is the default installation and settings good enough for pretty strong protection?

Also, is there a way to setup scheduled scans and updates?

Thanks in advance.

[Brummelchen]

this seems the feedback thread for v5. just saw some screenies of v5,
please revert to a more sophisticated gui - not that <blingbling> one.

[harsha_mic]

Quote:

Originally Posted by Matthijs5nl

I think it is too early to conclude that, let's see if Marcos or an other ESET employee will give some more detail about how the HIPS in automatice mode actually works in the real world.

Or perhaps some one could run undetected malware in VMs and see how it behaves?

[SweX]

After install over existing version, I made restart (as recommended) and when the desktop showed up I got a notification saying something needs my attention. I clicked the pop-up and It say that the Web.Access protection is "Non-functional" and the settings tab in the setup-tree is greyd-out /non-clickable.

This is on XP Home SP3 Fully Updated.

Should I try a clean install to see if the problem goes away?

Also when I changed the Firewall from Policy-mode to Interactive, the GUI freeze when I clicked the OK/Apply button. So I did a restart and after the restart the GUI said that the Firewall was now set to Interactive.

[SweX]

Quote:

Originally Posted by Brummelchen

this seems the feedback thread for v5. just saw some screenies of v5,
please revert to a more sophisticated gui - not that <blingbling> one.

Hmm where do you see that bling-bling? Considering it is very similar to the Ver 4.2 GUI IMO

[HealingStargate]

Great so far!
Installed over v4 with no problems.
I had a couple glitches with 'spam module' and 'hips' but did a 'repair re-install' and it is now all working.
Thanks ESET, seems to be light on my system as the v4.

KOR-

Quote:

Originally Posted by Trooper

Is the default installation and settings good enough for pretty strong protection?

Also, is there a way to setup scheduled scans and updates?

Thanks in advance.

The default options offer good protection, for most users there is no reason to change settings in the advanced setup tree. However for more advanced users who do wan't to finetune the performance of ESET (certainly now with the HIPS) there are really granular controls.

You don't have to schedule updates, by default there are already two scheduled tasks for updating:
1. on dial up connection to the Internet;
2. after that, every 60 minutes it will check for updates.

For scheduling scans: Tools -> Scheduler -> Add -> Choose the On-demand computer scan category and follow the rest of the instructions.

[denis]

i have the same problem as Swex, but on a 64 windows 7.

[harsha_mic]

Quote:

Originally Posted by Matthijs5nl

The default options offer good protection, for most users there is no reason to change settings in the advanced setup tree. However for more advanced users who do wan't to finetune the performance of ESET (certainly now with the HIPS) there are really granular controls.

You don't have to schedule updates, by default there are already two scheduled tasks for updating:
1. on dial up connection to the Internet;
2. after that, every 60 minutes it will check for updates.

For scheduling scans: Tools -> Scheduler -> Add -> Choose the On-demand computer scan category and follow the rest of the instructions.

could you please post the screenies for hips controls?

[3x0gR13N]

Impressions/Questions after a quick look (mainly HIPS):
- does HIPS control rundll32.exe based on the library its running or the rundll32.exe itself? (in other words, would HIPS detect conficker vmx with HIPS (without sigs) or allow it because rundll32.exe is a trusted app)

- does HIPS control scripts/bat's based on the .bat/.vbs etc. file information or host application (cmd.exe, wscript.exe) themselves; if not, will cmd.exe be restricted intentionally despite it being a safe app?

So far, I don't see modules being treated independently from their host application/interpreter that is running them. (instead of rundll32.exe I want to see the .dll that is "behind its actions")


Complaints:
HIPS UI is a mess. For starters, please show lists based on specific applications and not rules for said apps. I.E I want one entry for CCleaner, not as many as there are rules for CCleaner.


There is no listing (that I can find) on already existing registry/filesystem ruleset. How do I know if I add a rule that an already existing one that is the same as my added rule is present, or when I want a certain predefined rule removed?

Adding registry rules is clumsy. Why not have a builtin registry viewer from which you can add rules based on regkeys instead of having to manually open regedit (navigate to key) copy the path from regedit and paste it in HIPS rule.

And I certainly hope the whitelist is going to work properly in the final as this is pretty annoying to run in Interactive mode.

Although performing a clean reinstall of the beta will probably solve the problems SweX and denis are experiencing, I think it is the best to report those problems to ESET so they can try to solve them for the next beta release.

[SweX]

Quote:

Originally Posted by Thankful

If I can't have an anti-executable, I'd rather have a behavior blocker.

If this version would have included a classic HIPS then I would have stopped using ESET.

Why don't you just install a anti-executable from another vendor along with NOD32 instead? If you really want to see the pop-ups.

As for the behavior-blocker, this version does have a behavior-analyzer.
Wich is checking running processes AFAIK

[Spruce]

This looks nice, is it stable enough to use on the real machine?

[SweX]

Quote:

Originally Posted by Matthijs5nl

Although performing a clean reinstall of the beta will probably solve the problems SweX and denis are experiencing, I think it is the best to report those problems to ESET so they can try to solve them for the next beta release.

I will do an uninstall right now, and then a fresh new install and report back if the errors are gone.

BTW did you install on-top, or clean new install?

@SweX
I always do clean installs for major updates for all software (except Google Chrome).

@Spruce
I am using it on my main pc, didn't encounter any issues yet.

[trjam]

Well I am disappointed. Based on just the infrequency that Eset releases new software you might have thought they would have brought more then this.

I told some folks that I knew they would tried to rebadge Threatsense into their Cloud Politically Correct module. And they did. The HIPS is nice but I just dont see much new here. New paint job same old car. I hope I am wong but personally Avast Free offers more then this paid product. Oh well, just my 2 cents and my last license with them.

[Trooper]

Quote:

Originally Posted by Matthijs5nl

The default options offer good protection, for most users there is no reason to change settings in the advanced setup tree. However for more advanced users who do wan't to finetune the performance of ESET (certainly now with the HIPS) there are really granular controls.

You don't have to schedule updates, by default there are already two scheduled tasks for updating:
1. on dial up connection to the Internet;
2. after that, every 60 minutes it will check for updates.

For scheduling scans: Tools -> Scheduler -> Add -> Choose the On-demand computer scan category and follow the rest of the instructions.

Thanks so much. Worked like a charm.

[dmaasland]

Quote:

Originally Posted by trjam

Well I am disappointed. Based on just the infrequency that Eset releases new software you might have thought they would have brought more then this.

I told some folks that I knew they would tried to rebadge Threatsense into their Cloud Politically Correct module. And they did. The HIPS is nice but I just dont see much new here. New paint job same old car. I hope I am wong but personally Avast Free offers more then this paid product. Oh well, just my 2 cents and my last license with them.

You do realize that the cloud implementation is more than threatsense.net right? It even speeds up the scanning speed of the software, and improves overal detection.

[Thankful]

Quote:

Originally Posted by SweX

If this version would have included a classic HIPS then I would have stopped using ESET.

Why don't you just install a anti-executable from another vendor along with NOD32 instead? If you really want to see the pop-ups.

As for the behavior-blocker, this version does have a behavior-analyzer.
Wich is checking running processes AFAIK

I don't want to see the pop-ups. That's the point.