ESET NOD32 Antivirus 5 and ESET Smart Security 5 Release Candidate available

Do you actually think that Eset Smart Security as it stands right now is a release candidate? Do you? Release candidate means only a few minor bugs are left to be ironed out. To me as we speak the HIPS is a collosal bug; you cannot have such an in-depth bug in a product and call it a release candidate.

Come on "bull in a china shop", are you kidding me? Recklessness? If this is intended as a joke, then look I'm dying laughing... ...

Thanks.

 

I understand what you're saying and personally I'm not a big fan of classical HIPS for that reason. I normally run Comodo Firewall 5 which is a completely different animal from Comodo Firewall 3. At least Comodo learnt from their experience. I am only trialling ESET out of curiosity to see what they have done with their HIPS.

Even when using Comodo Firewall 5 which - with its trusted vendors list and auto-sandboxing feature - rarely alerts these days, I usually disable Defense+ during software installations as I only install software that I trust from respected sources. I rely on Defense+ more for operational use than for software installations.

I'm still surprised by the large number of alerts you are getting. Unless you are creating some very specific rules, by default each type of alert should only be triggered once which means a maximum of 16 alerts per application. In my case, using Interactive mode to create the initial policy, 126 rules were generated for 39 applications, which is an average of just over 3 rules per application. Some of these were custom rules as I wanted to restrict the "Start new application" rules to specific targets.

I'm not questioning what you're saying; just trying to understand what happened in your case. I can well understand why you're not happy though.

 

Ah,not just the HIPS....the self defense is very poor to.
If i need classical HIPS i'll willl use Malware Defender.
Come On,all Antivirus company try to do more automatic security product here we have classical HIPS.
80% of Eset users got a Hips enabled with no action on automatic mode.
I've been very happy if the Hips is like Kaspersky.

 

One thing i do not like in the k product is the need for heuristic analysis before running a new app and not fully automated during execution

 

If Release Candidate were used correctly it should truly be a candidate for release. Too many software companies do not take this seriously. Microsoft never releases a release candidate as final. Firefox often does. Though the current build of ESS is not terrible, it is by no means a candidate for final release.

 

I noted ESET added the cloud as one of their detection methods in the ThreatSense engine

i expect that files detected by the cloud would be detected by the local Virus signature database later

is known that network traffic can influence the performance, especially in slow connections like 56 kbps, this can means a slowdown rather than an optimization

so i expect ESET would remove such limitations

 

It appears that I spoke too soon. Restricting the "Load driver" rule to a specific target file still doesn't work. I first reported this bug during beta testing and it's disappointing that the bug hasn't been fixed in the release candidate.

 

Could you please elaborate more on what you'd like to achieve? I gather you have an application that you want to restrict from loading certain driver(s). You created a blocking rule in which you added the desired app to "Source applications", added the driver(s) you don't want the application to load in the "Target files" tab, ticked the "Load driver" box and the application was still able to load that driver? If so, could you please list your OS as well as the information about installed modules?
I'd also be interested in knowing where you reported this before as I'm not aware of seeing this issue reported here at Wilders' nor have I heard from my colleagues about it.

 

Please minimise the number of Popups from the HIPS module

 

One more Test on Youtube,Hips in automatic mode allowed all and put a lot of Pop-ups.
Very bad for Eset RC.
http://www.youtube.com/watch?v=C7TrIBEpYgA

 

I didn't create a blocking rule. I created an allow rule in response to a "Load driver" alert but restricted the rule by ticking the "valid only for target" box in the lower part of the alert dialog box. This doesn't work because the alert continues to be displayed whenever the application tries to load the same driver. If, instead of ticking the "valid only for target" box, the allow rule is created as "valid for all", the rule works and no further "Load driver" alerts are produced for the application.

I reported this directly to ESET Support using the feedback option within the ESET beta itself to raise a ticket, which is why you haven't seen any discussion of this at Wilders. ESET Support confirmed the bug and said it would be referred to the developers. I have confirmed that the bug still exists within the release candidate. Hopefully, there is still time to fix it before the final release.

As to what I'm trying to achieve, I'm simply trying to help beta test the product prior to its release in order to help make it as bug free as possible. As this is the first time ESET have produced a HIPS, I was keen to take a look and test it thoroughly. The HIPS implementation in the release candidate is definitely more polished than in the beta, and another issue I reported to ESET Support has now been resolved.

If you want to test this yourself, it's easy enough to reproduce. Just open any application that loads a driver on the fly the first time it is run - Process Explorer for example - and create an "Allow load driver valid only for target" rule when the alert appears. Then reboot the PC and run the application again, and watch the same alert reappear. This time create an "Allow load driver valid for all" rule and no further alerts will be produced.

The test was carried out on a 32-bit Windows XP Pro SP3 system.

 

Hi ESET team,
Can we have an icon for circled exe file also. That file is very important part of ESET product and then also it does not have any icon.

Also the icons for SysInspector.exe and SysRescue.exe has written 2009 on them. Can we change it to 2011.

Thanks

 

I am happy everybody wrote the same as what I had problems with. Updates didn't work. But thought that would be fixed in an RC.

For the rest. IF you don't use HIPS ( automatic mode) you can't put off the pop ups for HIPS only. They keep coming. And you can only disable all the pop ups? So when testing for EICAR I can't see those popups anymore either??
Hope I explained it right .

Plus HIPS asks way too many questions.

This is not ready or an RC yet in my opinion. It will scare people off.
I am not a total noob but it even scares me lol.

But I am happy that there is HIPS in Eset. 100%. But not like this.
Create a whole whitelist. So there will only be questions for things that are not in windows. Or for applications unkown .

Love the interface though.

 

Create any rules HIPS(automatic mode). Can provide 100% protection for your PC.

 

DNS Poisoning Attack Notices out the Kazoo ...
Because of this, I have a bunch of people scared of using my internet since my IP is constantly being attacked

 

Normally this should be your router "attacking" you...

 

Normally but I see there is another thread about this very subject with others complaining... it's prerelease software so I am sure there are bugs to sort out.

 

Why is ESET srvice is connecting to these IP address as these are not update server. Are they ThreatScan Server?

 

maybe the new cloud database

please resolve the hostname of these IPs

 

I only started to see this MSG today!

I had seen port attacks before, every day which can actually be innocent!

My modem/router is in dumb modem mode right now so no routing but I am using OpenDNS!

 

I saw the DNS poisoning message 1 time but have not seen it since. I am at work so I am behind a domain controller that runs DNS here and I am the admin so I expect it is a false message.

 

another bug related to smart optimization, after removing an object from the exclusion list

 

How minimal do you like it to be? Like the Windows XP's built-in Firewall...that only showed up once in a blue moon? ...(Just kidding..)

Better else, if Eset learned something from DefenseWall HIPS, it didn't annoys users to the point of becoming hypertensive due to over stimulation of eyepops...

I hesitated installing v5 RC, so I just be content w/ V4... ...at least I can surf like a wind.

 

what i mean is, that there is no point in telling everything that the hips allowes. I am only want to know what it blocks

 

if you have created your own blocking rules, you can check the log all blocked operations and then you will see these in the HIPS log