Sick and tired of ESET letting things through

Discussion in 'ESET NOD32 Antivirus' started by jimwillsher, Apr 15, 2010.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,704
    Location:
    scotland
    I would have to agree that no single AV can catch all viruses and will always no doubt let someone down by not detecting some nasties out there.

    This is the very reason I use a layered approach and I dont know why more people dont use a very simple programme like shadow defender.

    Shadow Defender can run your system in a virtual environment called 'Shadow Mode'. 'Shadow Mode' redirects each system change to a virtual environment with no change to your real environment. If you experience malicious activity and/or unwanted changes, perform a reboot to restore your system back to its original state, as if nothing happened.

    You cant get anything easier than that, no need to worry about your av missing anything or any changes to your critical systems, just a simple reboot and your good to go again, I for one, would not be without it now.
     
    Last edited: Apr 15, 2010
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    You should be able to reduce the amount of stuff in your sig then.:D
     
  3. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    It's kind of a mantra here at Wilder's that a layered approach is the way to go. So with all do respect to Eset and all other Av's, maybe MBAM has a corporate licence. There have been posts about Eset and MBAM interfering with each other but the issue was resolvable if I recall correctly.
     
    Last edited: Apr 15, 2010
  4. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,868
    Stupid Admin <!big_exclamation!>

    why on earth can run user attachments (exe com bat) and how can that attack system?

    user worth - nuts
    admins face - priceless
    :D
     
  5. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    Is that all you have to say? I can't believe it well I think you have forgotten to state what EST is doing to solve the rogue problem? I'm still giving you the benefit of the doubt, I'll wait for your answer.

    Thanks.
     
  6. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    Probably Eset is doing what the other vendors are doing. Trying to keep up. I read somewhere that the variants can change as much as hourly. I know of someone using Avira that just got whacked by the same thing.
     
  7. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    It is a given that a single AV can't protect against all the malware out there. So apart from luck what can make the difference between having to remove malware from a machine and not having to? Well it the user (another given). Arm the user, even with basic education, security on the net, then educate further, a patched machine, a current av, scripting allowed only for Trusted site and he/she will wonder what is all the fuss about malware. It is not enough to rely only on AV to protect the user against malware. Users are that good
     
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Also all this fake AV's and all it is a Billion Dollar a year Business so they change the code so it does not get detected and the next person buys it so who's fault is it? The Real AV's or the Boneheads that buy the fake stuff? :p

    So who is winning the war the AV venders or the malware writers o_O

    TH
     
    Last edited: Apr 15, 2010
  9. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,704
    Location:
    scotland

    I need to get around to some tidying out, but will stick with things for now.
     
    Last edited: Apr 15, 2010
  10. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    Software Restriction Policies can be pushed out through AD or done locally on the machine.. Allow only certain executables needed to run for business.. Nothing detects everything.
     
  11. SamTHorn

    SamTHorn Registered Member

    Joined:
    Apr 14, 2010
    Posts:
    3
    I've used all the different virus software out there and Eset is the least problematic I've encountered.

    I've added it to my home network about a year and a half ago with no troubles. I have been recommending it to all my clients for over a year now.
     
  12. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    Whose fault is it? I vote for the bone heads. When you click on the fake alerts , emails or whatever your basically granting the malware permission to install on your system. I borrowed this from siljaline's sig. http://technet.microsoft.com/en-us/library/cc722487.aspx
     
    Last edited: Apr 15, 2010
  13. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    You Hammered that one on the boneheads :argh: But that doesn't mean ESET can't improve on detections of Fake Alerts as we all know they are out of control!

    TH
     

    Attached Files:

    Last edited: Apr 15, 2010
  14. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    Agreed and Eset can improve their scan time too. In the mean time jimwillsher should print off the info in that link and distribute it to all employees.
     
  15. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I see TONS of that mail being block by my Untangle installs that I have at clients. The SMTP scanner, base version, only uses ClamAV...known as one of the lesser AV products out there. Even ours at the office stops about 20-30 of those UPS mails per day.
     
  16. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    I think this thread says the all important message.

    A educated user is worth a lot more than any A/V.
     
  17. SuBDivisions

    SuBDivisions Registered Member

    Joined:
    Sep 7, 2006
    Posts:
    17
    Its funny...

    XP AntiSpyware and the other BS ones that you dont even NEED to "Install" to get...

    AKA, I have a user.. she was reading CNN.. The session gets HIJACKED to a site that says "HEY YOU HAVE A VIRUS" blah blah.. She hits Clean, BOOM it installs it, No dialogs etc because of IE Vunerabilities...

    All these programs put the .exe, a single executable, in the COMMON FILES directory.. EVERY TIME..

    You telling me that cant be stopped??

    MELARCHY...

    Also, ask yourself if Microsoft was so friggin brilliant, why they didnt make the core OS directories all Read-Only so they could not be overwritten, deleted, changed, etc....

    2 words..

    BAD
    DESIGN.

    And im a MS Fanboy.

    Easy way to avoid that BS antivirus, put a program in your network login or startup to check that ROOT of the COMMON FILES Dir for *.exe, and delete it..

    There should be NO Executable files in that directory... if there are , shoot the fkn programmer..

    Look i just 1 upped ESET and their antivirus..

    Also btw, If NOD32 is so good, (to which i have used it since v.3.0) then why does it not detect the change in the registry when that BS AntiVirus takes away the .EXE file association, to which you have to run a .reg file to restore it?

    *SIGH*
     
  18. SuBDivisions

    SuBDivisions Registered Member

    Joined:
    Sep 7, 2006
    Posts:
    17
    Oh and btw.. this happened to 1 machine on my network, with NO .exe attachments allowed in the email, a $2500 Symantec Mail Security Device, and a $5000 Watchguard Firewall...

    Network Security can stop hackers, but it can not stop a small 200K Virus.

    Sad.
     
  19. codylucas16

    codylucas16 Registered Member

    Joined:
    Nov 17, 2009
    Posts:
    267
    Ive seen rogues sneak by nod32 even when a user did not download or install anything. I think ESET should consider a behaviour guard.
     
  20. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    You must not forget this thread is primarily about things getting past Eset more often than in the past. Moreover, me and the OP have both, and seemingly serveral times, noticed other scanners had already picked up on the threat whereas Eset took considerably longer to do so. That a user should be educated and that policies should be set in place to tighten up security, is a path that is derailing this thread. Let's just say we all agree on that;)

    So, for some reason Eset is not able to keep up nowadays or [insert other cause here]. I've been thinking their signatures are not generic enough but that is pure speculation on my part, nothing else.


    So in summary, their detection rate for new threats seems to have suffered.
    The question that remains is why.
     
  21. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    What scanners, where and what threats? User forums are full of users warning about threats being missed and how others detect it. But if everybody, as most do, submit the undetected samples then it will be a safer computing for all
     
  22. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    Sorry Cudni, but I didn't keep detailed records of which malware it was*. When I find a new sample I'll be sure to post details about it and send it to Marcos. I'm not sure what good it will do in this discussion though.The gest of it is that Eset (on my system!) never got passed in the past and that it started to happen more and more. There's no reason for me for not to be telling the truth.

    Like the OP I feel Eset is missing more samples than in the past. It's my opninion and I feel it to be true. This opinion is based on the malware I caught being detected by other scanners. Moreover, I have personally experienced Eset being slow adding the samples I sent them. In some cases it took weeks. Was the sample not all too dangerous? Not urgent? I don't know. What I do know is I sent it to different vendors and Eset was consistently last to add it. Kaspersky was very very quick (and so was PrevX). So I'm not all about crying wolf about a missed sample:)

    As to what scanners: Avira Premium 8 and 9, Prevx and to a lesser extend Kasperky and Gdata.



    * I still have one in my outbox though but that one is pretty old and is of course detected by most major vendors.
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    We will appreciate if you send any undetected suspicious files to ESET per the instructions here so that they can be analyzed and detection added, if appropriate.
     
  24. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    I'll be keeping my eyes open to see whether adding speed has changed. But since I didn't intentionally go dumbo user on my pc for quite some time it was clean.
    I'll get something sooner or later though, not all my 'clients' are computer savvy. Although I'll be pleasantly surprised if I find nothing :)
     
  25. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    I've noticed that the last several updates have had a lot of fake alert, fake Antispyware, fake Antivirus signatures added from 5026 to 5035. While Eset seems to be doing fine at Av-Comparatives, they aren't doing so well elsewhere, that I've seen, and I don't claim to have seen them all, and I never thought I'd be saying that. However I'll probably stay for another renewal at least as some competitors new versions are having problems.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.