ESET NOD32 v12

Discussion in 'other anti-virus software' started by FanJ, Oct 23, 2018.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Sorry, I didn't notice that the Eset alert was for reg. key deletion. I also believe I now have an idea of what is going on.

    It is a rare "once in a many blue moon" occurrence to see a HIPS alert when Smart mode is enabled. If you browse the Eset forum in regards to this, you will see a number of complaints about this; no HIPS alerting in Smart mode.

    Eset Internet/Smart Security in ver. 11 and it appears more so in ver. 12 has significantly enhanced its Network router monitoring protection. I assume you have your Network firewall profile set to Home/Office network? What I believe happened in this instance is Eset has created a default HIPS rule to monitor any network proxy changes and the monitoring of this activity is done via the router monitoring feature. Again, I am surprise that the HIPS could monitor the AutoConfigURL value setting in HKEY_CURRENT_USER\S-1-5-21 ....\Software\Microsoft\Windows\CurrentVersion\Internet Settings reg. key since in prior vers., it did not have this capability.

    What I do see here is a bug in Eset processing. The Eset alert should have been generated in the context of a router monitoring violation. I also question the HIPS alert itself in that it makes no sense that CCleaner was attempting to delete a non-existent AutoConfigURL value. What I believe CCleaner was doing was attempting to delete some previous value or subordinate key it created in HKEY_CURRENT_USER\S-1-5-21 ....\Software\Microsoft\Windows\CurrentVersion\Internet Settings. It appears Eset saw modification activity against HKEY_CURRENT_USER\S-1-5-21 ....\Software\Microsoft\Windows\CurrentVersion\Internet Settings registry key and just displayed the info related to its hidden default rule which again was for the AutoConfigURL value.

    If my above bug assumption is correct, the HIPS still has issues with the monitoring of reg. key value settings.
     
    Last edited: Oct 30, 2018
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    @Minimalist, open the Eset HIPS and select one or both of the rules Eset created. Either copy the targeted reg. key specified and post it, or take a screen shot of Registry entries screen. I am curious as to what key is specified there.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Here is a key: HKEY_USERS\S-1-5-21-...-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL

    Another strange thing: I don't have CClenaer rule present any more (I'm sure I created one), only uTorrent. Also no more notification from HIPS when I run CCleaner. Go figure.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Ok. It appears Eset did record the AutoConfigURL value. I wiil do some testing to see if Eset will alert when the value is added and then deleted.

    BTW - It appears CCleaner reg. deletion activities are app related. So if for example an app that was deleted is known to create AutoConfigURL, CCleaner appears to attempt to delete the value whether it exists or not: https://forum.piriform.com/topic/52080-why-ccleaner-doesnt-show-registry-keys/
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Well IDK. If I remember correctly I got alert when CCleaner (portable) was launched after update and not when it was cleaning stuff. But I might be wrong. Since I can't reproduce it any more, I will just let it go.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Testing completed and very interesting indeed.

    Appears my reply #51 assumption is wrong and I will edit it to reflect this. Eset HIPS does now have the ability to monitor reg. key values. I tried to create an AutoConfigURL value and I immediately received an Eset HIPS alert.

    Now maybe I can get a 340/340 on the old Comodo Leak Test ………………...
     
    Last edited: Oct 30, 2018
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    I see there is still an alert that can't be dismissed when you get to the last 2 weeks of the trial. I finally received my license but wasn't going to activate it until the trial ended. I don't mind the notification on the UI, but it would be nice if it didn't persist on the tray icon. If there was an actual issue with the program I would likely just assume it was the activation nag. Maybe a different color notification for activation/subscription issues instead of the yellow that implies other issues?
     
  8. Spartan

    Spartan Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    1,424
    Location:
    Dubai
    Cannot activate my NOD32 since 2 hours now, this issue is all over the ESET forums. This is so darn annoying. Even the ESET forum seems to be down, it loads one out of 10 times for me!

    So unprofessional from a so called security company!

    2018-11-09_203417.jpg
     
  9. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    @Ultra Male,

    I just looked at the Eset forum, others are having same problem.
     
  10. Spartan

    Spartan Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    1,424
    Location:
    Dubai
    I only have a license key and username sent to my email when I purchased the license, no password. Additionally, you can only enter the license key in the NOD32 app not the username as before

    2018-11-09_204638.jpg
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I've had this problem today also. I just tried few times and it eventually activated. I would say keep trying and you'll get through. I hope that they solve this problem.
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Maybe Microsoft broke the activations on all of the ESET PCs and they are all offline... :isay:
     
  13. bigwrench9

    bigwrench9 Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    148
    :oops::geek::p
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Even if that happened, you would still have 99.8% protection, the highest rate for vendors tested, against malware per the most recent AV-C Malware Protection test.:)
     
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I'm not sure what level of protection ESET offers if it's not activated?
     
  16. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    My assumption was @xxJackxx was referring to if Eset servers couldn't be connected to.

    To my best knowledge, Eset only uses the activation servers to validate a new installation via user id and password. As was stated previously, you can just use a license key at installation time and Eset should install just fine.
     
    Last edited: Nov 9, 2018
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes it installs but it doesn't activate (using license key) and consequently doesn't update. ATM, for EIS update from install to latest version is 110+ MB in size, so I wonder what level of protection can be achieved without update.
     
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Assumed is you be installing the latest ver. of Eset via manual download. Now the Eset stub installer might be different since I rarely use it; I always download the full version from the Eset servers.

    As far as an in-product feature version upgrade, I know of no reason why a connection would be required to the activation server since the existing product was previously activated.
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    No, it's a new install and latest version (full installer) is downloaded. Still at first update 110 MB is downloaded. I was surprised also...
     
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    You must have installed an older version initially? Don't believe that would happen if you installed the latest 12.0.27 version.

    Now Eset does do a module update at installation time even if 12.0.27 was installed to get the latest versions. Are you saying it failed activation then? That doesn't make any sense.
     
  21. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Hi itman and Minimalist,

    I just downloaded the full 64-bit installer of Eset Internet Security : eis_nt64.exe
    The MD5 checksum is exactly the same as the one I downloaded and installed on 23 Oct 2018 :
    044C0A368BD9500312AC00F56408AAD7

    Couldn't all those "extra" MB's just simply be all the modules updates?
    1- The installer is digital signed on 12 Oct.
    2- After the initial installation, as itman said, you get a lot of module updates.
    3- There have been lots of module updates since I installed it and updated. I could post a screenshot of a comparison of the list of modules then and now, but I hardly post these kind of things anymore; let me know what you want.
     
  22. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    No I installed latest version.

    Yes, size might be related to modules updated as you said so first update is in size similar to whole installer.

    Activation problem is not related to this. It's just a problem that ESET is having for last two days (also mentioned on their forum). I was just replaying to your post about ESET's test results when protecting without internet and wondered what would those results be if ESET couldn't activate and perform initial update.
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    @FanJ
    Thnx for offered help. Large first update is probably related to modules being updated as you said. I don't need a comparison of modules versions.
     
  24. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    I was. I was commenting that since Microsoft was busy trying to invalidate Windows 10 Pro licenses maybe that's what was running on the ESET servers. Though not likely. Sometimes my jokes are for me. :argh:
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    One would have to verify this for themselves but my opinion is it would have no effect. What the Eset status in this situation is you are in essence running a trial version of Eset and module an signature updating would occur the same way as if you had activated originally.

    Now if there was no internet connection, of course Eset would not have the latest module updates and signatures. But this is no different than any other AV product in this situation; they all will auto update themselves after an initial install. Well, except for Next Gens since they don't use any signatures. I would assume no one would ever install an AV in this situation unless they were a user without any security knowledge.
     
    Last edited: Nov 9, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.