ESET NOD32 v12

Discussion in 'other anti-virus software' started by FanJ, Oct 23, 2018.

  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thanks. Just got it via the internal updater.
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Last edited: Dec 5, 2018
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Thanks Kent!

    Got it. Reboot required as usual.
     
  4. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Update running fine on two 7x64 systems.
     
  5. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,662
    Location:
    Throughout the USA and Canada
    V11 > v12 home edition update was smoothest major version update we've ever seen in my opinion. We always suggest customers don't be among the first to update, but we run tests on a bunch of machines - we never had one that caused us a problem. Because of that, we began advising customers a couple of weeks in that they should accept the upgrade.

    New installs we never had a single problem with either so from day 1 those were just run v12 - it's going to be awesome.
     
  6. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    I have a question about website certificates but I am not sure where to post it; and ... eh ... it is probably a noob question.

    Sometimes I want (and need when discussing with website owner) to have a look at a certificate; using IE on Win 7.
    But I have the SSL/TLS protocol filtering option enabled in Eset. And then you often see only the Eset certificate.
    In those specific circumstances I want to see the actual certificate (like for example the begin/end dates etc. etc.)
    I can temporarily disable the SSL/TLS protocol filtering in Eset, just for a few minutes to see the details.
    But are there other, quick and simple, ways to see those details without having to disable that filtering for a moment?

    Thanks in advance.
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    All that is changed in the certificate associated a given web site is the issuer data which now shows Eset. All the rest of the data shown in the certificate details are applicable to the certificate issued to and used by the web site. See the below screen shot which shows the certificate for wilderssecuriy.com.

    Wilders_Cert.png
     
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Thank you very much itman !! Much appreciated.
    I should have made a complete comparison of the certificates with and without the Eset filtering; I should have thought about that!

    I'm not so sure about "All that is changed in the certificate associated a given web site is the issuer data which now shows Eset. All the rest of the data shown in the certificate details are applicable to the certificate issued to and used by the web site. See the below screen shot which shows the certificate for wilderssecuriy.com."
    Let's take the certificate of the Wilders board. Two screenshots follow, first one with the Eset filtering, second one without Eset filtering.

    W_2018-12-22_01_with-ESET-filter.png

    W_2018-12-22_02_without-ESET-filter.png

    We see that also the (in Dutch) serienummer changes; in English I suppose that is called serialnumber. But I guess that is to be expected: in the first instance the Eset filtering was used (and thus the Eset certificate), in the second instance not (so then the one from Let's Encrypt which is used here for the site).

    Aside of that all, I still have to temporarily disable the Eset filtering to see the actual and original issuer of a certificate; or I had to try other means/ways/tools...

    But no mistake, I do appreciate you reply, itman !!
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Just use one of the web based certificate chain validation tools. Here's one:

    Cert_Chain.png

    I assume you are aware of Eset performs web site certificate validations on any web site which it is performing SSL protocol scanning? I have also repeatedly asked that Eset add a root cert. pinning option to SSl protocol scanning to no avail. Something along the lines of the old EMET feature which BTW, only worked for IE11.
     
    Last edited: Dec 22, 2018
  10. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Could you please give the exact links for that (those) website(s) where that kind of info can be get. My eyes are too bad to read the link; sorry!
    I guess that I need one or more of those sites. And I hope that those site(s) can be trusted.

    If I understand you right (about which I'm not 100 % sure), the answer is yes. I know that Eset performs web site certificate validations on any web site on which it is performing SSL protocol scanning.
    I'm not sure whether I understand what "Eset add a root cert. pinning option to SSl protocol scanning" means.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    https://www.sslshopper.com/ssl-checker.html

    EMET had an option whereby you could add the thumbprint hash value for the root certificate associated with a given web site. EMET would then verify when you connected to the web site with your browser that the site's root certificate thumbprint matched that stored in EMET for the site. This is really the only way an external man-in-the middle attack can be detected. My suggestion to Eset was to modify existing SSL protocol scanning to allow the user to do the same. That is, user would add the root cert. thumbprint in a new field associated with the existing entry for www.bankofamerica.com for example. Eset would then use this entered thumbprint value to validate the thumbprint of the root CA associated with the web site. This is relatively easy to do since the root certificate chaining data is already stored by the browser.
     
  12. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Thank you, itman !! :thumb:
    I needed something like that.

    Thanks.
     
    Last edited: Dec 24, 2018
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Another point that should be explained in regards to certificate validation processing in regards to Eset.

    Since Eset performs SSL protocol scanning, it uses its own root CA certificate to do so. Because of this processing, Eset performs a HTTPS web site certificate chain validation using independent lookup via its own servers in fashion similar to that done at the above posted link to the sslshopper web site. However as I assume most have noticed, Eset will for the most part not perform SSL protocol scanning on web sites using an EV issued certificate or on web sites stored in its internal trusted web site list. Hence the need for those super security conscience to ensure the web site does indeed chain to its original issuing root CA store certificate via some type of pinning software that stores the thumbprint of said certificate or via independent lookup; e.g. sslshopper, for example.
     
  14. Spartan

    Spartan Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    1,424
    Location:
    Dubai
    Strange bro, I am now using Avast Pro Antivirus but did a custom install and didn't select the Web Shield or any other bloat, just the file scanner and behavior shield as I want nothing messing with my internet connection or interfering with my VPN and this is by far the lightest setup I've used and am loving it that you can do a custom install. With ESET, you can't do a custom install and if you disable the HTTPS Scanner, the ESET Icon turns amber and I don't like it because I feel something is not right if you know what I mean.
     
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    @Ultra Male
    In ESET's settings you can exclude web facing apps from protocol filtering. That way it doesn't interfere with your network and at the same time systray icon stays green. I used this exclusion setting for exact same reason as you described.
     
  16. Spartan

    Spartan Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    1,424
    Location:
    Dubai
    Can you please tell me how to do that step by step as I don't have NOD32 installed now that I have Avast
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Set "Scan action" to Ignore for apps you don't want filtered. BTW - not recommended since it decreases Eset's protection capability:

    Eset_SSL.png
     
  18. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    @Ultra Male
    replying to your post about AV performance too:
    with similar settings eset behaves a little bit better than avast imo (avast is faster than kaspersky in my exp, if kasperky has rootkit scan enabled), there's some stuff like i/o (bad for avast). I don't believe those performance tests take everything into account that's why I speak out of exp: eset, WD or maybe panda (but panda likes to spam many processes at same time), this is what I would install on my bro or best friend PC. Also this setup is mostly hassle free with very easy installation and setup (kaspersky is prone to give errors, avast too like ,,somoeone has tried to access avast settings" if u setup password: that plagued me for 2 months), WD no need to install so u don't loose time, without bsod (sometimes but not too often avast is the cause as reported by ppl, I personally have had 2 bsod by avast) or occasional comp. issues like between avast and Shadow Defender (best not have high io in shadow mode). That said I am huge fan of avast and they are fixing it, but its not super light and smooth in every situation. Eset definitely is, WD is also wonderful so far but that spying.
    Another thing, no antivir is goind to protect u, so better have it very light, with virtualization, quality router, blockers and proper policy as main weapons. Eset has advanced firewall and network protection with many options added on top (avast/kaspersky is better at malware on the other hand): compared to others these options look impressive and the fact they let u tweak them. Also great anti-PUP by Eset. Imo and all that
     
    Last edited: Feb 15, 2019
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    That option AFAIK disables only scanning of SSL/TLS traffic. Under protocol filtering there is an option to exclude applications from scanning of all network traffic, not just encrypted.
    I don't have ESET installed ATM, so I can't post a screenshot.
     
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I assumed that is what the OP wanted to do. To exclude a given app from all protocol filtering, see the below screenshot. Again, this is not recommended:

    Eset_Protocol.png
     
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes, that's the settings I was talking about.
     
  22. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Should you come across malware that is not blocked by any of ESET's protection modules, please contact me, ideally in our official forum at https://forum.eset.com. I'm having hard times to find malware not detected by ESET, especially among samples from VirusTotal. I more often come across samples detected by ESET and missed by other AVs.
     
  23. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    @Marcos
    I rarely see\have persistent malware since its all virtualized, eset might stop malware up front but u will never see a good one doing its thing or very difficult

    for instance WD stopped a vbs script but still my router got attacked from my own ip with bash and shell code , if not for sniffin' I would not know

    I saw some test where eset got trashed. But u know it's mostly YT kids doing videos. I feel safest with eset thanks to networking component. At any rate any av gets trashed by malware, avs as you know won't stop everything or just ignore some type of threats so eset would get eventually beaten hard, I belive so, attacking is easier than defending
     
    Last edited: Feb 19, 2019
  24. gitrman

    gitrman Registered Member

    Joined:
    Jun 1, 2014
    Posts:
    4
    I can't get it to install at all. Just get error message. Win 10 latest update.
     
  25. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.