ESET NOD32 Antivirus 5 and ESET Smart Security 5 Release Candidate available

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by Marcos, Jun 14, 2011.

Thread Status:
Not open for further replies.
  1. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    Do you actually think that Eset Smart Security as it stands right now is a release candidate? Do you? Release candidate means only a few minor bugs are left to be ironed out. To me as we speak the HIPS is a collosal bug; you cannot have such an in-depth bug in a product and call it a release candidate.

    Come on "bull in a china shop", are you kidding me? Recklessness? If this is intended as a joke, then look I'm dying laughing...:D :D :D ...

    Thanks.
     
    Last edited: Jun 19, 2011
  2. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    I understand what you're saying and personally I'm not a big fan of classical HIPS for that reason. I normally run Comodo Firewall 5 which is a completely different animal from Comodo Firewall 3. At least Comodo learnt from their experience. I am only trialling ESET out of curiosity to see what they have done with their HIPS.

    Even when using Comodo Firewall 5 which - with its trusted vendors list and auto-sandboxing feature - rarely alerts these days, I usually disable Defense+ during software installations as I only install software that I trust from respected sources. I rely on Defense+ more for operational use than for software installations.

    I'm still surprised by the large number of alerts you are getting. Unless you are creating some very specific rules, by default each type of alert should only be triggered once which means a maximum of 16 alerts per application. In my case, using Interactive mode to create the initial policy, 126 rules were generated for 39 applications, which is an average of just over 3 rules per application. Some of these were custom rules as I wanted to restrict the "Start new application" rules to specific targets.

    I'm not questioning what you're saying; just trying to understand what happened in your case. I can well understand why you're not happy though. :)
     
  3. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Ah,not just the HIPS....the self defense is very poor to.
    If i need classical HIPS i'll willl use Malware Defender.
    Come On,all Antivirus company try to do more automatic security product here we have classical HIPS.
    80% of Eset users got a Hips enabled with no action on automatic mode.
    I've been very happy if the Hips is like Kaspersky.
     
    Last edited: Jun 19, 2011
  4. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    One thing i do not like in the k product is the need for heuristic analysis before running a new app and not fully automated during execution
     
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,770
    Location:
    USA
    If Release Candidate were used correctly it should truly be a candidate for release. Too many software companies do not take this seriously. Microsoft never releases a release candidate as final. Firefox often does. Though the current build of ESS is not terrible, it is by no means a candidate for final release.
     
  6. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    I noted ESET added the cloud as one of their detection methods in the ThreatSense engine

    i expect that files detected by the cloud would be detected by the local Virus signature database later

    is known that network traffic can influence the performance, especially in slow connections like 56 kbps, this can means a slowdown rather than an optimization

    so i expect ESET would remove such limitations
     
    Last edited: Jun 20, 2011
  7. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    It appears that I spoke too soon. Restricting the "Load driver" rule to a specific target file still doesn't work. I first reported this bug during beta testing and it's disappointing that the bug hasn't been fixed in the release candidate. :(
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    Could you please elaborate more on what you'd like to achieve? I gather you have an application that you want to restrict from loading certain driver(s). You created a blocking rule in which you added the desired app to "Source applications", added the driver(s) you don't want the application to load in the "Target files" tab, ticked the "Load driver" box and the application was still able to load that driver? If so, could you please list your OS as well as the information about installed modules?
    I'd also be interested in knowing where you reported this before as I'm not aware of seeing this issue reported here at Wilders' nor have I heard from my colleagues about it.
     
  9. rekun

    rekun Registered Member

    Joined:
    Jun 11, 2007
    Posts:
    89
    Please minimise the number of Popups from the HIPS module
     
  10. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
  11. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    I didn't create a blocking rule. I created an allow rule in response to a "Load driver" alert but restricted the rule by ticking the "valid only for target" box in the lower part of the alert dialog box. This doesn't work because the alert continues to be displayed whenever the application tries to load the same driver. If, instead of ticking the "valid only for target" box, the allow rule is created as "valid for all", the rule works and no further "Load driver" alerts are produced for the application.

    I reported this directly to ESET Support using the feedback option within the ESET beta itself to raise a ticket, which is why you haven't seen any discussion of this at Wilders. ESET Support confirmed the bug and said it would be referred to the developers. I have confirmed that the bug still exists within the release candidate. Hopefully, there is still time to fix it before the final release.

    As to what I'm trying to achieve, I'm simply trying to help beta test the product prior to its release in order to help make it as bug free as possible. As this is the first time ESET have produced a HIPS, I was keen to take a look and test it thoroughly. The HIPS implementation in the release candidate is definitely more polished than in the beta, and another issue I reported to ESET Support has now been resolved.

    If you want to test this yourself, it's easy enough to reproduce. Just open any application that loads a driver on the fly the first time it is run - Process Explorer for example - and create an "Allow load driver valid only for target" rule when the alert appears. Then reboot the PC and run the application again, and watch the same alert reappear. This time create an "Allow load driver valid for all" rule and no further alerts will be produced.

    The test was carried out on a 32-bit Windows XP Pro SP3 system.
     
  12. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    Hi ESET team,
    Can we have an icon for circled exe file also. That file is very important part of ESET product and then also it does not have any icon.

    Also the icons for SysInspector.exe and SysRescue.exe has written 2009 on them. Can we change it to 2011.

    Thanks
     

    Attached Files:

  13. eezdva

    eezdva Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    179
    I am happy everybody wrote the same as what I had problems with. Updates didn't work. But thought that would be fixed in an RC.

    For the rest. IF you don't use HIPS ( automatic mode) you can't put off the pop ups for HIPS only. They keep coming. And you can only disable all the pop ups? So when testing for EICAR I can't see those popups anymore either??
    Hope I explained it right .

    Plus HIPS asks way too many questions.

    This is not ready or an RC yet in my opinion. It will scare people off.
    I am not a total noob but it even scares me lol.

    But I am happy that there is HIPS in Eset. 100%. But not like this.
    Create a whole whitelist. So there will only be questions for things that are not in windows. Or for applications unkown .

    Love the interface though.
     
  14. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    Create any rules HIPS(automatic mode). Can provide 100% protection for your PC.
    ;)
     
    Last edited: Jun 21, 2011
  15. mbmalone

    mbmalone Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    13
    DNS Poisoning Attack Notices out the Kazoo ...
    Because of this, I have a bunch of people scared of using my internet since my IP is constantly being attacked o_O
     
  16. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Normally this should be your router "attacking" you... ;)
     
  17. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,770
    Location:
    USA
    Normally but I see there is another thread about this very subject with others complaining... it's prerelease software so I am sure there are bugs to sort out.
     
  18. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    Why is ESET srvice is connecting to these IP address as these are not update server. Are they ThreatScan Server?
     

    Attached Files:

  19. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    maybe the new cloud database

    please resolve the hostname of these IPs
     
  20. Temp Member

    Temp Member Registered Member

    Joined:
    Mar 28, 2009
    Posts:
    263
    Location:
    Glasgow

    I only started to see this MSG today!

    I had seen port attacks before, every day which can actually be innocent!

    My modem/router is in dumb modem mode right now so no routing but I am using OpenDNS!
     
  21. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,770
    Location:
    USA
    I saw the DNS poisoning message 1 time but have not seen it since. I am at work so I am behind a domain controller that runs DNS here and I am the admin so I expect it is a false message. o_O
     
  22. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    another bug related to smart optimization, after removing an object from the exclusion list
     
  23. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,678
    Location:
    Philippines, the Political Dynasty Capital of the
    How minimal do you like it to be? Like the Windows XP's built-in Firewall...that only showed up once in a blue moon? :D ...(Just kidding..)

    Better else, if Eset learned something from DefenseWall HIPS, it didn't annoys users to the point of becoming hypertensive due to over stimulation of eyepops...o_O

    I hesitated installing v5 RC, so I just be content w/ V4...;) ...at least I can surf like a wind.
     
  24. rekun

    rekun Registered Member

    Joined:
    Jun 11, 2007
    Posts:
    89
    what i mean is, that there is no point in telling everything that the hips allowes. I am only want to know what it blocks :D
     
  25. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    if you have created your own blocking rules, you can check the log all blocked operations and then you will see these in the HIPS log
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.