Discussion in 'other anti-virus software' started by FanJ, Oct 23, 2018.
Thanks. Just got it via the internal updater.
ESET Windows home products version 184.108.40.206 have been released
ESET Internet Security & ESET Smart Security Premium - ESET Windows home products version 220.127.116.11 have been released
ESET NOD32 Antivirus - ESET Windows home products version 18.104.22.168 have been released
Got it. Reboot required as usual.
Update running fine on two 7x64 systems.
V11 > v12 home edition update was smoothest major version update we've ever seen in my opinion. We always suggest customers don't be among the first to update, but we run tests on a bunch of machines - we never had one that caused us a problem. Because of that, we began advising customers a couple of weeks in that they should accept the upgrade.
New installs we never had a single problem with either so from day 1 those were just run v12 - it's going to be awesome.
I have a question about website certificates but I am not sure where to post it; and ... eh ... it is probably a noob question.
Sometimes I want (and need when discussing with website owner) to have a look at a certificate; using IE on Win 7.
But I have the SSL/TLS protocol filtering option enabled in Eset. And then you often see only the Eset certificate.
In those specific circumstances I want to see the actual certificate (like for example the begin/end dates etc. etc.)
I can temporarily disable the SSL/TLS protocol filtering in Eset, just for a few minutes to see the details.
But are there other, quick and simple, ways to see those details without having to disable that filtering for a moment?
Thanks in advance.
All that is changed in the certificate associated a given web site is the issuer data which now shows Eset. All the rest of the data shown in the certificate details are applicable to the certificate issued to and used by the web site. See the below screen shot which shows the certificate for wilderssecuriy.com.
Thank you very much itman !! Much appreciated.
I should have made a complete comparison of the certificates with and without the Eset filtering; I should have thought about that!
I'm not so sure about "All that is changed in the certificate associated a given web site is the issuer data which now shows Eset. All the rest of the data shown in the certificate details are applicable to the certificate issued to and used by the web site. See the below screen shot which shows the certificate for wilderssecuriy.com."
Let's take the certificate of the Wilders board. Two screenshots follow, first one with the Eset filtering, second one without Eset filtering.
We see that also the (in Dutch) serienummer changes; in English I suppose that is called serialnumber. But I guess that is to be expected: in the first instance the Eset filtering was used (and thus the Eset certificate), in the second instance not (so then the one from Let's Encrypt which is used here for the site).
Aside of that all, I still have to temporarily disable the Eset filtering to see the actual and original issuer of a certificate; or I had to try other means/ways/tools...
But no mistake, I do appreciate you reply, itman !!
Just use one of the web based certificate chain validation tools. Here's one:
I assume you are aware of Eset performs web site certificate validations on any web site which it is performing SSL protocol scanning? I have also repeatedly asked that Eset add a root cert. pinning option to SSl protocol scanning to no avail. Something along the lines of the old EMET feature which BTW, only worked for IE11.
Could you please give the exact links for that (those) website(s) where that kind of info can be get. My eyes are too bad to read the link; sorry!
I guess that I need one or more of those sites. And I hope that those site(s) can be trusted.
If I understand you right (about which I'm not 100 % sure), the answer is yes. I know that Eset performs web site certificate validations on any web site on which it is performing SSL protocol scanning.
I'm not sure whether I understand what "Eset add a root cert. pinning option to SSl protocol scanning" means.
EMET had an option whereby you could add the thumbprint hash value for the root certificate associated with a given web site. EMET would then verify when you connected to the web site with your browser that the site's root certificate thumbprint matched that stored in EMET for the site. This is really the only way an external man-in-the middle attack can be detected. My suggestion to Eset was to modify existing SSL protocol scanning to allow the user to do the same. That is, user would add the root cert. thumbprint in a new field associated with the existing entry for www.bankofamerica.com for example. Eset would then use this entered thumbprint value to validate the thumbprint of the root CA associated with the web site. This is relatively easy to do since the root certificate chaining data is already stored by the browser.
Thank you, itman !!
I needed something like that.
Another point that should be explained in regards to certificate validation processing in regards to Eset.
Since Eset performs SSL protocol scanning, it uses its own root CA certificate to do so. Because of this processing, Eset performs a HTTPS web site certificate chain validation using independent lookup via its own servers in fashion similar to that done at the above posted link to the sslshopper web site. However as I assume most have noticed, Eset will for the most part not perform SSL protocol scanning on web sites using an EV issued certificate or on web sites stored in its internal trusted web site list. Hence the need for those super security conscience to ensure the web site does indeed chain to its original issuing root CA store certificate via some type of pinning software that stores the thumbprint of said certificate or via independent lookup; e.g. sslshopper, for example.
Strange bro, I am now using Avast Pro Antivirus but did a custom install and didn't select the Web Shield or any other bloat, just the file scanner and behavior shield as I want nothing messing with my internet connection or interfering with my VPN and this is by far the lightest setup I've used and am loving it that you can do a custom install. With ESET, you can't do a custom install and if you disable the HTTPS Scanner, the ESET Icon turns amber and I don't like it because I feel something is not right if you know what I mean.
In ESET's settings you can exclude web facing apps from protocol filtering. That way it doesn't interfere with your network and at the same time systray icon stays green. I used this exclusion setting for exact same reason as you described.
Can you please tell me how to do that step by step as I don't have NOD32 installed now that I have Avast
Set "Scan action" to Ignore for apps you don't want filtered. BTW - not recommended since it decreases Eset's protection capability:
replying to your post about AV performance too:
with similar settings eset behaves a little bit better than avast imo (avast is faster than kaspersky in my exp, if kasperky has rootkit scan enabled), there's some stuff like i/o (bad for avast). I don't believe those performance tests take everything into account that's why I speak out of exp: eset, WD or maybe panda (but panda likes to spam many processes at same time), this is what I would install on my bro or best friend PC. Also this setup is mostly hassle free with very easy installation and setup (kaspersky is prone to give errors, avast too like ,,somoeone has tried to access avast settings" if u setup password: that plagued me for 2 months), WD no need to install so u don't loose time, without bsod (sometimes but not too often avast is the cause as reported by ppl, I personally have had 2 bsod by avast) or occasional comp. issues like between avast and Shadow Defender (best not have high io in shadow mode). That said I am huge fan of avast and they are fixing it, but its not super light and smooth in every situation. Eset definitely is, WD is also wonderful so far but that spying.
Another thing, no antivir is goind to protect u, so better have it very light, with virtualization, quality router, blockers and proper policy as main weapons. Eset has advanced firewall and network protection with many options added on top (avast/kaspersky is better at malware on the other hand): compared to others these options look impressive and the fact they let u tweak them. Also great anti-PUP by Eset. Imo and all that
That option AFAIK disables only scanning of SSL/TLS traffic. Under protocol filtering there is an option to exclude applications from scanning of all network traffic, not just encrypted.
I don't have ESET installed ATM, so I can't post a screenshot.
I assumed that is what the OP wanted to do. To exclude a given app from all protocol filtering, see the below screenshot. Again, this is not recommended:
Yes, that's the settings I was talking about.
Should you come across malware that is not blocked by any of ESET's protection modules, please contact me, ideally in our official forum at https://forum.eset.com. I'm having hard times to find malware not detected by ESET, especially among samples from VirusTotal. I more often come across samples detected by ESET and missed by other AVs.
I rarely see\have persistent malware since its all virtualized, eset might stop malware up front but u will never see a good one doing its thing or very difficult
for instance WD stopped a vbs script but still my router got attacked from my own ip with bash and shell code , if not for sniffin' I would not know
I saw some test where eset got trashed. But u know it's mostly YT kids doing videos. I feel safest with eset thanks to networking component. At any rate any av gets trashed by malware, avs as you know won't stop everything or just ignore some type of threats so eset would get eventually beaten hard, I belive so, attacking is easier than defending
I can't get it to install at all. Just get error message. Win 10 latest update.
Since you are not going to provide any useful details, and their Tech Support is free, have ESET assist: https://www.eset.com/us/support/contact/#/home-support
Good luck there.
Separate names with a comma.