ESET NOD32 v12

Discussion in 'other anti-virus software' started by FanJ, Oct 23, 2018.

  1. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,123
    Default is very good, just remember to check PUA detection.

    Of course you can tweak it, but it isnt necessary, contrary to popular belief.

    You can use those settings below to harder the system against fileless malware and ransomware, but SysHarderner and OSArmor are much more pratical.

    https://support.eset.com/kb6119/?locale=en_US&viewlocale=en_US
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    5,112
    Location:
    New York City
    I use the default settings with the following adjustments:
    1.Enable detections of three 'Potentially unsafe/suspicious applications" under Advanced Setup->Detection Engine->Basic->scanner options.
    2. Under Advanced Setup->Threatsense Parameters->Cleaning Level, I set to "Strict Cleaning"
     
    Last edited: Mar 8, 2019
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,595
    Location:
    U.S.A.
    Note that in regard to ThreatSense setting "tweaking," there is no global setting. It must be changed in the Eset GUI in regards to the below shown protection settings:
    First, be aware that the "strict cleaning" setting means that whatever Eset detects will be auto blocked, deleted, and sent to Quarantine.

    I would recommend that Web access protection ThreatSense setting be left at its default setting of "normal" cleaning. This way you will get an alert for PUA's and you can manually allow or block them. You can also at that time specify if you want Eset to permanently remember your selection. This way some download you want and truly know to be safe won't be auto deleted and quarantined.
     
    Last edited: Mar 9, 2019
  4. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    72
    Location:
    Planet Earth
    I again opted ESET Internet Security for my personal Windows Laptop. In today's update, it got updated to 12.1.31.0 and I renewed it.

    I went through the release notes of 12.1.31.0 in one of the post. It says this version includes an option: "Deep Behavioral Analysis" which will work in conjunction with HIPS.

    I could not find any such option.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,423
    It's in the HIPS setup:
    upload_2019-3-9_10-22-34.png
     
  6. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    917
    Did you looked at

    Setup > advanced setup(bottom screen) > HIPS > Basic > Deep behavioral inspection
     
  7. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    72
    Location:
    Planet Earth
    Thanks @Marcos @Azure Phoenix

    Strange or my mistake, don't know. It was not appearing before unless I restarted after renewal.

    I was already using ESET Internet Security and performed full scan three days back. After upgrading to 12.1.31.0, it has detected few PUAs and qurantined. These are labeled as "Variant".
     
    Last edited: Mar 9, 2019
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,595
    Location:
    U.S.A.
    This is Eset's terminology for polymorphic malware. That is malware that tries to evade signature detection by slightly changing its internal code.
     
  9. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,447
    I'm asking for help about the ESET BPP (Banking & Payment Protection).
    Please if you ladies and gents could give me help!
    I have been trying to buy an upgrade for a certain program. But for certain reasons, not known to me, the BPP is not working. It is not first time that this is happening. Sometimes you have to try to manually add a purchasing site to the Eset settings in the BPP settings. But this time it seems not to be working for whatever reasons. Using IE11 on Win 7 pro 64-bit.

    Am I right that in the new Eset version 12.1.31.0 there is still a "green border" around your screen in IE11 when trying to do a payment?
    Well, I do not see it when trying.
    I've added manually :
    https://secure.shareit.com
    https://secure.element5.com

    I'm a paying user of Eset, always have been for years. But if I cannot get this working right, I'm going to another AV; it's as simply as that.

    Thanks in advance.
     
  10. darts

    darts Registered Member

    Joined:
    Feb 19, 2009
    Posts:
    435
    Location:
    Netherlands
    I would like too see the 12.1.31.0 version too be testes and see How good it now scans with the new hips and everything.
     
  11. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,184
    Location:
    USA
    I do see a green border. I pasted both of the domains you listed in the address bar. It goes there, though I get a "403 Forbidden" message from the site. This was with IE 11 on Windows 10 Pro x64. If it were me experiencing the issue, I would likely remove and reinstall ESET and see what happens.
     
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,595
    Location:
    U.S.A.
    Same here as far as the "403 Forbidden" message.

    Also it appears Eset has updated BP&P in ver. 12.1.31. You will see an entire different screen displayed when accessing BP&P via desktop icon option. I also found one issue immediately. You have to fully delete their shown URL. If for example you leave the "https:\\" displayed, delete the Eset URL, and then enter the desired site URL, BP&P will append https:\\ again. The result is you end up with https:\\https:\\ and the connection attempt will fail.

    Eset_BPP.png
     
  13. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,447
    Thanks @xxJackxx and @itman !

    Sorry for my late reply.
    The program I was trying to buy a new licence for is ADinf32 Pro. For whatever reason the purchasing proces went wrong at that moment and I was too frustrated. Maybe I did something wrong.
    I tried it today again and this time the proces went OK via https://secure.shareit.com etc etc
     
    Last edited: Mar 20, 2019
  14. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    171
    Location:
    Poland
    dunno what to make of " chrome.exe has been modified and now tries to access the Internet", or " Ekrn.exe has been modified and now tries to connect to the internet"
    shouldn't these warnings be a little worrysome or its just an update so Eset just warns me
    ran a scan with no virus thanks dll explorer and have 200 suspicious dlls while normally just 2 and by nvidia telemetry, perhaps false alarms, dll explorer is not updated maybe and Eset just behaves normally?
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,595
    Location:
    U.S.A.
    Those are coming from Eset's Application Control. They are telling you the app has been recently modified. The alerts should only be appearing in any frequency if the firewall mode is set to "Interactive."

    Unless you have recently updated Eset to a new version, I know of no reason why you should be receiving an alert for ekrn.exe. Mine dates to 3/7 which is when I upgraded to ver. 12.1.31. However in the past, I have had issues with Application Control in regards to it alerting to false change detection in regards to equi.exe and ekrn.exe change status when in Interactive mode. One reason I don't use that mode anymore.
     
    Last edited: Mar 22, 2019
  16. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    171
    Location:
    Poland
    only Firewall is interactive, HIPS is set to auto, I guess Firewall and Hips work in conjuction so to make it gone I should have both to automathic, I don't remember whether its egui.exe or ekrn.exe, anyway it was 100% eset module, checked on virus total both chrome and eset modules , seam fine, hash seam fine, cert also, also run all scans possible including avz by oleg, no probs (only no virus thanks complains). To be sure reset and modified router to latest soft. My router was attacked 1 month ago with bash.exe and shell shock - anyway something with shell and many types of attack (says the log), 12 times then gone, ip pointed to my pc but I was virtualized, after exiting virtual machine and after firmware upgrade all quiet , guess script kiddies trying their luck
     
    Last edited: Mar 22, 2019
  17. darts

    darts Registered Member

    Joined:
    Feb 19, 2009
    Posts:
    435
    Location:
    Netherlands
    i can not get my bank https://www.ing.nl/particulier/index.html too safe banking i have tried too put it in rules but even then it won't reconise it for safe banking.
    Can someone help me with this?

    Greats,
    Darts
     
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,595
    Location:
    U.S.A.
    Open up Eset Banking & Payment Protection via desktop icon. Then paste: https://www.ing.nl/ into it.

    Suspect the reason direct access to bank web site from a non-B&PP browser doesn't work is the web site uses HTTP/2. Eset currently doesn't support it but is working on it with expected fix in the near future.

    Also when your having issues like this, it is best to post the problem on the Eset forum web site: https://forum.eset.com/
     
  19. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,447
    Hi Darts,

    Would it help if you put the following site in the Eset BPP list manually:
    https://mijn.ing.nl

    In Dutch:
    Zou het helpen als je de volgende site handmatig plaatst in de Eset BPP lijst:
    https://mijn.ing.nl
    En dan in plaats van in te loggen op https://www.ing.nl/particulier/index.html naar die bovenstaande link te gaan.
     
  20. darts

    darts Registered Member

    Joined:
    Feb 19, 2009
    Posts:
    435
    Location:
    Netherlands
    Dag FanJ,
    Dank je wel voor je reactie terug , wat betekend BPP eigenlijk?
    Laat het me maar weten.

    Thanks for you're reaction back , what means BPP?
    Let me know.

    Groet,
    Darts
     
  21. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,447
    First I may have to explain to the not-Dutchies what https://mijn.ing.nl means.
    The Dutch word "mijn" means in English "my" or "mine".
    Many companies (and official sites) use it in some way, when you have to log on there; in general: https://mijn.company.nl

    Hi Darts,
    With BPP I was meaning what @itman too posted: Eset Banking & Payment Protection.
    Does that help?

    In Dutch:
    Ik bedoelde met BPP : Eset Banking & Payment Protection.
    Helpt dat?
     
  22. darts

    darts Registered Member

    Joined:
    Feb 19, 2009
    Posts:
    435
    Location:
    Netherlands
    Helpt helaas ook niet , wel vreemd dat hij hem gewoon niet automatisch herkend als bank site.
     
  23. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,447
    Alas, I don't know why it doesn't work for you. It does work for me for a long time, using IE11 on Win 7. For a long time I have now ING items in my BPP list; I've manually put them there in that list.
    There is a recent Eset Alert about a problem with Banking and Payment Protection : https://support.eset.com/alert7234/
    I don't know whether that issue is related to your problem.
    I would advise to go to the Eset forum (as @itman suggested too) and/or get in contact with Eset NL.
     
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,595
    Location:
    U.S.A.
    There is currently an issue with FireFox which Eset is looking into.

    B&PP has always worked flawlessly with IE11. One suggestion for minimal B&PP issues is to set IE11 as your default browser. Then open manually from the desktop whatever browser/s you use. If you manually enter your banking web site in the B&PP list within the Eset GUI, Eset will auto open the site in an IE11 protected browser session from Chrome, Firefox, and even Edge. Note that B&PP always uses the Win specified default browser.
     
  25. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,447
    There is a particular "issue" related to ING. Since some time ING is strongly pushing users to use another browser and not IE11. The ING site still works with IE11 but, oh man, is it slow when you are using IE11.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.