Eset Self defense

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by Coccinelle, May 14, 2011.

Thread Status:
Not open for further replies.
  1. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Hello,
    i don't like the self defense of Eset 4.The detection is good but if Eset miss somme virus he is dead.
    I hope for this new version 5 everything to be diferend.
    I hope to ,removabel viruses to be good to, becous he miss to much registry keys.
    He clean just active processes.
    Hope for beter removebel protection.
    Good day.

    ....and Eset use to much for me Ram ,65000Ko-can be use it 20\30000Ko
    Gui use to much Ram to 15000Mo...can be use it 2\3\4000Mo (i talk aboit the Antivirus)
    He is light but he need just littel bit more to be perfect,and i hope so.
     
    Last edited: May 14, 2011
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    That's just about normal usage of Version 5.

    And don't forget that more things have been added to ekrn.exe in Version 5 therefore the RAM usage might be a little higher than version 4.2
    But IMO V5 still feels lighter than 4.2 even if the RAM usage has gone up just a little.
     
  3. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Yes but Eset got to make i little change and to use smaller Ram(improovment).
    I now is not hevy on the system but he need just a little beat.
    Look here:
    http://www.antivirusware.com/testing/performance/

    ...p.s.and self defense is poor :(
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    But then they need to move the stuff that's loaded in ekrn.exe to the disk.
    Wich will result in that it get's heavier on the system (higher I/O usage), is that what you want?

    I don't want that anyway. :thumbd:
     
  5. pinjoa

    pinjoa Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    74
    Location:
    Braga, Portugal
    hi,
    i think that the amount of memory needed must be related with the configuration profile...
    some functions may be loaded into memory only when they are needed...
     
  6. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    No i don't won't that, but Eset can work on GUI.exe processus...he use 15Mb.
    Can use 2 or 3 Mb!!!
     
  7. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    FYI. My ESS egui.exe is using 5 MB at the moment. :)
     
  8. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Mine is using 1500 KB (1.5 MB) :)
     
  9. vigen

    vigen Registered Member

    Joined:
    Mar 28, 2011
    Posts:
    60
    Bonjour Coccinelle, le monde est petit ^^

    Hello all,

    I think ESS have a good database, for malware/variant of, in fact the auto-défense of the version 4.2 is poor. I hope/believe the 5.0 make a better protection with the HIPS and this rules. In my opinion, the Cloud is a "gadget" (he make many FP on Norton IS for example) , a better Behavioral détection and Javascript detection is necessary. Two years of development between the 3.0 and the 4.2 its excessive. I said Eset want make a quality security products, but in two years the technology of the malware are in evolution, quickly. the Rogues security software and the Rootkit is a good example of this evolution, A product with "simply" one HIPS and Cloud réputation is one it no already late product?
     
  10. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Yes you are right.
    The Hips do not change anything(80% of the users be use it in Automode).Eset need more others improvments.But is to late now.Version 5 is here.:mad:
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I am sure the HIPS module will develope into something at least basic, before coming out of beta.
     
  12. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    I hope,i hope...
    For now in automode do nothing.:mad:
    ...p.s.ClearCloud DNS is more effective them Norton DNS :)
     
  13. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    As trjam said. It's not too late since the Final version isn't out yet so there are still time for improvements.
     
  14. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    You need to run the HIPS in Interactive mode to have full control. As it doesn't have a whitelist, you will get a lot of alerts initially while the policy is being created unless you run it in Learning mode for a while before switching to Interactive mode. Before enabling Learning mode though, you need to be pretty sure that the machine is clean before you start and stays clean during the learning period, as all behaviour will automatically be learned.

    One weakness of the Learning mode is that rules are automatically created that are valid for all targets. Whilst this is okay for most operations, I would suggest that the target of the 'create process' operation be specified, otherwise you are giving unrestriction permission to untrusted applications such as browsers, mail clients, etc, to globally run any executable. This defeats the value of HIPS as an anti-executable in order to enforce a default-deny policy.

    If using the Learning mode to create the initial policy, I would suggest inspecting the rules after switching to Interactive mode and deleting any 'create process' rules that have been created for untrusted applications such as browsers, mail clients, etc. The 'create process' rules can then be recreated for individual targets as and when the alerts are displayed. This is similar to the approach used by the Comodo Firewall.
     
  15. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Sorry but inteactive mode is crazy staff.He block ALL.
    He don't now the system staff .
     
    Last edited: May 17, 2011
  16. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    It well be great if Eset put the cloud scan like Norton inside.I think that is the strong point of Norton.:rolleyes:
     
  17. laqui

    laqui Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    11
    My egui.exe is using 3884 k.
     
Thread Status:
Not open for further replies.