Eset Self defense

Hello,
i don't like the self defense of Eset 4.The detection is good but if Eset miss somme virus he is dead.
I hope for this new version 5 everything to be diferend.
I hope to ,removabel viruses to be good to, becous he miss to much registry keys.
He clean just active processes.
Hope for beter removebel protection.
Good day.

....and Eset use to much for me Ram ,65000Ko-can be use it 20\30000Ko
Gui use to much Ram to 15000Mo...can be use it 2\3\4000Mo (i talk aboit the Antivirus)
He is light but he need just littel bit more to be perfect,and i hope so.

 

That's just about normal usage of Version 5.

And don't forget that more things have been added to ekrn.exe in Version 5 therefore the RAM usage might be a little higher than version 4.2
But IMO V5 still feels lighter than 4.2 even if the RAM usage has gone up just a little.

 

Yes but Eset got to make i little change and to use smaller Ram(improovment).
I now is not hevy on the system but he need just a little beat.
Look here:
http://www.antivirusware.com/testing/performance/

...p.s.and self defense is poor

 

But then they need to move the stuff that's loaded in ekrn.exe to the disk.
Wich will result in that it get's heavier on the system (higher I/O usage), is that what you want?

I don't want that anyway.

 

hi,
i think that the amount of memory needed must be related with the configuration profile...
some functions may be loaded into memory only when they are needed...

 

No i don't won't that, but Eset can work on GUI.exe processus...he use 15Mb.
Can use 2 or 3 Mb!!!

 

FYI. My ESS egui.exe is using 5 MB at the moment.

 

Mine is using 1500 KB (1.5 MB)

 

Bonjour Coccinelle, le monde est petit ^^

Hello all,

I think ESS have a good database, for malware/variant of, in fact the auto-défense of the version 4.2 is poor. I hope/believe the 5.0 make a better protection with the HIPS and this rules. In my opinion, the Cloud is a "gadget" (he make many FP on Norton IS for example) , a better Behavioral détection and Javascript detection is necessary. Two years of development between the 3.0 and the 4.2 its excessive. I said Eset want make a quality security products, but in two years the technology of the malware are in evolution, quickly. the Rogues security software and the Rootkit is a good example of this evolution, A product with "simply" one HIPS and Cloud réputation is one it no already late product?

 

Yes you are right.
The Hips do not change anything(80% of the users be use it in Automode).Eset need more others improvments.But is to late now.Version 5 is here.

 

I am sure the HIPS module will develope into something at least basic, before coming out of beta.

 

I hope,i hope...
For now in automode do nothing.
...p.s.ClearCloud DNS is more effective them Norton DNS

 

As trjam said. It's not too late since the Final version isn't out yet so there are still time for improvements.

 

You need to run the HIPS in Interactive mode to have full control. As it doesn't have a whitelist, you will get a lot of alerts initially while the policy is being created unless you run it in Learning mode for a while before switching to Interactive mode. Before enabling Learning mode though, you need to be pretty sure that the machine is clean before you start and stays clean during the learning period, as all behaviour will automatically be learned.

One weakness of the Learning mode is that rules are automatically created that are valid for all targets. Whilst this is okay for most operations, I would suggest that the target of the 'create process' operation be specified, otherwise you are giving unrestriction permission to untrusted applications such as browsers, mail clients, etc, to globally run any executable. This defeats the value of HIPS as an anti-executable in order to enforce a default-deny policy.

If using the Learning mode to create the initial policy, I would suggest inspecting the rules after switching to Interactive mode and deleting any 'create process' rules that have been created for untrusted applications such as browsers, mail clients, etc. The 'create process' rules can then be recreated for individual targets as and when the alerts are displayed. This is similar to the approach used by the Comodo Firewall.

 

Sorry but inteactive mode is crazy staff.He block ALL.
He don't now the system staff .

 

It well be great if Eset put the cloud scan like Norton inside.I think that is the strong point of Norton.

 

My egui.exe is using 3884 k.