Whatever Eset says, those files are not checked as thoroughly as the new files.
I do not know for sure. I do not use Eset, so I cannot check it. On default settings, it is reasonable to scan the files on demand like the new files.
I thought it was free?
ESET will not scan the whitelisted files if you run a scan. But ESET realtime protection will still monitor every file on the system. The files are not excluded from scanning by the real-time scanner. The files are excluded only when running scans.You are paying a price for the lightness. I will quote an interesting post I saw on this subject:
Ultra Male said: ↑
AV-Comparatives Performance Test - April 2019
Link to Chart: https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart4&chart_year=2019&chart_month=4&chart_sort=1&chart_zoom=0...www.wilderssecurity.com
anon:
That leads to on-execution scan/detection only.
i.e. =
Today you run a full scan, you have the X malware but your AV signature database miss it.
Tomorrow, a new signature for the X malware is added but the file (which is already scanned) remains with the same hash = whitelisted => undetected.
You do not need H_C to apply the forced SmartScreen (see RunBySmartScreen). H_C uses default-deny setup, and forced SmartScreen is used to safely bypass the protection and install applications.When I have time this week I’ve been looking to dive into H_C and set up WD before the May update. Forcing smartscreen is an idea I really like. Things move slow for me making changes with my toddler around. He doesn’t like me looking at screens if he can’t play.
I thought it was free?
Download is available here.
Tencent PC Manager_for_Global-home page
Tencent PC Manager-home page,link the largest security cloud base all of the world,use the best anti-virus engine,all for your PC security.www.pcmgr-global.com
http://www.tencent.com/en-us/system.html
There is a difference when AV uses caching.ESET will not scan the whitelisted files if you run a scan. But ESET realtime protection will still monitor every file on the system. The files are not excluded from scanning by the real-time scanner. The files are excluded only when running scans.
Good gracious!!! Nowadays some malware is so sophisticated that it doesn't require any execution. :emoji_cold_sweat: in the above scenario ESET will cache the file in the download folder only if a full scan has been performed after downloading that particular file. @Andy Ful in this scenario where a malware can exploit explorer, do you think that software restriction policies (like Hard_Configurator and AppGuard) will help prevent these types of attacks since it's my guess that they will bypass traditional anti executables like ERP and VoodooShield ?There is a difference when AV uses caching.
Suppose that you have downloaded a malicious file a few days ago, without opening the Download folder, so you have not been infected. The file was not detected, but It could be detected today if you would try to execute it. Now, if AV uses the old cache, you can still be infected today when you will open the Download folder without executing anything from that folder. Yes, it is possible (and happened in the wild) if malware can exploit Explorer.
This is not an issue for the home users who update Windows regularly, but does matter in organizations and Enterprises.
They cannot stop the exploit, but they can prevent loading the malicious libraries. This can depend on the exploit and protection settings. If the exploit is well known, then AV can include it in the heuristics or signatures. As I noticed before, there is no need to fight such exploits in updated Windows, because Microsoft quickly pushes the patch for such dangerous exploit.
Take care about chinese antiviruses
1 Not to worry. As Andy said, this type of attack doesn't work on Windows with updates. For people like us, it is of academic interest alone.
