Q&A Configure ESET Antivirus for Maximum Security (by RoboMan)

RoboMan

Level 34
Thread author
Verified
Top poster
Content Creator
Well-known
Jun 24, 2016
2,337
Last update: November 2021

If you're here you may probably have been delighted already by the majestic features of ESET :) Maybe the signatures convinced you? Great static detection for sure. In this thread I will guide you a bit on how to configure your ESET product for maximum security without compromising performance.

  • Why ESET?
ESET's great with signatures, being one of the fastest to add them to their database. It also provides an amazing web filters and phishing protection. As for dynamic protection (real time execution of files) it can be either weak or really smart if configured correctly.
  • Where does this configuration point to?
Of course, security. It will prioritize the maximum lockdown to avoid infection (which may happen if you don't acquire safe habits!). Still, we will make sure it's as light as possible.
  • Is ESET a heavy product?
On the contrary, it's one of the lighter if not the lightest. Almost unnoticable system impact.
  • Should I use it paired with other software?
If necessary, but evaluate which product. For example, OSArmor or VoodooShield can pair up really great, but some extra anti-malware products with real time protection (like HMP.A) may interfere with its features.
  • Can I disable firewall to enable a 3rd party one?
Strongly recommended against. Do not disable any of the components that are not disabled in this configuration. A product works on its whole as a standalone solution, meaning firewall could be connected to real time protection in order to work fully.
  • How does the thing that motivate the world function?
Cannot tell yet. May have that answer on my next firmware upgrade: Roboman 3.51b (beta testing through www.robomanAI.com/betatesting).
---------------------------------
CONFIGURATION

The following configuration setup is intended for maximum protection and interactive user approval. This means, you will be consulted about almost everything, in order for you to have full knowledge and control over your system. If you want an install and forget setup, this is not your thread. And probably not your AV lol.

We will start from the premise you just installed ESET, let it update and restarted the machine. Through the installation process you may have found out you're asked if you want to enable two options:

2018-08-29 13_17_56-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png

Just click YES on both.

If a section is skipped here on the thread it means you should leave it default. Only change what it's specifically told here. Compare the pictures with your configuration and enable/disable.

1. Right click ESET---Advanced setup

2018-08-29 13_32_07-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png

2018-08-29 13_32_53-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png

Real-time system protection

2018-08-29 13_33_15-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_34_00-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_34_20-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png

Cloud based protection

2018-08-29 13_34_50-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png

Malware scans


1. Select "smart scan" and apply the following configuration

2018-08-29 13_36_18-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_36_31-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_36_39-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png
2018-08-29 13_37_18-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_37_43-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_38_13-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_38_31-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_38_42-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_38_56-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_39_17-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png

HIPS

2018-08-29 13_39_34-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_40_11-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png
Firewall
Recommendation: set on learning mode for a week so all Windows and used software connections are learned, then switch to interactive to be notified about every connections.


2018-08-29 13_40_34-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_41_06-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_41_22-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png

Network attack protection

2018-08-29 13_41_37-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png2018-08-29 13_41_54-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png
2018-08-29 13_43_03-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png
2018-08-29 13_43_24-Lab (no av + tools) [Corriendo] - Oracle VM VirtualBox.png
Here I've added:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DatabasePath
  • Hosts file Protection rules
To add these 3 (three) groups of HIPS rules, just use my configuration file and import it into the product: UPLOAD.EE - https://www.upload.ee/files/13687257/ESET_NOD32_December_2021.xml.html
---------------------------------
WAIT, ROBO! I'm too lazy! Can't I just import your configuration file to my ESET product?
Well sir, yes you can. Download it from here:


This link includes all the modules configuration, and HIPS rules for:
  • Ransomware Protection rules
  • Registry Protection rules
  • Hosts file Protection rules
  • Protected Folders
For instructions on successfully settings up the Protected Folders rules, check this post#60
Q&A - Configure ESET Antivirus for Maximum Security (by RoboMan)
 
Last edited:

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,271
I'm wondering now if there's really a need to enable advance heuristic/dna signature on realtime > threatsense

The additional threatsense parameters should already have you covered, shouldn't it?

I was going to reply the same thing, Advanced Heuristics/DNA signatures should be used only for new and modified files (default settings), the performance hit isnt worthy in my opinion, but the rest is great.

thanks @RoboMan , it was a nice reading.
 

RoboMan

Level 34
Thread author
Verified
Top poster
Content Creator
Well-known
Jun 24, 2016
2,337
I'm wondering now if there's really a need to enable advance heuristic/dna signature on realtime > threatsense

The additional threatsense parameters should already have you covered, shouldn't it?
Hi! On the ordinary scenario, default settings should have you covered, that's true. Nevertheless, and taking into account the "paranoid"/user dependant this configuration is, it's enabled to scan even the ESET whitelisted files. Why? Because as there are many ways to bypass the first check ESET does, like a digital signature or a logical bomb, I'd rather keep watching a file that has already been marked as safe in order to avoid any further complications. This implies a bit more of system resources and can be disabled according to your level of paranoia or security need :)
 

RoboMan

Level 34
Thread author
Verified
Top poster
Content Creator
Well-known
Jun 24, 2016
2,337
Thanks for your positive comments guys!
good post very well explained, well by eset I love I think it is the best security suites despite many users of this forum that are kaspersky in my case kaspersky is in second place always behind eset despite the comparative av
I endeed think ESET is an amazing piece of software! Unlike Kaspersky. it's not install and forget. If you install and forget you're probably using it wrong. Kaspersky's software can be tweaked a bit and then you're set and free to go, it will monitor your whole system and pretty much protect you anytime. But ESET is different and that's why I like it. It seems to be oriented to security enthusiasts or people who like to play with it or have total control over their system. It can act as a lockdown tool to default deny anything and tell you about it, so you can have full control over every thing that's going on. :)
 

Bill K

Level 5
Jul 25, 2018
224
As a longtime user of ESET IS I also found these recommended settings very helpful and enlightening! While the customization control which ESET provides benefits experienced users, its default settings with a few tweaks can easily make it operate primarily behind the scenes with minimal user intervention when desired. It's this level of flexibility which I find to be its strength by not limiting it to a specific target market while ignoring the needs of others. Their forum also provides timely support to any issues you may encounter, unlike many of its competitors. Thanks very much for sharing your configuration settings @RoboMan !
 

Al-Faqir

Level 8
Verified
Jul 24, 2018
383
@RoboMan Thank you again for this useful thread. Isn't it a good idea to share with us how threat detection is carried out by Eset? I mean why not describing how Eset handles unknown malware and how each component (configured with your settings) react. I know this might require a dedicated thread, but I see the need of such threads. Thank you in advance.
 
Last edited:

Dave Russo

Level 16
Verified
Top poster
May 26, 2014
794
If you're here you may probably have been delighted already by the majestic features of ESET :) Maybe the signatures convinced you? Great static detection for sure. In this thread I will guide you a bit on how to configure your ESET product for maximum security without compromising performance.

  • Why ESET?
ESET's great with signatures, being one of the fastest to add them to their database. It also provides an amazing web filters and phishing protection. As for dynamic protection (real time execution of files) it can be either weak or really smart if configured correctly.
  • Where does this configuration point to?
Of course, security. It will prioritize the maximum lockdown to avoid infection (which may happen if you don't acquire safe habits!). Still, we will make sure it's as light as possible.
  • Is ESET a heavy product?
On the contrary, it's one of the lighter if not the lightest. Almost unnoticable system impact.
  • Should I use it paired with other software?
If necessary, but evaluate which product. For example, OSArmor or VoodooShield can pair up really great, but some extra anti-malware products with real time protection (like HMP.A) may interfere with its features.
  • Can I disable firewall to enable a 3rd party one?
Strongly recommended against. Do not disable any of the components that are not disabled in this configuration. A product works on its whole as a standalone solution, meaning firewall could be connected to real time protection in order to work fully.
  • How does the thing that motivate the world function?
Cannot tell yet. May have that answer on my next firmware upgrade: Roboman 3.51b (beta testing through www.robomanAI.com/betatesting).
---------------------------------
CONFIGURATION

The following configuration setup is intended for maximum protection and interactive user approval. This means, you will be consulted about almost everything, in order for you to have full knowledge and control over your system. If you want an install and forget setup, this is not your thread. And probably not your AV lol.

We will start from the premise you just installed ESET, let it update and restarted the machine. Through the installation process you may have found out you're asked if you want to enable two options:

View attachment 196836

Just click YES on both.

If a section is skipped here on the thread it means you should leave it default. Only change what it's specifically told here. Compare the pictures with your configuration and enable/disable.

1. Right click ESET---Advanced setup

View attachment 196837

Firewall
Recommendation: set on learning mode for a week so all Windows and used software connections are learned, then switch to interactive to be notified about every connections.


View attachment 196855View attachment 196856View attachment 196857

Network attack protection

View attachment 196858View attachment 196859
---------------------------------
WAIT, ROBO! I'm too lazy! Can't I just import your configuration file to my ESET product?
Well sir, yes you can. Download it from here:

UPLOAD.EE - Roboman_s_config_file.xml - Download
Thanks
 

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,524
I was going to reply the same thing, Advanced Heuristics/DNA signatures should be used only for new and modified files (default settings), the performance hit isnt worthy in my opinion, but the rest is great.

thanks @RoboMan , it was a nice reading.

I know this is an old message, but I was curious what the performance impact of real-time advance heuristics is? What is it doing in comparison to the normal heuristics that causes the impact? I’m new to ESET and their language on this is pretty vague on their website.
 

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,271
I know this is an old message, but I was curious what the performance impact of real-time advance heuristics is? What is it doing in comparison to the normal heuristics that causes the impact? I’m new to ESET and their language on this is pretty vague on their website.

Enabling advanced heuristics on file access may have impact on system performance as code emulation is a time and resource consuming process. Therefore, advanced heuristics is only used for newly created and modified files as well as for file that are executed. Files whitelisted by ESET will not be scanned again if you have Smart optimization and LiveGrid enabled.

Real-time protection enable "Advanced heuristics/DNA/Smart signatures"