Question Configure ESET Antivirus for Maximum Security (by RoboMan)

RoboMan

Level 34
Thread author
Verified
Top poster
Content Creator
Well-known
Jun 24, 2016
2,350
Hi Robo
It looks like the xml file is gone, is it possible you can upload it? THANKS.
My friend, I can't seem to find this particular file among my folders. I did find NOD32 one, with the ransomware rules included. Give it a try, if it doesn't work, I'll make a new one for tonight.

 

Shadowra

Level 22
Verified
Top poster
Malware Tester
Well-known
Sep 2, 2021
1,186
My friend, I can't seem to find this particular file among my folders. I did find NOD32 one, with the ransomware rules included. Give it a try, if it doesn't work, I'll make a new one for tonight.


Good job!
I will use it if I have to test Eset ;)
 

Guilhermesene

Level 7
Verified
Well-known
Jun 1, 2019
332
Unfortunately after reading all this topic from the great and greatest robot of all times @RoboMan I found out that I always used ESET the wrong way 😔 (install and forget) I need to study more about all ESET modes (interactive, intelligent among others) and also more deeply about HIPS however I have a little difficulty because I find the documentation on ESET's website a little complicated to read 😐
 

tsunami

Level 3
Well-known
Jul 10, 2018
134
Unfortunately after reading all this topic from the great and greatest robot of all times @RoboMan I found out that I always used ESET the wrong way 😔 (install and forget) I need to study more about all ESET modes (interactive, intelligent among others) and also more deeply about HIPS however I have a little difficulty because I find the documentation on ESET's website a little complicated to read 😐
you'll figure it out just do more research about it.
 

Nightwalker

Level 24
Verified
Honorary Member
Top poster
Content Creator
Well-known
May 26, 2014
1,309
Unfortunately after reading all this topic from the great and greatest robot of all times @RoboMan I found out that I always used ESET the wrong way 😔 (install and forget) I need to study more about all ESET modes (interactive, intelligent among others) and also more deeply about HIPS however I have a little difficulty because I find the documentation on ESET's website a little complicated to read 😐

There is no wrong way, ESET at default settings is more than enough ("install and forget"), it is a balanced combination of performance x detection and low false positive rate/low user interaction.
 

Guilhermesene

Level 7
Verified
Well-known
Jun 1, 2019
332
There is no wrong way, ESET at default settings is more than enough ("install and forget"), it is a balanced combination of performance x detection and low false positive rate/low user interaction.
Yes, that's the way I always used it. I just made some adjustments to the ThreadSense parameters like "Clear and Delete" to make it more "automatic" and it always worked for me. I used ESET for 3 years straight and never got infected in that time.

The rules I use in HIPS are these:


 
Last edited:

RoboMan

Level 34
Thread author
Verified
Top poster
Content Creator
Well-known
Jun 24, 2016
2,350
From what I understand, people leave HIPS in "Learning" mode for a few days, after that time HIPS they turn on "Interactive" mode because most of the rules have already been created and the ones that haven't will be asked to decide what action to take.
That's right, usually two weeks in learning mode will cover up mostly everything. Then switch to interactive. You need to make sure your system is malware-free before switching to learning in any module. The aforementioned setup configuration + the ransomware rules can be imported with my configuration file :)

 

tipo

Level 7
Well-known
Jul 26, 2012
342
Yes, that's the way I always used it. I just made some adjustments to the ThreadSense parameters like "Clear and Delete" to make it more "automatic" and it always worked for me. I used ESET for 3 years straight and never got infected in that time.

The rules I use in HIPS are these:


Took me a while to write all those rules (from eset kb) but they're exactly what a pc needs to be protected from ransomware. I'm wondering if @Shadowra could test this setup against different ransomware variants.😬
 

Zorro

Level 8
Well-known
Jun 11, 2019
378
Yes, that's the way I always used it. I just made some adjustments to the ThreadSense parameters like "Clear and Delete" to make it more "automatic" and it always worked for me. I used ESET for 3 years straight and never got infected in that time.

The rules I use in HIPS are these:


Once I here already advised to add these registry keys under the protection of HIPS. This was advised to me by one user on the Russian forum.
In addition to the hips rules that were recommended to you above, I recommend that you add the following rules:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DatabasePath

Set the value "Ask" in the HIPS action. Plus add a rule to block attempts to delete or modify the host file. And don't forget to protect your personal folders.
Maybe RoboMan will also add these registry keys to his defense
 

RoboMan

Level 34
Thread author
Verified
Top poster
Content Creator
Well-known
Jun 24, 2016
2,350
Hey everybody! I have updaed my configuration file, to include the following HIPS rules:
  • Ransomware Protection rules
  • Registry Protection rules
  • Hosts file Protection rules
Once you've imported this configuration file, your HIPS will probably be in "learning mode" and set to switch to "interactive mode" within a couple of days. Make sure you have this mind and change it if you need to.

 

Guilhermesene

Level 7
Verified
Well-known
Jun 1, 2019
332
My noble robo master @RoboMan, it may seem like a totally random and meaningless question, but in your opinion if I use ESET with all these rules is the protection better than Bitdefender's protection, equal or still inferior to Bitdefender?

My question is due to the fact that I keep wondering, how much do these rules make ESET an AV with better protection than other software in the market?

This is a good question to try to be answered, especially for undecided people like me who own 215151511929 AV software licenses and keep switching between them (as long as they don't find themselves in one of them for the positive/negative points).
 
Last edited:

RoboMan

Level 34
Thread author
Verified
Top poster
Content Creator
Well-known
Jun 24, 2016
2,350
My noble robo master @RoboMan, it may seem like a totally random and meaningless question, but in your opinion if I use ESET with all these rules is the protection better than Bitdefender's protection, equal or still inferior to Bitdefender?

My question is due to the fact that I keep wondering, how much do these rules make ESET an AV with better protection than other software in the market?

This is a good question to try to be answered, especially for undecided people like me who own 215151511929 AV software licenses and keep switching between them (as long as they don't find themselves in one of them for the positive/negative points).
My friend, have in mind this is my personal opinion, and defines the answer as the way I see home security.

I believe BitDefender is a great standalone product, that's made to install and forget, since it's extremely automatic. Regarding its protection capabilities, it's a top notch product.

On the other hand, ESET offers a different type of security. With this configuration, ESET is the total opposite of "install and forget". This product has the advantage that it can be configured to the way you want to sense security. This thread aims at a user-dependant type of product. This setup will not look to be smart and decide for you, it will prompt you whenever something's not right, because you gave it rules to do so.

Aside from that, the automatic mode from ESET is very smart and its signatures are rather good.

So it's more of a: what am I looking for? Rather than what's best.

If you don't wanna get involved in your security, BitDefender is your choice.
If you want to know everything that's going on within your system, ESET is your choice.

PS: but you must be careful and study your product, because modules such as a HIPS can be extremely smart and secure, but will definitely break your system if you fail to understand how it works.
 

tipo

Level 7
Well-known
Jul 26, 2012
342
My friend, have in mind this is my personal opinion, and defines the answer as the way I see home security.

I believe BitDefender is a great standalone product, that's made to install and forget, since it's extremely automatic. Regarding its protection capabilities, it's a top notch product.

On the other hand, ESET offers a different type of security. With this configuration, ESET is the total opposite of "install and forget". This product has the advantage that it can be configured to the way you want to sense security. This thread aims at a user-dependant type of product. This setup will not look to be smart and decide for you, it will prompt you whenever something's not right, because you gave it rules to do so.

Aside from that, the automatic mode from ESET is very smart and its signatures are rather good.

So it's more of a: what am I looking for? Rather than what's best.

If you don't wanna get involved in your security, BitDefender is your choice.
If you want to know everything that's going on within your system, ESET is your choice.

PS: but you must be careful and study your product, because modules such as a HIPS can be extremely smart and secure, but will definitely break your system if you fail to understand how it works.
Perfectly said! +1000
 

Guilhermesene

Level 7
Verified
Well-known
Jun 1, 2019
332
What can I say after reading this topic?

First, I would like to thank you, @RoboMan, for answering my question and for taking the time to pay attention to my questioning.

I am speechless! You managed to approach the subject in a way that helped me understand the concepts that I wasn't getting.

That's what I always say, my friend: I knew you wouldn't let me down. How could I expect anything different from the greatest robot of all time? The robot, whose intelligence is much better and greater than any artificial intelligence and machine learning 😁

Thank you very much for helping me to see AV's from another point of view.