Advice Request Configure ESET Antivirus for Maximum Security (by RoboMan)

[RoboMan]

Last update: November 2021

If you're here you may probably have been delighted already by the majestic features of ESET Maybe the signatures convinced you? Great static detection for sure. In this thread I will guide you a bit on how to configure your ESET product for maximum security without compromising performance.

Spoiler: FAQ's

• Why ESET?

ESET's great with signatures, being one of the fastest to add them to their database. It also provides an amazing web filters and phishing protection. As for dynamic protection (real time execution of files) it can be either weak or really smart if configured correctly.

• Where does this configuration point to?

Of course, security. It will prioritize the maximum lockdown to avoid infection (which may happen if you don't acquire safe habits!). Still, we will make sure it's as light as possible.

• Is ESET a heavy product?

On the contrary, it's one of the lighter if not the lightest. Almost unnoticable system impact.

• Should I use it paired with other software?

If necessary, but evaluate which product. For example, OSArmor or VoodooShield can pair up really great, but some extra anti-malware products with real time protection (like HMP.A) may interfere with its features.

• Can I disable firewall to enable a 3rd party one?

Strongly recommended against. Do not disable any of the components that are not disabled in this configuration. A product works on its whole as a standalone solution, meaning firewall could be connected to real time protection in order to work fully.

• How does the thing that motivate the world function?

Cannot tell yet. May have that answer on my next firmware upgrade: Roboman 3.51b (beta testing through www.robomanAI.com/betatesting).

---------------------------------
CONFIGURATION

The following configuration setup is intended for maximum protection and interactive user approval. This means, you will be consulted about almost everything, in order for you to have full knowledge and control over your system. If you want an install and forget setup, this is not your thread. And probably not your AV lol.

We will start from the premise you just installed ESET, let it update and restarted the machine. Through the installation process you may have found out you're asked if you want to enable two options:



Just click YES on both.

If a section is skipped here on the thread it means you should leave it default. Only change what it's specifically told here. Compare the pictures with your configuration and enable/disable.

1. Right click ESET---Advanced setup

Spoiler: DETECTION ENGINE

Real-time system protection



Cloud based protection



Malware scans

1. Select "smart scan" and apply the following configuration




HIPS

Spoiler: NETWORK PROTECTION

Firewall
Recommendation: set on learning mode for a week so all Windows and used software connections are learned, then switch to interactive to be notified about every connections.



Network attack protection

Spoiler: DEVICE CONTROL

Spoiler: TOOLS

Spoiler: HIPS

Here I've added:

• Ransomware Protection rules: as per [KB6119] Configure HIPS rules for ESET business products to protect against ransomware (8.x))
• Registry Protection rules:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DatabasePath

• Hosts file Protection rules

To add these 3 (three) groups of HIPS rules, just use my configuration file and import it into the product: UPLOAD.EE - https://www.upload.ee/files/13687257/ESET_NOD32_December_2021.xml.html

---------------------------------
WAIT, ROBO! I'm too lazy! Can't I just import your configuration file to my ESET product?
Well sir, yes you can. Download it from here:

UPLOAD.EE - ESET_NOD32_December_2021.xml - Download

ESET_NOD32_December_2021.xml - Download. Upload.ee

www.upload.ee

This link includes all the modules configuration, and HIPS rules for:

• Ransomware Protection rules
• Registry Protection rules
• Hosts file Protection rules
• Protected Folders

For instructions on successfully settings up the Protected Folders rules, check this post#60
Q&A - Configure ESET Antivirus for Maximum Security (by RoboMan)

 

[RoboMan]

@AV-Freak @idanbental and everybody else who asked for my help configuring ESET

 

[oldschool]

You're a good robot member @RoboMan!

 

[ForgottenSeer 72227]

Looks good and fantastic job

 

[BigWrench]

GREAT JOB!!!!
I'm lazy. Download #5

 

[Azure]

I'm wondering now if there's really a need to enable advance heuristic/dna signature on realtime > threatsense

The additional threatsense parameters should already have you covered, shouldn't it?

 

[Nightwalker]

I'm wondering now if there's really a need to enable advance heuristic/dna signature on realtime > threatsense

The additional threatsense parameters should already have you covered, shouldn't it?

I was going to reply the same thing, Advanced Heuristics/DNA signatures should be used only for new and modified files (default settings), the performance hit isnt worthy in my opinion, but the rest is great.

thanks @RoboMan , it was a nice reading.

 

[JM Safe]

Good work @RoboMan and good product, I like ESET. It would be awesome to see a free version of it

 

[RoboMan]

I'm wondering now if there's really a need to enable advance heuristic/dna signature on realtime > threatsense

The additional threatsense parameters should already have you covered, shouldn't it?

Hi! On the ordinary scenario, default settings should have you covered, that's true. Nevertheless, and taking into account the "paranoid"/user dependant this configuration is, it's enabled to scan even the ESET whitelisted files. Why? Because as there are many ways to bypass the first check ESET does, like a digital signature or a logical bomb, I'd rather keep watching a file that has already been marked as safe in order to avoid any further complications. This implies a bit more of system resources and can be disabled according to your level of paranoia or security need

 

[outlawxtorn]

Thanks for this @RoboMan! Do you combine Eset with any other products?

 

[RoboMan]

Thanks for this @RoboMan! Do you combine Eset with any other products?

Back in the day, my combo was ESET and VS

 

[Al-Faqir]

I have always used Eset on default settings. These configurations look decent indeed. Thanks for such an insightful guide.

 

[elquenunca]

good post very well explained, well by eset I love I think it is the best security suites despite many users of this forum that are kaspersky in my case kaspersky is in second place always behind eset despite the comparative av

 

[RoboMan]

Thanks for your positive comments guys!

good post very well explained, well by eset I love I think it is the best security suites despite many users of this forum that are kaspersky in my case kaspersky is in second place always behind eset despite the comparative av

I endeed think ESET is an amazing piece of software! Unlike Kaspersky. it's not install and forget. If you install and forget you're probably using it wrong. Kaspersky's software can be tweaked a bit and then you're set and free to go, it will monitor your whole system and pretty much protect you anytime. But ESET is different and that's why I like it. It seems to be oriented to security enthusiasts or people who like to play with it or have total control over their system. It can act as a lockdown tool to default deny anything and tell you about it, so you can have full control over every thing that's going on.

 

[Bill K]

As a longtime user of ESET IS I also found these recommended settings very helpful and enlightening! While the customization control which ESET provides benefits experienced users, its default settings with a few tweaks can easily make it operate primarily behind the scenes with minimal user intervention when desired. It's this level of flexibility which I find to be its strength by not limiting it to a specific target market while ignoring the needs of others. Their forum also provides timely support to any issues you may encounter, unlike many of its competitors. Thanks very much for sharing your configuration settings @RoboMan !

 

[AV-Freak]

@AV-Freak @idanbental and everybody else who asked for my help configuring ESET

thank you for posting it in detail. :emoji_prayy)

 

[Al-Faqir]

@RoboMan Thank you again for this useful thread. Isn't it a good idea to share with us how threat detection is carried out by Eset? I mean why not describing how Eset handles unknown malware and how each component (configured with your settings) react. I know this might require a dedicated thread, but I see the need of such threads. Thank you in advance.

 

[Dave Russo]

If you're here you may probably have been delighted already by the majestic features of ESET Maybe the signatures convinced you? Great static detection for sure. In this thread I will guide you a bit on how to configure your ESET product for maximum security without compromising performance.

Spoiler: FAQ's

• Why ESET?

ESET's great with signatures, being one of the fastest to add them to their database. It also provides an amazing web filters and phishing protection. As for dynamic protection (real time execution of files) it can be either weak or really smart if configured correctly.

• Where does this configuration point to?

Of course, security. It will prioritize the maximum lockdown to avoid infection (which may happen if you don't acquire safe habits!). Still, we will make sure it's as light as possible.

• Is ESET a heavy product?

On the contrary, it's one of the lighter if not the lightest. Almost unnoticable system impact.

• Should I use it paired with other software?

If necessary, but evaluate which product. For example, OSArmor or VoodooShield can pair up really great, but some extra anti-malware products with real time protection (like HMP.A) may interfere with its features.

• Can I disable firewall to enable a 3rd party one?

Strongly recommended against. Do not disable any of the components that are not disabled in this configuration. A product works on its whole as a standalone solution, meaning firewall could be connected to real time protection in order to work fully.

• How does the thing that motivate the world function?

Cannot tell yet. May have that answer on my next firmware upgrade: Roboman 3.51b (beta testing through www.robomanAI.com/betatesting).

---------------------------------
CONFIGURATION

The following configuration setup is intended for maximum protection and interactive user approval. This means, you will be consulted about almost everything, in order for you to have full knowledge and control over your system. If you want an install and forget setup, this is not your thread. And probably not your AV lol.

We will start from the premise you just installed ESET, let it update and restarted the machine. Through the installation process you may have found out you're asked if you want to enable two options:

View attachment 196836

Just click YES on both.

If a section is skipped here on the thread it means you should leave it default. Only change what it's specifically told here. Compare the pictures with your configuration and enable/disable.

1. Right click ESET---Advanced setup

View attachment 196837

Spoiler: DETECTION ENGINE

View attachment 196838

Real-time system protection

View attachment 196839View attachment 196840View attachment 196841

Cloud based protection

View attachment 196842

Malware scans

1. Select "smart scan" and apply the following configuration

View attachment 196843View attachment 196844View attachment 196845
View attachment 196846View attachment 196847View attachment 196848View attachment 196849View attachment 196850View attachment 196851View attachment 196852

HIPS

View attachment 196853View attachment 196854

Spoiler: NETWORK PROTECTION

Firewall
Recommendation: set on learning mode for a week so all Windows and used software connections are learned, then switch to interactive to be notified about every connections.

View attachment 196855View attachment 196856View attachment 196857

Network attack protection

View attachment 196858View attachment 196859

Spoiler: DEVICE CONTROL

View attachment 196860

Spoiler: TOOLS

View attachment 196861

---------------------------------
WAIT, ROBO! I'm too lazy! Can't I just import your configuration file to my ESET product?
Well sir, yes you can. Download it from here:

UPLOAD.EE - Roboman_s_config_file.xml - Download

Thanks

 

[blackice]

I was going to reply the same thing, Advanced Heuristics/DNA signatures should be used only for new and modified files (default settings), the performance hit isnt worthy in my opinion, but the rest is great.

thanks @RoboMan , it was a nice reading.

I know this is an old message, but I was curious what the performance impact of real-time advance heuristics is? What is it doing in comparison to the normal heuristics that causes the impact? I’m new to ESET and their language on this is pretty vague on their website.

 

[Nightwalker]

I know this is an old message, but I was curious what the performance impact of real-time advance heuristics is? What is it doing in comparison to the normal heuristics that causes the impact? I’m new to ESET and their language on this is pretty vague on their website.

Enabling advanced heuristics on file access may have impact on system performance as code emulation is a time and resource consuming process. Therefore, advanced heuristics is only used for newly created and modified files as well as for file that are executed. Files whitelisted by ESET will not be scanned again if you have Smart optimization and LiveGrid enabled.

Real-time protection enable "Advanced heuristics/DNA/Smart signatures"