Advice Request Configure ESET Antivirus for Maximum Security (by RoboMan)

Please provide comments and solutions that are helpful to the author of this topic.

G

Guilhermesene

Look who I found as ESET's poster boy…

Is that you my friend @RoboMan?

Captura de tela 2021-11-28 192336.png

Source: ESET LIVEGUARD 15

I think ESET needs to consider image rights 😆😆
 

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Why do you have real time protection scanning disabled for file open and creation in your settings?
That's a good question!

And the answer is "personal preference". I want to maximize performance too. Scanning only "on execution" seems to suffice in my opinion. Plus, add that HIPS has a bunch of solid protection rules, and the module is also set on "interactive" to prompt you for any modifications, behaviour or file operation. In this scenario, there's no need to scan the file three times, since we would be overkilling that poor boy.
 

NewbyUser

Level 2
Verified
Well-known
Jul 16, 2021
53
That's a good question!

And the answer is "personal preference". I want to maximize performance too. Scanning only "on execution" seems to suffice in my opinion. Plus, add that HIPS has a bunch of solid protection rules, and the module is also set on "interactive" to prompt you for any modifications, behaviour or file operation. In this scenario, there's no need to scan the file three times, since we would be overkilling that poor boy.
Doesn't Eset's caching feature take care of this? Files should only be scanned once as far as I'm aware

Enable Smart optimization – With Smart Optimization enabled, the most optimal settings are used to ensure the most efficient scanning level, while simultaneously maintaining the highest scanning speeds. The various protection modules scan intelligently, making use of different scanning methods and applying them to specific file types. If the Smart Optimization is disabled, only the user-defined settings in the ThreatSense core of the particular modules are applied when performing a scan.
 
Last edited:

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Nowadays I prefer the default settings ad litteram, the balance of performance x protection is optimal; I dont like some changes at all, specially the usage of Advanced Heuristics/DNA signatures for all files and not only for new and modified files, not a fan of scanning only "on execution" too.

Personally I would suggest the default settings in a Windows 11 OS with a Standard User Account, a DNS filtering solution like NextDNS, a password manager like Bitwarden, a privacy-focused browser like Brave or Firefox (maybe LibreWolf?) and frequent backups, thats it.

Ps: Default settings with PUP detection enabled of course.
 
G

Guilhermesene

01.png02.png03.png04.png05.png06.png07.png08.png09.png10.png11.png12.png14.png15.png16.png13.png17.png18.png19.png20.png21.png22.png
These are the settings I make and use in my ESET. I don't know if they are the best protections, even because I am not an ESET expert (although I have used the product for 3 years, but I only found out about HIPS and very advanced protections very recently), I consider myself a beginner in the product despite the time I have been using it.

Do you consider these configurations good? Can I improve on something?

This is my configuration file: Download Link

Thanks friends 🙂
 
Last edited by a moderator:

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Doesn't Eset's caching feature take care of this? Files should only be scanned once as far as I'm aware

Enable Smart optimization – With Smart Optimization enabled, the most optimal settings are used to ensure the most efficient scanning level, while simultaneously maintaining the highest scanning speeds. The various protection modules scan intelligently, making use of different scanning methods and applying them to specific file types. If the Smart Optimization is disabled, only the user-defined settings in the ThreatSense core of the particular modules are applied when performing a scan.
ESET uses a cache-type of scan, meaning it will not scan the same file more than once. But this does not necessarility means what you think it may.

After each database update, ESET will rescan all these files (this is handled, aforementioned by you, with Smart Optimization module). If this is disabled, then all files will be scanned on-access.

Remember ESET uses mainly three different type of scans:

• File open – Enables or disables scanning when files are opened
• File creation – Enables or disables scanning when files are created
• File execution – Enables or disables scanning when files are run

Various system events may trigger a scan, not only on-demand file operations.
 

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
View attachment 262302View attachment 262303View attachment 262304View attachment 262305View attachment 262306View attachment 262307View attachment 262308View attachment 262309View attachment 262310View attachment 262311View attachment 262312View attachment 262313View attachment 262315View attachment 262317View attachment 262318View attachment 262319View attachment 262320View attachment 262321View attachment 262322View attachment 262323View attachment 262324View attachment 262325

These are the settings I make and use in my ESET. I don't know if they are the best protections, even because I am not an ESET expert (although I have used the product for 3 years, but I only found out about HIPS and very advanced protections very recently), I consider myself a beginner in the product despite the time I have been using it.

Do you consider these configurations good? Can I improve on something?

This is my configuration file: Download Link

Thanks friends 🙂
I would suggest you switch HIPS module from "automatic" to "smart", since it offers a more restrictive protection.

HIPS in automatic mode is basically "all operations allowed except those with a pre-defined rule".
HIPS in smart mode will warn you about suspicious events.

If you're more into security, I'd recommend HIPS in interactive mode (only after at least a two-week learning mode). Only use this if you understand the basics of system arquitecture to avoid killing your SO.

Also, I'd recommend Firewall to be turned to "interactive" mode (only after two weeks in learning mode).

Before turning any module into "learning" mode, be sure your system is free of malware!
 

NewbyUser

Level 2
Verified
Well-known
Jul 16, 2021
53
View attachment 262302View attachment 262303View attachment 262304View attachment 262305View attachment 262306View attachment 262307View attachment 262308View attachment 262309View attachment 262310View attachment 262311View attachment 262312View attachment 262313View attachment 262315View attachment 262317View attachment 262318View attachment 262319View attachment 262320View attachment 262321View attachment 262322View attachment 262323View attachment 262324View attachment 262325

These are the settings I make and use in my ESET. I don't know if they are the best protections, even because I am not an ESET expert (although I have used the product for 3 years, but I only found out about HIPS and very advanced protections very recently), I consider myself a beginner in the product despite the time I have been using it.

Do you consider these configurations good? Can I improve on something?

This is my configuration file: Download Link

Thanks friends 🙂
I'm currently testing Aggressive Settings for Real time protection but I'm not sure it's really needed. Like Nightwalker I'm not really a fan of advanced heuristics on all files. Your settings are fine though, it's a matter of personal preference as RoboMan said. Same with https scanning, some think it's unethical, some think it's essential lol. Use whichever you prefer as Eset allows you to make that choice.
 
G

Guilhermesene

I would suggest you switch HIPS module from "automatic" to "smart", since it offers a more restrictive protection.

HIPS in automatic mode is basically "all operations allowed except those with a pre-defined rule".
HIPS in smart mode will warn you about suspicious events.

If you're more into security, I'd recommend HIPS in interactive mode (only after at least a two-week learning mode). Only use this if you understand the basics of system arquitecture to avoid killing your SO.

Also, I'd recommend Firewall to be turned to "interactive" mode (only after two weeks in learning mode).

Before turning any module into "learning" mode, be sure your system is free of malware!

I confess that I was curious to test HIPS.

Yes I like security and was using Kaspersky in default deny mode thanks to you great master @RoboMan and @harlan4096. But in ESET, I always had difficulties in understanding all the features of the product, especially those modules more complex as HIPS (I think because of the documentation in Portuguese is not so explanatory or easy to understand).

About malware on my machine I don't worry about it, I don't even know what it is haha I spent 3 years with ESET in standard mode and have NEVER been infected, after I met this forum and started to understand the pros and cons of each AV I kept migrating to Bitdefender / Kaspersky / F-secure / Norton / Sophos.

I want to leave HIPS in learning mode for two weeks and then put it in interactive mode, but I have a lot of doubt, because I program on my pc (I develop applications for the university and study about programming) and as in Kaspersky (the default deny mode in this case) hinders me in relation to this because it blocked all programs that I developed (obvious, new program, clean of malware, but new hashes unknown by KSN among other reasons).

Can you tell me @RoboMan if using this mode (learning then interactive) will block my developed applications?

01.png


Anyway, thank you very much for your attention and for ALWAYS replying to my messages. Each of your messages is a learning read for me, and I am learning a lot from all of this.
 
G

Guilhermesene

I'm currently testing Aggressive Settings for Real time protection but I'm not sure it's really needed. Like Nightwalker I'm not really a fan of advanced heuristics on all files. Your settings are fine though, it's a matter of personal preference as RoboMan said. Same with https scanning, some think it's unethical, some think it's essential lol. Use whichever you prefer as Eset allows you to make that choice.
Thank you very much for your comment @NewbyUser 🙂 I will think better about ESET and try to study more. Glad to know that my settings although not so advanced, are good for protection.

As an aside, as long as you don't go BELOW the default settings, you'll be fine. You shouldn't have to, Eset is plenty light for most people.
I am very relaxed about this. Actually, ESET is very light and this is great because it works on any type of machine, either the oldest to the newest.

I have a great desktop with 32gb of RAM and a 9th generation i7 CPU, and here it works perfectly on the performance issue.
 

NewbyUser

Level 2
Verified
Well-known
Jul 16, 2021
53
I would suggest you switch HIPS module from "automatic" to "smart", since it offers a more restrictive protection.

HIPS in automatic mode is basically "all operations allowed except those with a pre-defined rule".
HIPS in smart mode will warn you about suspicious events.

If you're more into security, I'd recommend HIPS in interactive mode (only after at least a two-week learning mode). Only use this if you understand the basics of system arquitecture to avoid killing your SO.

Also, I'd recommend Firewall to be turned to "interactive" mode (only after two weeks in learning mode).

Before turning any module into "learning" mode, be sure your system is free of malware!
Is there any advantage to using smart mode after learning mode? Or is that a waste of time?
 

Nightwater

Level 2
Jan 26, 2021
69
Our official Hub Tester Faybert could test eset with these settings, it would be nice to see how it works against zero-day threats and ransomware :)(y)
I find it difficult, the members of the HUB do not respond or comment on things outside the HUB itself, I already tried once to give a suggestion to test an antivirus, no response
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
 

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
PROTECTED FOLDERS IS HERE

Hello everybody,

I have updated my configuration file for ESET.

Two important HIPS rules have been added, which are meant to work as a "Protected Folders" module.

These two rules will command ESET two allow some programs to edit your files, and will block the rest to do so. This is intended as an extra security enforcement against ransomware.
1. Download my configuration file and import it into your ESET product
2. Head to HIPS--Rules--Edit
3. Click on the "Search" icon
1638559541350.png

4. Use the keyword "Protected", you will find these two trules
1638558977731.png

5. For both, you will click them and hit "Edit"
6. You will now hit "Next" three times and you will see the "Target files" which have the path to the protected folders
7. Here, you will edit the User name, change it from "gonza" to your Windows User name
8. Hit finish and save

Congratulations! You have protected your desired folders. If you wish to add more folders to the protection, just add them on the step 7.

As well, if you'd like to allow more applications to edit or delete your files (beyond from those I already added, like Office, just edit the "Allow" rule, hit "Next" one time, and add the path to those applications in that screen. Then hit next until you reach the "Finish" window.

PS: false positives may appear at first, such as legitimate programs being blocked from touching your files (like Paint, for instance). To avoid this to happen, just set HIPS to "learning mode" for a few days and then go back to "interactive mode".
Download the configuration file: UPLOAD.EE - ESET_NOD32_December_2021.xml - Download
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top