Advice Request Configure ESET Antivirus for Maximum Security (by RoboMan)

[Guilhermesene]

Look who I found as ESET's poster boy…

Is that you my friend @RoboMan?

Source: ESET LIVEGUARD 15

I think ESET needs to consider image rights

 

[NewbyUser]

Why do you have real time protection scanning disabled for file open and creation in your settings?

 

[RoboMan]

Why do you have real time protection scanning disabled for file open and creation in your settings?

That's a good question!

And the answer is "personal preference". I want to maximize performance too. Scanning only "on execution" seems to suffice in my opinion. Plus, add that HIPS has a bunch of solid protection rules, and the module is also set on "interactive" to prompt you for any modifications, behaviour or file operation. In this scenario, there's no need to scan the file three times, since we would be overkilling that poor boy.

 

[NewbyUser]

That's a good question!

And the answer is "personal preference". I want to maximize performance too. Scanning only "on execution" seems to suffice in my opinion. Plus, add that HIPS has a bunch of solid protection rules, and the module is also set on "interactive" to prompt you for any modifications, behaviour or file operation. In this scenario, there's no need to scan the file three times, since we would be overkilling that poor boy.

Doesn't Eset's caching feature take care of this? Files should only be scanned once as far as I'm aware

Enable Smart optimization – With Smart Optimization enabled, the most optimal settings are used to ensure the most efficient scanning level, while simultaneously maintaining the highest scanning speeds. The various protection modules scan intelligently, making use of different scanning methods and applying them to specific file types. If the Smart Optimization is disabled, only the user-defined settings in the ThreatSense core of the particular modules are applied when performing a scan.

 

[Nightwalker]

Nowadays I prefer the default settings ad litteram, the balance of performance x protection is optimal; I dont like some changes at all, specially the usage of Advanced Heuristics/DNA signatures for all files and not only for new and modified files, not a fan of scanning only "on execution" too.

Personally I would suggest the default settings in a Windows 11 OS with a Standard User Account, a DNS filtering solution like NextDNS, a password manager like Bitwarden, a privacy-focused browser like Brave or Firefox (maybe LibreWolf?) and frequent backups, thats it.

Ps: Default settings with PUP detection enabled of course.

 

[Guilhermesene]

Spoiler

These are the settings I make and use in my ESET. I don't know if they are the best protections, even because I am not an ESET expert (although I have used the product for 3 years, but I only found out about HIPS and very advanced protections very recently), I consider myself a beginner in the product despite the time I have been using it.

Do you consider these configurations good? Can I improve on something?

This is my configuration file: Download Link

Thanks friends

 

[RoboMan]

Doesn't Eset's caching feature take care of this? Files should only be scanned once as far as I'm aware

Enable Smart optimization – With Smart Optimization enabled, the most optimal settings are used to ensure the most efficient scanning level, while simultaneously maintaining the highest scanning speeds. The various protection modules scan intelligently, making use of different scanning methods and applying them to specific file types. If the Smart Optimization is disabled, only the user-defined settings in the ThreatSense core of the particular modules are applied when performing a scan.

ESET uses a cache-type of scan, meaning it will not scan the same file more than once. But this does not necessarility means what you think it may.

After each database update, ESET will rescan all these files (this is handled, aforementioned by you, with Smart Optimization module). If this is disabled, then all files will be scanned on-access.

Remember ESET uses mainly three different type of scans:

• File open – Enables or disables scanning when files are opened
• File creation – Enables or disables scanning when files are created
• File execution – Enables or disables scanning when files are run

Various system events may trigger a scan, not only on-demand file operations.

 

[RoboMan]

View attachment 262302View attachment 262303View attachment 262304View attachment 262305View attachment 262306View attachment 262307View attachment 262308View attachment 262309View attachment 262310View attachment 262311View attachment 262312View attachment 262313View attachment 262315View attachment 262317View attachment 262318View attachment 262319View attachment 262320View attachment 262321View attachment 262322View attachment 262323View attachment 262324View attachment 262325

These are the settings I make and use in my ESET. I don't know if they are the best protections, even because I am not an ESET expert (although I have used the product for 3 years, but I only found out about HIPS and very advanced protections very recently), I consider myself a beginner in the product despite the time I have been using it.

Do you consider these configurations good? Can I improve on something?

This is my configuration file: Download Link

Thanks friends

I would suggest you switch HIPS module from "automatic" to "smart", since it offers a more restrictive protection.

HIPS in automatic mode is basically "all operations allowed except those with a pre-defined rule".
HIPS in smart mode will warn you about suspicious events.

If you're more into security, I'd recommend HIPS in interactive mode (only after at least a two-week learning mode). Only use this if you understand the basics of system arquitecture to avoid killing your SO.

Also, I'd recommend Firewall to be turned to "interactive" mode (only after two weeks in learning mode).

Before turning any module into "learning" mode, be sure your system is free of malware!

 

[NewbyUser]

View attachment 262302View attachment 262303View attachment 262304View attachment 262305View attachment 262306View attachment 262307View attachment 262308View attachment 262309View attachment 262310View attachment 262311View attachment 262312View attachment 262313View attachment 262315View attachment 262317View attachment 262318View attachment 262319View attachment 262320View attachment 262321View attachment 262322View attachment 262323View attachment 262324View attachment 262325

These are the settings I make and use in my ESET. I don't know if they are the best protections, even because I am not an ESET expert (although I have used the product for 3 years, but I only found out about HIPS and very advanced protections very recently), I consider myself a beginner in the product despite the time I have been using it.

Do you consider these configurations good? Can I improve on something?

This is my configuration file: Download Link

Thanks friends

I'm currently testing Aggressive Settings for Real time protection but I'm not sure it's really needed. Like Nightwalker I'm not really a fan of advanced heuristics on all files. Your settings are fine though, it's a matter of personal preference as RoboMan said. Same with https scanning, some think it's unethical, some think it's essential lol. Use whichever you prefer as Eset allows you to make that choice.

 

[NewbyUser]

As an aside, as long as you don't go BELOW the default settings, you'll be fine. You shouldn't have to, Eset is plenty light for most people.

 

[Guilhermesene]

I would suggest you switch HIPS module from "automatic" to "smart", since it offers a more restrictive protection.

HIPS in automatic mode is basically "all operations allowed except those with a pre-defined rule".
HIPS in smart mode will warn you about suspicious events.

If you're more into security, I'd recommend HIPS in interactive mode (only after at least a two-week learning mode). Only use this if you understand the basics of system arquitecture to avoid killing your SO.

Also, I'd recommend Firewall to be turned to "interactive" mode (only after two weeks in learning mode).

Before turning any module into "learning" mode, be sure your system is free of malware!

I confess that I was curious to test HIPS.

Yes I like security and was using Kaspersky in default deny mode thanks to you great master @RoboMan and @harlan4096. But in ESET, I always had difficulties in understanding all the features of the product, especially those modules more complex as HIPS (I think because of the documentation in Portuguese is not so explanatory or easy to understand).

About malware on my machine I don't worry about it, I don't even know what it is haha I spent 3 years with ESET in standard mode and have NEVER been infected, after I met this forum and started to understand the pros and cons of each AV I kept migrating to Bitdefender / Kaspersky / F-secure / Norton / Sophos.

I want to leave HIPS in learning mode for two weeks and then put it in interactive mode, but I have a lot of doubt, because I program on my pc (I develop applications for the university and study about programming) and as in Kaspersky (the default deny mode in this case) hinders me in relation to this because it blocked all programs that I developed (obvious, new program, clean of malware, but new hashes unknown by KSN among other reasons).

Can you tell me @RoboMan if using this mode (learning then interactive) will block my developed applications?

Anyway, thank you very much for your attention and for ALWAYS replying to my messages. Each of your messages is a learning read for me, and I am learning a lot from all of this.

 

[Guilhermesene]

I'm currently testing Aggressive Settings for Real time protection but I'm not sure it's really needed. Like Nightwalker I'm not really a fan of advanced heuristics on all files. Your settings are fine though, it's a matter of personal preference as RoboMan said. Same with https scanning, some think it's unethical, some think it's essential lol. Use whichever you prefer as Eset allows you to make that choice.

Thank you very much for your comment @NewbyUser I will think better about ESET and try to study more. Glad to know that my settings although not so advanced, are good for protection.

As an aside, as long as you don't go BELOW the default settings, you'll be fine. You shouldn't have to, Eset is plenty light for most people.

I am very relaxed about this. Actually, ESET is very light and this is great because it works on any type of machine, either the oldest to the newest.

I have a great desktop with 32gb of RAM and a 9th generation i7 CPU, and here it works perfectly on the performance issue.

 

[NewbyUser]

I would suggest you switch HIPS module from "automatic" to "smart", since it offers a more restrictive protection.

HIPS in automatic mode is basically "all operations allowed except those with a pre-defined rule".
HIPS in smart mode will warn you about suspicious events.

If you're more into security, I'd recommend HIPS in interactive mode (only after at least a two-week learning mode). Only use this if you understand the basics of system arquitecture to avoid killing your SO.

Also, I'd recommend Firewall to be turned to "interactive" mode (only after two weeks in learning mode).

Before turning any module into "learning" mode, be sure your system is free of malware!

Is there any advantage to using smart mode after learning mode? Or is that a waste of time?

 

[RoboMan]

Is there any advantage to using smart mode after learning mode? Or is that a waste of time?

It's good. Smart Mode will prompt for your decision whenever a suspicious event takes place, so even if it was on learning mode before, suspicious activity may still occur.

 

[RoboMan]

Can you tell me @RoboMan if using this mode (learning then interactive) will block my developed applications?

Not block, but it will certainly prompt for your approval, since it won't be recognising the file, and the file will be hooking other files or triggering suspicious events.

 

[Kiss]

Our official Hub Tester Faybert could test eset with these settings, it would be nice to see how it works against zero-day threats and ransomware

 

[Shadowra]

Our official Hub Tester Faybert could test eset with these settings, it would be nice to see how it works against zero-day threats and ransomware

Personally I plan to make a video on Eset with the Roboman settings in video

 

[Nightwater]

Our official Hub Tester Faybert could test eset with these settings, it would be nice to see how it works against zero-day threats and ransomware

I find it difficult, the members of the HUB do not respond or comment on things outside the HUB itself, I already tried once to give a suggestion to test an antivirus, no response

 

[harlan4096]

ESET IS - April 2021 Report

ESET IS - April 2021 Report Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use. __ C: Clean / P: Protected / P - NC: Protected -...

malwaretips.com

 

[RoboMan]

PROTECTED FOLDERS IS HERE

Hello everybody,

I have updated my configuration file for ESET.

Two important HIPS rules have been added, which are meant to work as a "Protected Folders" module.

These two rules will command ESET two allow some programs to edit your files, and will block the rest to do so. This is intended as an extra security enforcement against ransomware.

Spoiler: Instructions

1. Download my configuration file and import it into your ESET product
2. Head to HIPS--Rules--Edit
3. Click on the "Search" icon

4. Use the keyword "Protected", you will find these two trules

5. For both, you will click them and hit "Edit"
6. You will now hit "Next" three times and you will see the "Target files" which have the path to the protected folders
7. Here, you will edit the User name, change it from "gonza" to your Windows User name
8. Hit finish and save

Congratulations! You have protected your desired folders. If you wish to add more folders to the protection, just add them on the step 7.

As well, if you'd like to allow more applications to edit or delete your files (beyond from those I already added, like Office, just edit the "Allow" rule, hit "Next" one time, and add the path to those applications in that screen. Then hit next until you reach the "Finish" window.

PS: false positives may appear at first, such as legitimate programs being blocked from touching your files (like Paint, for instance). To avoid this to happen, just set HIPS to "learning mode" for a few days and then go back to "interactive mode".

Download the configuration file: UPLOAD.EE - ESET_NOD32_December_2021.xml - Download