artek

Level 5
You're comparing lightness with ram usage only which is wrong. There are many other parameters beside ram usage.
AV-Comparative does an excellent job at testing this. Check this: Performance Test April 2019
ESET is the lightest in their test as well so my and many other user's personal experience + this result surely verifies it.

I think I remember other tests that ranked it a bit heavier, but ESET felt very light on my system when I was trying it out. There were no real major system slowdowns or hiccups.
 

blackice

Level 28
Verified
You're comparing lightness with ram usage only which is wrong. There are many other parameters beside ram usage.
AV-Comparative does an excellent job at testing this. Check this: Performance Test April 2019
ESET is the lightest in their test as well so my and many other user's personal experience + this result surely verifies it.
That is a good point, though I would hazard a guess that most people worried about lightness on a laptop are ram limited, and also potentially cpu limited.

I’ve honestly never noticed an av having an impact, except when moving large files between drives with WD. And that’s not something I do often.
 

Nightwalker

Level 21
Verified
Trusted
Content Creator
The "light" is such a weird definition these days. I mean, I have freaking 32GB of RAM pretty much just because I can. And it wasn't even stupid expensive. Before this I had 18GB (triple channel X58, hence the funny number). And even if I only had 16GB, last time I opened task manager to worry about RAM was back when Windows XP was a thing and I had system with 1GB of RAM iirc.

The "light" that people talk about while refering to ESET isnt about RAM usage (although it is pretty low), it is about how little it impacts system performance, even while being used in weak hardware.

Edit: @SeriousHoax nailed the question.
 

RejZoR

Level 15
Verified
The "light" that people talk about while refering to ESET isnt about RAM usage (although it is pretty low), it is about how little it impacts system performance, even while being used in weak hardware.

Edit: @SeriousHoax nailed the question.

Just like how Windows Defender was always "light" in all tests and it was a frigging slug on my high end system. Go figure. And yeah, RAM usage usually is what people really mean.
 

MacDefender

Level 12
Verified
Finally. After all my complaints over tons of illogical results from the past where it always scored as one of top performing products...
Yeah you are not alone. Jeez when it's scanning a new executable download the cloud lookup is as if it's connecting you to a call center of humans uploading the file to VirusTotal....
It's definitely not light despite being default. At least it provides decent protection.
 

Cortex

Level 24
Verified
ok it is light and fast but why not change UI it is very ugly and firewall settings it is very difficulty understand its procedures
I agree the firewall settings in ESET & most AV's could be simpler. They all could have a look at Norton for firewall settings, an issue is if Mr/Miss/Ms Dim starts faffing about in firewall settings then phones support it's unneeded work - And in my experience if people who have no understanding will mess with things they do not understand, the less they know the more they mess around then, when they break it who knows how it went wrong? :rolleyes::rolleyes:
 

notabot

Level 15
I agree the firewall settings in ESET & most AV's could be simpler. They all could have a look at Norton for firewall settings, an issue is if Mr/Miss/Ms Dim starts faffing about in firewall settings then phones support it's unneeded work - And in my experience if people who have no understanding will mess with things they do not understand, the less they know the more they mess around then, when they break it who knows how it went wrong? :rolleyes::rolleyes:

Does the ESET firewall let you block/allow different services, all run by svchost ?
 

SeriousHoax

Level 32
Verified
Does the ESET firewall let you block/allow different services, all run by svchost ?
Yes it does. Here for example two separate rules for same exe yet different services
fire 2.PNG
fire 3.PNG

You can also set it to Interactive mode. In that case it would ask for your permission when any process or service tries to connect to internet and you can select whether to allow only once or till the program is closed or permanently.
fire.PNG

ESET has one of the most advanced and highly configurable Firewall. I personally use it in Interactive mode.
 

Cortex

Level 24
Verified
Yes it does. Here for example two separate rules for same exe yet different services
View attachment 229057View attachment 229058
You can also set it to Interactive mode. In that case it would ask for your permission when any process or service tries to connect to internet and you can select whether to allow only once or till the program is closed or permanently.
View attachment 229056
ESET has one of the most advanced and highly configurable Firewall. I personally use it in Interactive mode.
I agree, but I've used firewalls for years however for simple blocking - unblocking Norton's is pretty good, I'm not saying it's the best though? I did mean to crop it but cat on my knee.

FW.png
 

SeriousHoax

Level 32
Verified
I agree, but I've used firewalls for years however for simple blocking - unblocking Norton's is pretty good, I'm not saying it's the best though? I did mean to crop it but cat on my knee.

View attachment 229060
I definitely agree with you. Even though ESET is more customizable it doesn't have an UI for Firewall like the Norton screenshot you gave. Kaspersky has something similar with it's application control, G-Data has this and some other AVs as well. It's easier to Allow, disallow apps like that. I once posted on ESET forum about this on their future changes thread but don't know if they are interested or not. They barely listen to customer feedback. I guess if their enterprise customers want this they would surely implement this into their product.
 

MacDefender

Level 12
Verified
Testing ESET 13.0.22.0's HIPS with my sample of suspicious things:

(1) (written myself) Simulated ransomware: Zips up the contents of My Documents (password set to today's date) and then deletes all the files one by one.
(2) (written myself) Simulated PUA: Copies itself as C:\Program.exe and then registers itself as a startup item
(3) Modified Rufus.exe repacked myself: Rufus edits the system's group policy to disable Autorun and escalates itself to admin in order to drop in GPO registry keys.
(4) Modified Universal Watermark Disabler repatched myself (patches BootMgr and the EFI Windows loader similar to a rootkit)
(5) Stock HWIDGen (Windows piracy tool, MITM's the connection to a Windows activation server. Considered suspicious by most heuristic analyzers)
(6) Stock VMWare Workstation crack (false alarm test. Attempts to patch VMWare binaries sets off a lot of heuristic engines as malware attempting to detect a VM)

Emisisoft AM alerts on: 1, 2, 3, 6
F-Secure SAFE alerts on: 1, 2, 3, 4
ESET alerts on: None


In terms of results, I expect 1, 2, and 4 to be flagged by a behavior blocker or even a static analyzer. I expect 6 to not be flagged by anything.

I was surprised that the default settings for ESET didn't alert to anything.... (1) actually deleted my data despite the "ransomware blocker" module being turned on. And I'm literally just using stock .NET APIs with no attempt to obfuscate the fact that I'm deleting stuff from My Documents after encrypting it. (2) is meant to be a double whammy where locating yourself to Program.exe is a common exploit attempt (unquoted service path) and a zero reputation binary immediately setting itself to run at startup is suspicious too.

Are there fancier settings to use for ESET?


On the bright side, the static scanner is quite good. It's picking up a lot of live-generated Mac malware that is intentionally randomized every download.


EDIT: I will say that while testing most Of these binaries there was about a 5-10 second stall at various points in execution. It seemed like ESET was somehow inspecting what the binaries tried to do but just wasn't suspicious enough. Note too that this was more heavyweight than the other mentioned BBs. ESET is overall light and fast but it does seem to be heavy if the behavior blocker is inspecting a process.
 
Last edited:

notabot

Level 15
Testing ESET 13.0.22.0's HIPS with my sample of suspicious things:

(1) (written myself) Simulated ransomware: Zips up the contents of My Documents (password set to today's date) and then deletes all the files one by one.
(2) (written myself) Simulated PUA: Copies itself as C:\Program.exe and then registers itself as a startup item
(3) Modified Rufus.exe repacked myself: Rufus edits the system's group policy to disable Autorun and escalates itself to admin in order to drop in GPO registry keys.
(4) Modified Universal Watermark Disabler repatched myself (patches BootMgr and the EFI Windows loader similar to a rootkit)
(5) Stock HWIDGen (Windows piracy tool, MITM's the connection to a Windows activation server. Considered suspicious by most heuristic analyzers)
(6) Stock VMWare Workstation crack (false alarm test. Attempts to patch VMWare binaries sets off a lot of heuristic engines as malware attempting to detect a VM)

Emisisoft AM alerts on: 1, 2, 3, 6
F-Secure SAFE alerts on: 1, 2, 3, 4
ESET alerts on: None


In terms of results, I expect 1, 2, and 4 to be flagged by a behavior blocker or even a static analyzer. I expect 6 to not be flagged by anything.

I was surprised that the default settings for ESET didn't alert to anything.... (1) actually deleted my data despite the "ransomware blocker" module being turned on. And I'm literally just using stock .NET APIs with no attempt to obfuscate the fact that I'm deleting stuff from My Documents after encrypting it. (2) is meant to be a double whammy where locating yourself to Program.exe is a common exploit attempt (unquoted service path) and a zero reputation binary immediately setting itself to run at startup is suspicious too.

Are there fancier settings to use for ESET?


On the bright side, the static scanner is quite good. It's picking up a lot of live-generated Mac malware that is intentionally randomized every download.


EDIT: I will say that while testing most Of these binaries there was about a 5-10 second stall at various points in execution. It seemed like ESET was somehow inspecting what the binaries tried to do but just wasn't suspicious enough. Note too that this was more heavyweight than the other mentioned BBs. ESET is overall light and fast but it does seem to be heavy if the behavior blocker is inspecting a process.

Can ESET's behavioural blocker's sensitivity level be tweaked? if yes, then does increasing the sensitivity alert on more executables?
 

MacDefender

Level 12
Verified
Can ESET's behavioural blocker's sensitivity level be tweaked? if yes, then does increasing the sensitivity alert on more executables?
There's a "Deep behavior blocker" which is just on off. I had it on obviously.

There's HIPS with 6 "policy" settings. Default is Automatic. I had it on Automatic and tried Smart too. It goes back to what someone else was saying -- ESET has a lot of options and many them are not obvious and poorly grouped together. Norton/SEP have a lot of options too but they are more intuitive.
 

blackice

Level 28
Verified
Testing ESET 13.0.22.0's HIPS with my sample of suspicious things:

(1) (written myself) Simulated ransomware: Zips up the contents of My Documents (password set to today's date) and then deletes all the files one by one.
(2) (written myself) Simulated PUA: Copies itself as C:\Program.exe and then registers itself as a startup item
(3) Modified Rufus.exe repacked myself: Rufus edits the system's group policy to disable Autorun and escalates itself to admin in order to drop in GPO registry keys.
(4) Modified Universal Watermark Disabler repatched myself (patches BootMgr and the EFI Windows loader similar to a rootkit)
(5) Stock HWIDGen (Windows piracy tool, MITM's the connection to a Windows activation server. Considered suspicious by most heuristic analyzers)
(6) Stock VMWare Workstation crack (false alarm test. Attempts to patch VMWare binaries sets off a lot of heuristic engines as malware attempting to detect a VM)

Emisisoft AM alerts on: 1, 2, 3, 6
F-Secure SAFE alerts on: 1, 2, 3, 4
ESET alerts on: None


In terms of results, I expect 1, 2, and 4 to be flagged by a behavior blocker or even a static analyzer. I expect 6 to not be flagged by anything.

I was surprised that the default settings for ESET didn't alert to anything.... (1) actually deleted my data despite the "ransomware blocker" module being turned on. And I'm literally just using stock .NET APIs with no attempt to obfuscate the fact that I'm deleting stuff from My Documents after encrypting it. (2) is meant to be a double whammy where locating yourself to Program.exe is a common exploit attempt (unquoted service path) and a zero reputation binary immediately setting itself to run at startup is suspicious too.

Are there fancier settings to use for ESET?


On the bright side, the static scanner is quite good. It's picking up a lot of live-generated Mac malware that is intentionally randomized every download.


EDIT: I will say that while testing most Of these binaries there was about a 5-10 second stall at various points in execution. It seemed like ESET was somehow inspecting what the binaries tried to do but just wasn't suspicious enough. Note too that this was more heavyweight than the other mentioned BBs. ESET is overall light and fast but it does seem to be heavy if the behavior blocker is inspecting a process.
Did you submit your findings to ESET?