I think I remember other tests that ranked it a bit heavier, but ESET felt very light on my system when I was trying it out. There were no real major system slowdowns or hiccups.
Eset 13.0.22.0 Final
- Thread starter SpectraShadow83
- Start date
I think I remember other tests that ranked it a bit heavier, but ESET felt very light on my system when I was trying it out. There were no real major system slowdowns or hiccups.
- Apr 1, 2019
- 2,763
That is a good point, though I would hazard a guess that most people worried about lightness on a laptop are ram limited, and also potentially cpu limited.
I’ve honestly never noticed an av having an impact, except when moving large files between drives with WD. And that’s not something I do often.
- May 26, 2014
- 1,339
The "light" that people talk about while refering to ESET isnt about RAM usage (although it is pretty low), it is about how little it impacts system performance, even while being used in weak hardware.
Edit: @SeriousHoax nailed the question.
- Nov 26, 2016
- 699
Just like how Windows Defender was always "light" in all tests and it was a frigging slug on my high end system. Go figure. And yeah, RAM usage usually is what people really mean.
- Mar 16, 2019
- 3,633
Check the link I gave above. Windows Defender is at the last position in that test.
- Nov 26, 2016
- 699
Finally. After all my complaints over tons of illogical results from the past where it always scored as one of top performing products...
- Aug 2, 2015
- 573
ok it is light and fast but why not change UI it is very ugly and firewall settings it is very difficulty understand its procedures
Yeah you are not alone. Jeez when it's scanning a new executable download the cloud lookup is as if it's connecting you to a call center of humans uploading the file to VirusTotal....
It's definitely not light despite being default. At least it provides decent protection.
- Aug 4, 2016
- 1,465
I agree the firewall settings in ESET & most AV's could be simpler. They all could have a look at Norton for firewall settings, an issue is if Mr/Miss/Ms Dim starts faffing about in firewall settings then phones support it's unneeded work - And in my experience if people who have no understanding will mess with things they do not understand, the less they know the more they mess around then, when they break it who knows how it went wrong?
I agree the firewall settings in ESET & most AV's could be simpler. They all could have a look at Norton for firewall settings, an issue is if Mr/Miss/Ms Dim starts faffing about in firewall settings then phones support it's unneeded work - And in my experience if people who have no understanding will mess with things they do not understand, the less they know the more they mess around then, when they break it who knows how it went wrong?
Does the ESET firewall let you block/allow different services, all run by svchost ?
- Mar 16, 2019
- 3,633
Yes it does. Here for example two separate rules for same exe yet different services
You can also set it to Interactive mode. In that case it would ask for your permission when any process or service tries to connect to internet and you can select whether to allow only once or till the program is closed or permanently.
ESET has one of the most advanced and highly configurable Firewall. I personally use it in Interactive mode.
- Aug 4, 2016
- 1,465
I agree, but I've used firewalls for years however for simple blocking - unblocking Norton's is pretty good, I'm not saying it's the best though? I did mean to crop it but cat on my knee.
- Mar 16, 2019
- 3,633
I definitely agree with you. Even though ESET is more customizable it doesn't have an UI for Firewall like the Norton screenshot you gave. Kaspersky has something similar with it's application control, G-Data has this and some other AVs as well. It's easier to Allow, disallow apps like that. I once posted on ESET forum about this on their future changes thread but don't know if they are interested or not. They barely listen to customer feedback. I guess if their enterprise customers want this they would surely implement this into their product.
Testing ESET 13.0.22.0's HIPS with my sample of suspicious things:
(1) (written myself) Simulated ransomware: Zips up the contents of My Documents (password set to today's date) and then deletes all the files one by one.
(2) (written myself) Simulated PUA: Copies itself as C:\Program.exe and then registers itself as a startup item
(3) Modified Rufus.exe repacked myself: Rufus edits the system's group policy to disable Autorun and escalates itself to admin in order to drop in GPO registry keys.
(4) Modified Universal Watermark Disabler repatched myself (patches BootMgr and the EFI Windows loader similar to a rootkit)
(5) Stock HWIDGen (Windows piracy tool, MITM's the connection to a Windows activation server. Considered suspicious by most heuristic analyzers)
(6) Stock VMWare Workstation crack (false alarm test. Attempts to patch VMWare binaries sets off a lot of heuristic engines as malware attempting to detect a VM)
Emisisoft AM alerts on: 1, 2, 3, 6
F-Secure SAFE alerts on: 1, 2, 3, 4
ESET alerts on: None
In terms of results, I expect 1, 2, and 4 to be flagged by a behavior blocker or even a static analyzer. I expect 6 to not be flagged by anything.
I was surprised that the default settings for ESET didn't alert to anything.... (1) actually deleted my data despite the "ransomware blocker" module being turned on. And I'm literally just using stock .NET APIs with no attempt to obfuscate the fact that I'm deleting stuff from My Documents after encrypting it. (2) is meant to be a double whammy where locating yourself to Program.exe is a common exploit attempt (unquoted service path) and a zero reputation binary immediately setting itself to run at startup is suspicious too.
Are there fancier settings to use for ESET?
On the bright side, the static scanner is quite good. It's picking up a lot of live-generated Mac malware that is intentionally randomized every download.
EDIT: I will say that while testing most Of these binaries there was about a 5-10 second stall at various points in execution. It seemed like ESET was somehow inspecting what the binaries tried to do but just wasn't suspicious enough. Note too that this was more heavyweight than the other mentioned BBs. ESET is overall light and fast but it does seem to be heavy if the behavior blocker is inspecting a process.
(1) (written myself) Simulated ransomware: Zips up the contents of My Documents (password set to today's date) and then deletes all the files one by one.
(2) (written myself) Simulated PUA: Copies itself as C:\Program.exe and then registers itself as a startup item
(3) Modified Rufus.exe repacked myself: Rufus edits the system's group policy to disable Autorun and escalates itself to admin in order to drop in GPO registry keys.
(4) Modified Universal Watermark Disabler repatched myself (patches BootMgr and the EFI Windows loader similar to a rootkit)
(5) Stock HWIDGen (Windows piracy tool, MITM's the connection to a Windows activation server. Considered suspicious by most heuristic analyzers)
(6) Stock VMWare Workstation crack (false alarm test. Attempts to patch VMWare binaries sets off a lot of heuristic engines as malware attempting to detect a VM)
Emisisoft AM alerts on: 1, 2, 3, 6
F-Secure SAFE alerts on: 1, 2, 3, 4
ESET alerts on: None
In terms of results, I expect 1, 2, and 4 to be flagged by a behavior blocker or even a static analyzer. I expect 6 to not be flagged by anything.
I was surprised that the default settings for ESET didn't alert to anything.... (1) actually deleted my data despite the "ransomware blocker" module being turned on. And I'm literally just using stock .NET APIs with no attempt to obfuscate the fact that I'm deleting stuff from My Documents after encrypting it. (2) is meant to be a double whammy where locating yourself to Program.exe is a common exploit attempt (unquoted service path) and a zero reputation binary immediately setting itself to run at startup is suspicious too.
Are there fancier settings to use for ESET?
On the bright side, the static scanner is quite good. It's picking up a lot of live-generated Mac malware that is intentionally randomized every download.
EDIT: I will say that while testing most Of these binaries there was about a 5-10 second stall at various points in execution. It seemed like ESET was somehow inspecting what the binaries tried to do but just wasn't suspicious enough. Note too that this was more heavyweight than the other mentioned BBs. ESET is overall light and fast but it does seem to be heavy if the behavior blocker is inspecting a process.
Last edited:
Can ESET's behavioural blocker's sensitivity level be tweaked? if yes, then does increasing the sensitivity alert on more executables?
There's a "Deep behavior blocker" which is just on off. I had it on obviously.
There's HIPS with 6 "policy" settings. Default is Automatic. I had it on Automatic and tried Smart too. It goes back to what someone else was saying -- ESET has a lot of options and many them are not obvious and poorly grouped together. Norton/SEP have a lot of options too but they are more intuitive.
- Apr 1, 2019
- 2,763
Did you submit your findings to ESET?
I'm not a paying customer yet (this is just a trial). Is there a recommended way to ask them about what their behavior blocker is meant to do?
- Apr 1, 2019
- 2,763
Their forums are a great place to start.
Good point! I'll make an account there and see if I can learn more about their behavior blocking.
I am impressed with their static scanning though. Seems very low on false positives but identifies variants well. I just had an hour before work to start gaining my first impressions on the suite as a whole.
Similar threads
