ESET 13.1.16.0

mlnevese · Mar 18, 2020

As I said in other thread the malware hub tests are excellent to see a security software signatures and behavior blocking but it does not reflect the full capabilities of any protection software as it bypasses other layers and just runs the sample straight from disk. It's a very valid test as long as you understand what is being tested.

silversurfer · Mar 18, 2020

mlnevese said:
As I said in other thread the malware hub tests are excellent to see a security software signatures and behavior blocking but it does not reflect the full capabilities of any protection software as it bypasses other layers and just runs the sample straight from disk. It's a very valid test as long as you understand what is being tested.

Please tell me, how many are these other layers of protection?
- Web-protection: drive by downloads (mark of the web)
- Email-protection: A user click to a link (malicious)

mlnevese · Mar 18, 2020

silversurfer said:
Please tell me, how many are these other layers of protection?
- Web-protection: drive by downloads (mark of the web)
- Email-protection: A user click to a link (malicious)

Website filtering - know malicious websites are blocked, nothing is downloaded.
Network protection. External attacks should be blocked at this level.
Cloud analysis BEFORE download.
Anti-spam and Anti-phishing blocking

silversurfer · Mar 18, 2020

mlnevese said:
Website filtering - know malicious websites are blocked, nothing is downloaded.
Network protection. External attacks should be blocked at this level.
Cloud analysis BEFORE download.
Anti-spam and Anti-phishing blocking

That's similar than what I wrote before, I forgot about only Network-Protection.

Cloud analysis BEFORE download. that must be very fast analysis otherwise it takes too long to download files...

Wraith · Mar 18, 2020

mlnevese said:
As I said in other thread the malware hub tests are excellent to see a security software signatures and behavior blocking but it does not reflect the full capabilities of any protection software as it bypasses other layers and just runs the sample straight from disk. It's a very valid test as long as you understand what is being tested.

I do agree with you. I've had several instances of ESET and Avast where a web page was blocked by the web filter but if I disabled the web filter, the downloaded file was executed, infecting the system. Tests are done to give the users a fair idea about the specific product but it never reflects the real world scenario.

BVLon · Mar 18, 2020

Wraith said:
I do agree with you. I've had several instances of ESET and Avast where a web page was blocked by the web filter but if I disabled the web filter, the downloaded file was executed, infecting the system. Tests are done to give the users a fair idea about the specific product but it never reflects the real world scenario.

I've said the same, simply introducing a large number of malware is not a realistic scenario, as it is rarely going to happen. Not completely impossible though.
However, it is still interesting to see how products perform in this INTENSIVE test and product failure should not be taken as a reason to switch to someone else.

silversurfer · Mar 18, 2020

Wraith said:
I've had several instances of ESET and Avast where a web page was blocked by the web filter but if I disabled the web filter, the downloaded file was executed, infecting the system.

That real world scenario won't happen as long as behavior blocking/monitoring modules by AV would be able to intercept/block the attack...

Of course, web-filtering by AV is the first defense, but not all AVs offering that kind of protection modules, especially to mention some free AV!

ForgottenSeer 72227 · Mar 18, 2020

BVLon said:
I've said the same, simply introducing a large number of malware is not a realistic scenario, as it is rarely going to happen. Not completely impossible though.
However, it is still interesting to see how products perform in this INTENSIVE test and product failure should not be taken as a reason to switch to someone else.

That's the thing with all tests in general. It's always about understanding the test, what its trying to accomplish/show. No test is perfect and it's important to understand the potential weaknesses of said tests. The problem is though, rarely, if ever do most people understand what's truly going on. All people do is focus on the total numbers, or which product has the most green on a graph. People constantly jump ship because of this. Take the HUB for example, no one really looks at the overall number of detections/blocks the product got. All they look at is the infection status of the system and just assume that if a program cant always keep a system infection free than its garbage.

It's the same with any test, most people dont take the time to understand them, they just make assumptions/decisions based on the totals.

blackice · Mar 18, 2020

Raiden said:
That's the thing with all tests in general. It's always about understanding the test, what its trying to accomplish/show. No test is perfect and it's important to understand the potential weaknesses of said tests. The problem is though, rarely, if ever do most people understand what's truly going on. All people do is focus on the total numbers, or which product has the most green on a graph. People constantly jump ship because of this. Take the HUB for example, no one really looks at the overall number of detections/blocks the product got. All they look at is the infection status of the system and just assume that if a program cant always keep a system infection free than its garbage.

It's the same with any test, most people dont take the time to understand them, they just make assumptions/decisions based on the totals.

I always look at the detection rate first. In fact I look forward to it. I know I’m not the average joe, just a nerd. ESET generally gets a clean sheet. When it is infected it’s usually blocking like 16/17, and a scripted malware snuck in.

silversurfer · Mar 18, 2020

blackice said:
ESET generally gets a clean sheet. When it is infected it’s usually blocking like 16/17, and a scripted malware snuck in.

One sample remains to dynamic testing, that looks more like real world scenario, except web-protection/filtering still impossible to test.

My personal impression, people just don't like that favorite AV may will be infected, then talking about real world scenario to excuse...

Parsh · Mar 18, 2020

mlnevese said:
View attachment 234964

Also something new in the setup....

Old ESET users are gonna rejoice!
ESET at forum used to keep the stand that some suspicious actions are not blocked, or even flagged, in order to reduce FPs and to not worry the average user.
As @Azure shared, now that the default protection "Balanced" is indicated as stronger than the earlier default, advanced users must be happy. And there's one more level above the default

I noticed another change. The option to disable "Access Setup >> Require full administrator rights..." has been removed from the GUI and subsequently from the config file --->

XML:

<ITEM NAME="EKRN_CFG">
      ...
      <NODE NAME="RequireElevation" TYPE="number" VALUE="0" />

The user now has to answer UAC prompts for every (interactive mode) Firewall alert in case of saving rules. Not applicable to HIPS alerts.

Wraith · Mar 18, 2020

silversurfer said:
That real world scenario won't happen as long as behavior blocking/monitoring modules by AV would be able to intercept/block the attack...

Yeah I do agree. Dynamic protection is just as equally important as static protection. But the same rule applies here as well. You cannot expect the BB to block 100% of all malwares (unless it's Lord Kaspersky)

Cortex · Mar 18, 2020

I have to admit took KIS off this main PC which was working perfectly & put Eset IS on just to have a look & play - I just couldn't help myself!

BVLon · Mar 18, 2020

silversurfer said:
One sample remains to dynamic testing, that looks more like real world scenario, except web-protection/filtering still impossible to test.

My personal impression, people just don't like that favorite AV may will be infected, then talking about real world scenario to excuse...

Testing McAfee against this archive for example would be totally inaccurate, as Web Advisor uses aggressive heuristics and deletes everything that looks untrusted. McAfee doesn't want to employ the same tactic in the common scanning engine to avoid false positives, but their protection capability is still great. Web Advisor also uses 2 additional databases, not utilized by the scan engine. These are McAfee Gateway Intelligence, which detects untrusted files circulating via emails and Early Bird Database (EBD) where they send all files exhibiting signs of maliciousness, but not yet fully analysed. When I say McAfee is missing a lot of threats, I am talking about the AV module alone, as I have bypassed the Advisor's warnings myself. Their behavioural blocker alone is a hit and miss. Also I have noticed (and McAfee confirmed) if you re-download a program that it has already flagged and removed, it excludes it, which is not great.
Norton, F-Secure and Trend Micro's behavioural blockers consider broad range of data about the file's origin such as how trustworthy is the site and how many people normally visit it.

Divine_Barakah · Mar 18, 2020

Wraith said:
I do agree with you. I've had several instances of ESET and Avast where a web page was blocked by the web filter but if I disabled the web filter, the downloaded file was executed, infecting the system. Tests are done to give the users a fair idea about the specific product but it never reflects the real world scenario.

Happened to me when I was testing SHP. The infected file was detected my Sophos ML. When I ran the same detected file from a USB drive, system was infected.

Paul.R · Mar 18, 2020

Yeah I do agree. Dynamic protection is just as equally important as static protection. But the same rule applies here as well. You cannot expect the BB to block 100% of all malwares (unless it's Lord Kaspersky

This is why bears walk in the woods, not dogs.

mlnevese · Mar 18, 2020

Notice that I've said the Hub is not a perfect test for ANY software. I don't play favorites... as some of the older members in the forum know I hold licenses to ESET, Kaspersky and Bitdefender. As far as i'm concerned they all protect my machines and none can be fully tested by the Hub. I often post about the problems each of them caused me in the past.

The perfect protection does not exist and anyone who plays favorite software is just losing their time in a holy crusade...

BVLon · Mar 18, 2020

mlnevese said:
Notice that I've said the Hub is not a perfect test for ANY software. I don't play favorites... as some of the older members in the forum know I hold licenses to ESET, Kaspersky and Bitdefender. As far as i'm concerned they all protect my machines and none can be fully tested by the Hub. I often post about the problems each of them caused me in the past.

The perfect protection does not exist and anyone who plays favorite software is just losing their time in a holy crusade...

Perfect protection doesn’t exist and everyone is more or less on the same level nowadays... It all comes down to the little extras and the final touch of the product, rather than the protection level. Also, most of the people don’t need stelar protection.

Antus67 · Mar 18, 2020

I always had a soft spot for Eset will give it try again

bribon77 · Mar 18, 2020

It is not necessary to look for the best antivirus, but the one that works for you and your PC.

Search

ESET 13.1.16.0

mlnevese

Level 28

silversurfer

Super Moderator

mlnevese

Level 28

silversurfer

Super Moderator

Wraith

Level 13

BVLon

silversurfer

Super Moderator

ForgottenSeer 72227

blackice

Level 39

silversurfer

Super Moderator

Parsh

Level 25

Wraith

Level 13

Cortex

Level 26

BVLon

Divine_Barakah

Level 33

Paul.R

Level 17

mlnevese

Level 28

BVLon

Antus67

Level 9

bribon77

Level 35

Similar threads