ESET’s recent engine update has been fantastic. They have arguably the best signatures now.

My main gripes at this point, if I HAD to complain about something, are:
- SSL decryption behavior by default. Some like it, some aren’t comfortable. This would be ideal to ask at install time.
- UI is kind of wonky — I don’t enjoy custom notification banners. In ESET’s case, theirs don’t fare well on HiDPI displays and with rotation.
- HIPS instead of behavior blocker. They have a very very powerful HIPS built in but none of the “set it and forget it” protection modes trigger on unknown binaries doing suspicious things, which is quite different from most other AVs with a HIPS/BB component. But OTOH you can customize their HIPS to do really elegant and powerful sandboxing if you are willing to invest that effort.
- Price/value.... it costs significantly more than other top tier AVs. Furthermore their pricing model treats Macs and other OSes separately from the PC product which makes it even more expensive if you run multiple OSes.

But yeah I heard that they power Google Chrome’s built in AV scanner for their downloads which is likely how they stay on the forefront of new malware.
 

notabot

Level 15
ESET’s recent engine update has been fantastic. They have arguably the best signatures now.

My main gripes at this point, if I HAD to complain about something, are:
- SSL decryption behavior by default. Some like it, some aren’t comfortable. This would be ideal to ask at install time.
I hold the same view myself, however with DoH and ESNI coming, SSL cert interception may soon be the only way to block bad domains ( unless someone wants to fallback onto IP-based blocking ). I may still not be comfortable with it but in a post DoH/ESNI world it may be the only way to filter web traffic at the web layer.

But OTOH you can customize their HIPS to do really elegant and powerful sandboxing if you are willing to invest that effort.
Can you give a pointer for this? I haven't seen them advertise sandboxing capabilities ( unlike Avast, Comodo etc )
 
I hold the same view myself, however with DoH and ESNI coming, SSL cert interception may soon be the only way to block bad domains ( unless someone wants to fallback onto IP-based blocking ). I may still not be comfortable with it but in a post DoH/ESNI world it may be the only way to filter web traffic at the web layer.



Can you give a pointer for this? I haven't seen them advertise sandboxing capabilities ( unlike Avast, Comodo etc )
I find that having endpoint protection system wide for blocking bad domains and bad data being transferred is more of a defense in depth and I would never choose to compromise a more fundamental form of security like end to end transport security or memory/injection integrity of core system functionality in exchange for that kind of inspection.

As far as HIPS configuration, this recent thread gives on example of how to write complex rule based ACLs for a process: Discuss - ESET - Implement Protected Folders via HIPS

their online documentation provides much more information about what their HIPS policy rules can do, but not a lot of recommendations on how to apply it. I personally think this is more useful for Enterprise than for end users.
 

notabot

Level 15
I find that having endpoint protection system wide for blocking bad domains and bad data being transferred is more of a defense in depth and I would never choose to compromise a more fundamental form of security like end to end transport security or memory/injection integrity of core system functionality in exchange for that kind of inspection.
I agree, it's huge compromise, but still this may be the only way to do web filtering in the future. Personally, given that without DoH/ESNI on my machines and having web filtering at router level ( not via cert interception ) it has never caught anything useful, I may drop it altogether for myself. But eg for parental control type of web filtering, this may soon be the only option.

As far as HIPS configuration, this recent thread gives on example of how to write complex rule based ACLs for a process: Discuss - ESET - Implement Protected Folders via HIPS

their online documentation provides much more information about what their HIPS policy rules can do, but not a lot of recommendations on how to apply it. I personally think this is more useful for Enterprise than for end users.
This is more similar to Window's native CFA than Sandboxing features though.
 

SeriousHoax

Level 13
Verified
Malware Tester
SSL decryption behavior by default. Some like it, some aren’t comfortable. This would be ideal to ask at install time.
I think they do this because most users don't bother about changing any settings so they keep it on by default as it provides more protection. An example, the site mentioned in this thread is only blocked if SSL scanning is turned on. Q&A - HEUR:Trojan-PSW.Script.Generic
It's not blocked when SSL scanning is off. Tested with ESET and Kaspersky, same results. So, the default settings are average user focused so it's on by default.
HIPS instead of behavior blocker. They have a very very powerful HIPS built in but none of the “set it and forget it” protection modes trigger on unknown binaries doing suspicious things, which is quite different from most other AVs with a HIPS/BB component. But OTOH you can customize their HIPS to do really elegant and powerful sandboxing if you are willing to invest that effort.
This is where they should do better with the default settings. HIPS is set to Automatic mode by default. In automatic mode, ESET blocks activity if it matches the predefined rules and anything suspicious is allowed to run. In Smart Mode, ESET would sometimes ask for user permission if it detects anything suspicious. Though it's very rare to receive a prompt from HIPS but it at least does in smart mode while in the default automatic settings it's nonexistent. Smart mode should be the default and many users have been asking for it for the last 2-3 years. I don't understand why don't they listen!
 

blackice

Level 13
Verified
now they are good and thanks for the test but they need to fix removing Eset what a mess they leave behind
in the users system for the unfortunate ones..:cry:
I also have removed ESET multiple times in the last year and have had no issues. It uninstalls cleanly and if you use their removal tool in safe mode you can get the last couple leftovers. Sorry to hear it gave you problems.
 

Raiden

Level 13
Verified
Content Creator
Glad to see that Eset it upping their game.(y) I do agree that as powerful the HIPS component is (can be when tweaked), I do think that their home products should have something more automated and leave the HIPS for their enterprise offerings. I know some geeks my not like that, but it's not just geeks buying the home versions and I think that needs to be accounted for IMHO.

My main gripes at this point, if I HAD to complain about something, are:
- SSL decryption behavior by default. Some like it, some aren’t comfortable. This would be ideal to ask at install time.
Agreed.

I've never really been a fan of HTTPS scanning. It seems to cause more issues that it's worth IMHO. HTTPS was always designed to be a secure connection between you and the server with no one in between (both good and bad). It just bugs me that security companies know this, but do it anyways. How many times do you see someone have issues with browsers/websites and the first solution from any company doing HTTPs scanning is to disable it. That to me means they know this causes problems, so why do it?

I guess a good discussion to have would be to decide if HTTPS scanning is even necessary? I mean there's other ways to block web pages (IP blacklisting), but even if a file is downloaded, isn't that what the file scanner, BB, etc... is for anyways? Before we say that it's a requirement, lets not forget who told us it was a good idea/necessary in the first place. Ill give you a hint.........AV companies.:p
 

Dave Russo

Level 9
Verified
I also have removed ESET multiple times in the last year and have had no issues. It uninstalls cleanly and if you use their removal tool in safe mode you can get the last couple leftovers. Sorry to hear it gave you problems.
Just a note for those who struggle with safe mode, Winaero (Free program) has a setting to give you a link to safe mode on your desktop and another link to return to normal mode,true uninstalling Eset with there removal tool works gl