Advice Request Eset Internet Security v11 - Best Tweaks?

[SearchLight]

I just installed EIS v11 on my PC based on the many positive recommendations in this forum.

I have HIPS set to Smart Filtering, and the Firewall set to Interactive. Both settings I understand, and can deal with well.
That said, are there any other tweaks that I should make that would not make the sofware less user friendly, more talkative with alerts, and more complicated but will improve my PC security?

 

[HarborFront]

For me I disable the followings as I'm not using them

1) Device Control - no device connected
2) Gamer Mode - not playing games
3) SSL/TLS for this conflicts with FF Quantum's TLS 1.3
4) Email client protection - using web based mail
5) Antispam protection - using web based mail
6) Anti-Theft - not expecting tablet to be stolen
7) Parental Control - I'm the only one using my tablet

 

[Ink]

Anti-Theft - not expecting tablet to be stolen

Alternatives for OP:
Prey (Open-source) | GitHub

• Free tier supports up to 3 devices & limited features

Find My Device (Windows 10) and as expected, the Location sensor needs to be enabled for it to work. Windows 10 devices can be linked to your Microsoft Account: account.microsoft.com/devices.


Windows Settings > Updates & Security > Find my device

 

[RoboMan]

Congratulations on deciding for this great software!

I share with you my configuration file. What I can highlight is:

• HIPS set to smart
• Firewall set to interactive
• Let me decide for every threat detected
• Everything else on maximum settings for better protection

UPLOAD.EE - config_eset.xml - Download

 

[Azure]

Advanced setup > Network Protection > Network Attack Protection > Intrusion detection
Make sure everything is enabled.


" " > User interface > Access setup
Enable password protect settings (Don't forget the password. Make sure it is something that's easy for you to remember)


". " > HIPS > advanced setup
Notify when changes occur in startup applications


". " > Firewall > Application modification detection
Enable detection of application modification


Keep SSl/TLS scanning enabled. If you encounter any issue, please report it on the ESET forum for assistance.

If you use Windows 10, make sure AMSI is enabled (You can find in detection engine > basic)

 

[Nightwalker]

In addition to the above tweaks and settings, I would recommend to add some HIPS/Firewall rules for greater protection against ransomware.

Configuration guide:
Configure HIPS rules for ESET business products to protect against ransomware

 

[HarborFront]

In addition to the above tweaks and settings, I would recommend to add some HIPS/Firewall rules for greater protection against ransomware.

Configuration guide:
Configure HIPS rules for ESET business products to protect against ransomware

I think not required because the latest version has a 'Ransomware Shield' which you can enable for protection

 

[Nightwalker]

I think not required because the latest version has a 'Ransomware Shield' which you can enable for protection

I respectfully disagree, Ransomware Shield isnt 100 % and while those settings arent perfect they really mitigate the common resources that Ransomware and some Exploits use to infect the machine.

It is like a "lite" ESET version of NoVirus Thanks OS Armor ...

 

[RoboMan]

I respectfully disagree, Ransomware Shield isnt 100 % and while those settings arent perfect they really mitigate the common resources that Ransomware and some Exploits use to infect the machine.

It is like a "lite" ESET version of NoVirus Thanks OS Armor ...

I will have to agree here. A well configured HIPS can outplay any ransomware module, although none of them are perfect. I think it's a matter of taste and need for security.

 

[HarborFront]

I respectfully disagree, Ransomware Shield isnt 100 % and while those settings arent perfect they really mitigate the common resources that Ransomware and some Exploits use to infect the machine.

It is like a "lite" ESET version of NoVirus Thanks OS Armor ...

Have you tested the effectiveness of both against ransomware i.e. enabling Ransomware Shield vs HIPS settings against ransomware? If yes, can you post the test results here?

 

[HarborFront]

I will have to agree here. A well configured HIPS can outplay any ransomware module, although none of them are perfect. I think it's a matter of taste and need for security.

Your quote

A well configured HIPS can outplay any ransomware module, although none of them are perfect

If none is perfect then how can a well-configured HIPS outplay ANY ransomware module?

 

[Nightwalker]

Have you tested the effectiveness of both against ransomware i.e. enabling Ransomware Shield vs HIPS settings against ransomware?

No, I dont play with malware nowdays. About the effectiveness of HIPS settings against ransomware, you can refer to this Tech Brief wrote by ESET's Chief Technology Officer.

http://www.nod32.com.hr/Portals/66/PDF/anti-ransomware-techbrief_en.pdf

In this Tech Brief we describe the optimal settings of our ESET security solutions against the current form of ransomware and the most common infection scenarios. The goal is to protect our customers even better against a ransomware outbreak where valued data can be encrypted and/or held hostage, only to be released after a ransom is paid

Host-based Intrusion Prevention System (HIPS) defends the system from within and is able to interrupt unauthorized actions from processes before they are being executed. By prohibiting the standard execution of JavaScript and other scripts, ransomware is not given the chance to execute malware, let alone download it.

 

[HarborFront]

No, I dont play with malware nowdays. About the effectiveness of HIPS settings against ransomware, you can refer to this Tech Brief wrote by ESET's Chief Technology Officer.

http://www.nod32.com.hr/Portals/66/PDF/anti-ransomware-techbrief_en.pdf

I supposed that article was published long time back before they have that Ransomware Shield as a feature in the latest version.

If HIPS settings is superior than that 'lite' Ransomware Shield as you said then why don't they have

a) Ransomware Shield for basic protection (enable/disable) and
b) Advanced Ransomware Protection utilizing HIPS settings for users to enable/disable as a feature rather then tingling with the HIPS settings. Enabling this feature merely sets the HIPS for enhanced ransomware protection and disbling it merely reverts to the original user HIPS settings?

 

[Nightwalker]

I supposed that article was published long time back before they have that Ransomware Shield as a feature in the latest version.

If HIPS settings is superior than that 'lite' Ransomware Shield as you said then why don't they have

a) Ransomware Shield for basic protection (enable/disable) and
b) Advanced Ransomware Protection utilizing HIPS settings for users to enable/disable as a feature rather then tingling with the HIPS settings. Enabling this feature merely sets the HIPS for enhanced ransomware protection and disbling it merely reverts to the original user HIPS settings?

First I never said that ESET Ransomware Shield was "lite", what I said was that with those HIPS settings ESET can works similarly to NoVirusThanks OSArmor.

Prevent Malware and Ransomware with OSArmor | NoVirusThanks

And no, the tech brief wasnt published long time ago, it is still relevant and actual, the support guide was actually "Last Revised on February 6, 2018".

The Ransomware Shield is a part of HIPS which communicates with and receives important information about file operations from real-time protection, you can already disable it if you want.

The Ransomware special settings isnt for everyone, some people do use PowerShell for example, thats why it isnt default and probably will never be.

Ransomware Shield and those special settings work together, it isnt a superiority question but complementary; the former try to stop the encryption and the latter try to avoid Ransomware execution/download.

Anyway this is a bit offtopic, anyone can judge if those settings are good or not to have.

 

[HarborFront]

First I never said that ESET Ransomware Shield was "lite", what I said was that with those HIPS settings ESET can works similarly to NoVirusThanks OSArmor.

Prevent Malware and Ransomware with OSArmor | NoVirusThanks

And no, the tech brief wasnt published long time ago, it is still relevant and actual, the support guide was actually "Last Revised on February 6, 2018".

The Ransomware Shield is a part of HIPS which communicates with and receives important information about file operations from real-time protection, you can already disable it if you want.

The Ransomware special settings isnt for everyone, some people do use PowerShell for example, thats why it isnt default and probably will never be.

Ransomware Shield and those special settings work together, it isnt a superiority question but complementary; the former try to stop the encryption and the latter try to avoid Ransomware execution/download.

Anyway this is a bit offtopic, anyone can judge if those settings are good or not to have.

So are you implying that with those ransomware HIPS settings in ESET I don't require OSA and vice versa?

Thanks

 

[Deleted member 178]

So are you implying that with those ransomware HIPS settings in ESET I don't require OSA and vice versa?

This what i kept saying since ages, you have an HIPS , it is stronger than any anti-exe (or similar) like OSA because it covers more areas.
Just create the proper rules in the HIPS.

 

[SearchLight]

After reading these last few postings, although Eset IS is a well rounded suite in many respects, there seems to be a question regarding its efficacy towards preventing and/or resolving ransomware. I came across this article on PC Mag regarding the best Anti-Ransomware for 2018, and the writer makes no reference to ESET.

Have a look: The Best Ransomware Protection of 2018

If Eset's HIPS can do better than any of the Anti-Ransomware recommended in the aforementioned article, how should it be configured to supplement the module? What rules should be configured?

If not, based on the recommendations in Neil Rubinek's article, which would any of you recommend?

 

[Deleted member 178]

I came across this article on PC Mag regarding the best Anti-Ransomware for 2018, and the writer makes no reference to ESET.

Rubenking is a joke, all people in Infosec knows it, he dislikes everything who ask prompts so obviously he used ESET at default setting, which makes the HIPS useless, all software must be tweaked to fit the user.

 

[Deleted Member 3a5v73x]

I think not required because the latest version has a 'Ransomware Shield' which you can enable for protection

Oh? Since what version? I have fallen of with following Eset new features and improvements.

I also agree that Eset is complete suite and once tweaked, not needed to use HMP.A, OSArmor, etc. alongside. Eset is more for experts, there are much settings to tune, but with defaults it's also fine if e.g. your mom just browse the web and don't download and instal additional programs.

If not, based on the recommendations in Neil Rubinek's article, which would any of you recommend?

He just pretends to be a security expert, because he gets the $$$$. Better read MalwareTips for suggestions how to improve your security.

 

[SearchLight]

Just for the hell of it, I just came across a couple of websites talking positively about Kaspersky Anti-Ransomware for Business which individuals can download as well.

I disabled the Eset IS Ransomware Shield, and am running this tool alongside it. No conflicts so far or slow down. At

Everything else I tweaked with Roboman's configuration file posted above. Might be a good combo.