Bundled with PUP
None

SearchLight

Level 5
Verified
Joined
Jul 3, 2017
Messages
219
Operating System
Windows 10
Antivirus
Malwarebytes
#1
I just installed EIS v11 on my PC based on the many positive recommendations in this forum.

I have HIPS set to Smart Filtering, and the Firewall set to Interactive. Both settings I understand, and can deal with well.
That said, are there any other tweaks that I should make that would not make the sofware less user friendly, more talkative with alerts, and more complicated but will improve my PC security?
 

HarborFront

Level 43
Content Creator
Verified
Joined
Oct 9, 2016
Messages
3,213
#2
For me I disable the followings as I'm not using them

1) Device Control - no device connected
2) Gamer Mode - not playing games
3) SSL/TLS for this conflicts with FF Quantum's TLS 1.3
4) Email client protection - using web based mail
5) Antispam protection - using web based mail
6) Anti-Theft - not expecting tablet to be stolen
7) Parental Control - I'm the only one using my tablet
 

Spawn

Administrator
MalwareTips Team
Verified
Joined
Jan 8, 2011
Messages
17,570
Operating System
Windows 10
Antivirus
Windows Defender
#3
Anti-Theft - not expecting tablet to be stolen
Alternatives for OP:
Prey (Open-source) | GitHub
  • Free tier supports up to 3 devices & limited features

Find My Device (Windows 10) and as expected, the Location sensor needs to be enabled for it to work. Windows 10 devices can be linked to your Microsoft Account: account.microsoft.com/devices.

1530872193379.png
Windows Settings > Updates & Security > Find my device
 

Azure Phoenix

Level 22
Content Creator
Verified
Joined
Oct 23, 2014
Messages
1,184
#5
Advanced setup > Network Protection > Network Attack Protection > Intrusion detection
Make sure everything is enabled.


" " > User interface > Access setup
Enable password protect settings (Don't forget the password. Make sure it is something that's easy for you to remember)


". " > HIPS > advanced setup
Notify when changes occur in startup applications


". " > Firewall > Application modification detection
Enable detection of application modification


Keep SSl/TLS scanning enabled. If you encounter any issue, please report it on the ESET forum for assistance.

If you use Windows 10, make sure AMSI is enabled (You can find in detection engine > basic)
 

HarborFront

Level 43
Content Creator
Verified
Joined
Oct 9, 2016
Messages
3,213
#7
Likes: JB007

Nightwalker

Level 12
Verified
Joined
May 26, 2014
Messages
553
Operating System
Windows 10
Antivirus
Kaspersky
#8
I think not required because the latest version has a 'Ransomware Shield' which you can enable for protection
I respectfully disagree, Ransomware Shield isnt 100 % and while those settings arent perfect they really mitigate the common resources that Ransomware and some Exploits use to infect the machine.

It is like a "lite" ESET version of NoVirus Thanks OS Armor ...
 

RoboMan

Level 25
Content Creator
Verified
Joined
Jun 24, 2016
Messages
1,432
Operating System
Windows 10
Antivirus
#9
I respectfully disagree, Ransomware Shield isnt 100 % and while those settings arent perfect they really mitigate the common resources that Ransomware and some Exploits use to infect the machine.

It is like a "lite" ESET version of NoVirus Thanks OS Armor ...
I will have to agree here. A well configured HIPS can outplay any ransomware module, although none of them are perfect. I think it's a matter of taste and need for security. :)
 

HarborFront

Level 43
Content Creator
Verified
Joined
Oct 9, 2016
Messages
3,213
#10
I respectfully disagree, Ransomware Shield isnt 100 % and while those settings arent perfect they really mitigate the common resources that Ransomware and some Exploits use to infect the machine.

It is like a "lite" ESET version of NoVirus Thanks OS Armor ...
Have you tested the effectiveness of both against ransomware i.e. enabling Ransomware Shield vs HIPS settings against ransomware? If yes, can you post the test results here?
 
Last edited:

HarborFront

Level 43
Content Creator
Verified
Joined
Oct 9, 2016
Messages
3,213
#11
I will have to agree here. A well configured HIPS can outplay any ransomware module, although none of them are perfect. I think it's a matter of taste and need for security. :)
Your quote
A well configured HIPS can outplay any ransomware module, although none of them are perfect
If none is perfect then how can a well-configured HIPS outplay ANY ransomware module?
 

Nightwalker

Level 12
Verified
Joined
May 26, 2014
Messages
553
Operating System
Windows 10
Antivirus
Kaspersky
#12
Have you tested the effectiveness of both against ransomware i.e. enabling Ransomware Shield vs HIPS settings against ransomware?
No, I dont play with malware nowdays. About the effectiveness of HIPS settings against ransomware, you can refer to this Tech Brief wrote by ESET's Chief Technology Officer.

http://www.nod32.com.hr/Portals/66/PDF/anti-ransomware-techbrief_en.pdf

In this Tech Brief we describe the optimal settings of our ESET security solutions against the current form of ransomware and the most common infection scenarios. The goal is to protect our customers even better against a ransomware outbreak where valued data can be encrypted and/or held hostage, only to be released after a ransom is paid
Host-based Intrusion Prevention System (HIPS) defends the system from within and is able to interrupt unauthorized actions from processes before they are being executed. By prohibiting the standard execution of JavaScript and other scripts, ransomware is not given the chance to execute malware, let alone download it.
 

HarborFront

Level 43
Content Creator
Verified
Joined
Oct 9, 2016
Messages
3,213
#13
No, I dont play with malware nowdays. About the effectiveness of HIPS settings against ransomware, you can refer to this Tech Brief wrote by ESET's Chief Technology Officer.

http://www.nod32.com.hr/Portals/66/PDF/anti-ransomware-techbrief_en.pdf
I supposed that article was published long time back before they have that Ransomware Shield as a feature in the latest version.

If HIPS settings is superior than that 'lite' Ransomware Shield as you said then why don't they have

a) Ransomware Shield for basic protection (enable/disable) and
b) Advanced Ransomware Protection utilizing HIPS settings for users to enable/disable as a feature rather then tingling with the HIPS settings. Enabling this feature merely sets the HIPS for enhanced ransomware protection and disbling it merely reverts to the original user HIPS settings?
 

Nightwalker

Level 12
Verified
Joined
May 26, 2014
Messages
553
Operating System
Windows 10
Antivirus
Kaspersky
#14
I supposed that article was published long time back before they have that Ransomware Shield as a feature in the latest version.

If HIPS settings is superior than that 'lite' Ransomware Shield as you said then why don't they have

a) Ransomware Shield for basic protection (enable/disable) and
b) Advanced Ransomware Protection utilizing HIPS settings for users to enable/disable as a feature rather then tingling with the HIPS settings. Enabling this feature merely sets the HIPS for enhanced ransomware protection and disbling it merely reverts to the original user HIPS settings?
First I never said that ESET Ransomware Shield was "lite", what I said was that with those HIPS settings ESET can works similarly to NoVirusThanks OSArmor.

Prevent Malware and Ransomware with OSArmor | NoVirusThanks

And no, the tech brief wasnt published long time ago, it is still relevant and actual, the support guide was actually "Last Revised on February 6, 2018".

The Ransomware Shield is a part of HIPS which communicates with and receives important information about file operations from real-time protection, you can already disable it if you want.

The Ransomware special settings isnt for everyone, some people do use PowerShell for example, thats why it isnt default and probably will never be.

Ransomware Shield and those special settings work together, it isnt a superiority question but complementary; the former try to stop the encryption and the latter try to avoid Ransomware execution/download.

Anyway this is a bit offtopic, anyone can judge if those settings are good or not to have.
 

HarborFront

Level 43
Content Creator
Verified
Joined
Oct 9, 2016
Messages
3,213
#15
First I never said that ESET Ransomware Shield was "lite", what I said was that with those HIPS settings ESET can works similarly to NoVirusThanks OSArmor.

Prevent Malware and Ransomware with OSArmor | NoVirusThanks

And no, the tech brief wasnt published long time ago, it is still relevant and actual, the support guide was actually "Last Revised on February 6, 2018".

The Ransomware Shield is a part of HIPS which communicates with and receives important information about file operations from real-time protection, you can already disable it if you want.

The Ransomware special settings isnt for everyone, some people do use PowerShell for example, thats why it isnt default and probably will never be.

Ransomware Shield and those special settings work together, it isnt a superiority question but complementary; the former try to stop the encryption and the latter try to avoid Ransomware execution/download.

Anyway this is a bit offtopic, anyone can judge if those settings are good or not to have.
So are you implying that with those ransomware HIPS settings in ESET I don't require OSA and vice versa?

Thanks
 
Last edited:

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,688
Operating System
Windows 10
Antivirus
#16
So are you implying that with those ransomware HIPS settings in ESET I don't require OSA and vice versa?
This what i kept saying since ages, you have an HIPS , it is stronger than any anti-exe (or similar) like OSA because it covers more areas.
Just create the proper rules in the HIPS.
 

SearchLight

Level 5
Verified
Joined
Jul 3, 2017
Messages
219
Operating System
Windows 10
Antivirus
Malwarebytes
#17
After reading these last few postings, although Eset IS is a well rounded suite in many respects, there seems to be a question regarding its efficacy towards preventing and/or resolving ransomware. I came across this article on PC Mag regarding the best Anti-Ransomware for 2018, and the writer makes no reference to ESET.

Have a look: The Best Ransomware Protection of 2018

If Eset's HIPS can do better than any of the Anti-Ransomware recommended in the aforementioned article, how should it be configured to supplement the module? What rules should be configured?

If not, based on the recommendations in Neil Rubinek's article, which would any of you recommend?
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,688
Operating System
Windows 10
Antivirus
#18
I came across this article on PC Mag regarding the best Anti-Ransomware for 2018, and the writer makes no reference to ESET.
Rubenking is a joke, all people in Infosec knows it, he dislikes everything who ask prompts so obviously he used ESET at default setting, which makes the HIPS useless, all software must be tweaked to fit the user.
 

davisd

Level 21
Verified
Joined
Feb 2, 2016
Messages
1,070
Operating System
Windows 10
#19
I think not required because the latest version has a 'Ransomware Shield' which you can enable for protection
Oh? Since what version? I have fallen of with following Eset new features and improvements.

I also agree that Eset is complete suite and once tweaked, not needed to use HMP.A, OSArmor, etc. alongside. Eset is more for experts, there are much settings to tune, but with defaults it's also fine if e.g. your mom just browse the web and don't download and instal additional programs.

If not, based on the recommendations in Neil Rubinek's article, which would any of you recommend?
He just pretends to be a security expert, because he gets the $$$$. Better read Malwaretips for suggestions how to improve your security. :D
 
Last edited:

SearchLight

Level 5
Verified
Joined
Jul 3, 2017
Messages
219
Operating System
Windows 10
Antivirus
Malwarebytes
#20
Just for the hell of it, I just came across a couple of websites talking positively about Kaspersky Anti-Ransomware for Business which individuals can download as well.

I disabled the Eset IS Ransomware Shield, and am running this tool alongside it. No conflicts so far or slow down. At

Everything else I tweaked with Roboman's configuration file posted above. Might be a good combo.