Advice Request Eset Internet Security v11 - Best Tweaks?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
I just installed EIS v11 on my PC based on the many positive recommendations in this forum.

I have HIPS set to Smart Filtering, and the Firewall set to Interactive. Both settings I understand, and can deal with well.
That said, are there any other tweaks that I should make that would not make the sofware less user friendly, more talkative with alerts, and more complicated but will improve my PC security?
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
For me I disable the followings as I'm not using them

1) Device Control - no device connected
2) Gamer Mode - not playing games
3) SSL/TLS for this conflicts with FF Quantum's TLS 1.3
4) Email client protection - using web based mail
5) Antispam protection - using web based mail
6) Anti-Theft - not expecting tablet to be stolen
7) Parental Control - I'm the only one using my tablet
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Anti-Theft - not expecting tablet to be stolen
Alternatives for OP:
Prey (Open-source) | GitHub
  • Free tier supports up to 3 devices & limited features

Find My Device (Windows 10) and as expected, the Location sensor needs to be enabled for it to work. Windows 10 devices can be linked to your Microsoft Account: account.microsoft.com/devices.

1530872193379.png
Windows Settings > Updates & Security > Find my device
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Advanced setup > Network Protection > Network Attack Protection > Intrusion detection
Make sure everything is enabled.


" " > User interface > Access setup
Enable password protect settings (Don't forget the password. Make sure it is something that's easy for you to remember)


". " > HIPS > advanced setup
Notify when changes occur in startup applications


". " > Firewall > Application modification detection
Enable detection of application modification


Keep SSl/TLS scanning enabled. If you encounter any issue, please report it on the ESET forum for assistance.

If you use Windows 10, make sure AMSI is enabled (You can find in detection engine > basic)
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
I think not required because the latest version has a 'Ransomware Shield' which you can enable for protection

I respectfully disagree, Ransomware Shield isnt 100 % and while those settings arent perfect they really mitigate the common resources that Ransomware and some Exploits use to infect the machine.

It is like a "lite" ESET version of NoVirus Thanks OS Armor ...
 

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
I respectfully disagree, Ransomware Shield isnt 100 % and while those settings arent perfect they really mitigate the common resources that Ransomware and some Exploits use to infect the machine.

It is like a "lite" ESET version of NoVirus Thanks OS Armor ...
I will have to agree here. A well configured HIPS can outplay any ransomware module, although none of them are perfect. I think it's a matter of taste and need for security. :)
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
I respectfully disagree, Ransomware Shield isnt 100 % and while those settings arent perfect they really mitigate the common resources that Ransomware and some Exploits use to infect the machine.

It is like a "lite" ESET version of NoVirus Thanks OS Armor ...
Have you tested the effectiveness of both against ransomware i.e. enabling Ransomware Shield vs HIPS settings against ransomware? If yes, can you post the test results here?
 
Last edited:

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
I will have to agree here. A well configured HIPS can outplay any ransomware module, although none of them are perfect. I think it's a matter of taste and need for security. :)

Your quote
A well configured HIPS can outplay any ransomware module, although none of them are perfect

If none is perfect then how can a well-configured HIPS outplay ANY ransomware module?
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Have you tested the effectiveness of both against ransomware i.e. enabling Ransomware Shield vs HIPS settings against ransomware?

No, I dont play with malware nowdays. About the effectiveness of HIPS settings against ransomware, you can refer to this Tech Brief wrote by ESET's Chief Technology Officer.

http://www.nod32.com.hr/Portals/66/PDF/anti-ransomware-techbrief_en.pdf

In this Tech Brief we describe the optimal settings of our ESET security solutions against the current form of ransomware and the most common infection scenarios. The goal is to protect our customers even better against a ransomware outbreak where valued data can be encrypted and/or held hostage, only to be released after a ransom is paid

Host-based Intrusion Prevention System (HIPS) defends the system from within and is able to interrupt unauthorized actions from processes before they are being executed. By prohibiting the standard execution of JavaScript and other scripts, ransomware is not given the chance to execute malware, let alone download it.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
No, I dont play with malware nowdays. About the effectiveness of HIPS settings against ransomware, you can refer to this Tech Brief wrote by ESET's Chief Technology Officer.

http://www.nod32.com.hr/Portals/66/PDF/anti-ransomware-techbrief_en.pdf
I supposed that article was published long time back before they have that Ransomware Shield as a feature in the latest version.

If HIPS settings is superior than that 'lite' Ransomware Shield as you said then why don't they have

a) Ransomware Shield for basic protection (enable/disable) and
b) Advanced Ransomware Protection utilizing HIPS settings for users to enable/disable as a feature rather then tingling with the HIPS settings. Enabling this feature merely sets the HIPS for enhanced ransomware protection and disbling it merely reverts to the original user HIPS settings?
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
I supposed that article was published long time back before they have that Ransomware Shield as a feature in the latest version.

If HIPS settings is superior than that 'lite' Ransomware Shield as you said then why don't they have

a) Ransomware Shield for basic protection (enable/disable) and
b) Advanced Ransomware Protection utilizing HIPS settings for users to enable/disable as a feature rather then tingling with the HIPS settings. Enabling this feature merely sets the HIPS for enhanced ransomware protection and disbling it merely reverts to the original user HIPS settings?

First I never said that ESET Ransomware Shield was "lite", what I said was that with those HIPS settings ESET can works similarly to NoVirusThanks OSArmor.

Prevent Malware and Ransomware with OSArmor | NoVirusThanks

And no, the tech brief wasnt published long time ago, it is still relevant and actual, the support guide was actually "Last Revised on February 6, 2018".

The Ransomware Shield is a part of HIPS which communicates with and receives important information about file operations from real-time protection, you can already disable it if you want.

The Ransomware special settings isnt for everyone, some people do use PowerShell for example, thats why it isnt default and probably will never be.

Ransomware Shield and those special settings work together, it isnt a superiority question but complementary; the former try to stop the encryption and the latter try to avoid Ransomware execution/download.

Anyway this is a bit offtopic, anyone can judge if those settings are good or not to have.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
First I never said that ESET Ransomware Shield was "lite", what I said was that with those HIPS settings ESET can works similarly to NoVirusThanks OSArmor.

Prevent Malware and Ransomware with OSArmor | NoVirusThanks

And no, the tech brief wasnt published long time ago, it is still relevant and actual, the support guide was actually "Last Revised on February 6, 2018".

The Ransomware Shield is a part of HIPS which communicates with and receives important information about file operations from real-time protection, you can already disable it if you want.

The Ransomware special settings isnt for everyone, some people do use PowerShell for example, thats why it isnt default and probably will never be.

Ransomware Shield and those special settings work together, it isnt a superiority question but complementary; the former try to stop the encryption and the latter try to avoid Ransomware execution/download.

Anyway this is a bit offtopic, anyone can judge if those settings are good or not to have.
So are you implying that with those ransomware HIPS settings in ESET I don't require OSA and vice versa?

Thanks
 
Last edited:

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
After reading these last few postings, although Eset IS is a well rounded suite in many respects, there seems to be a question regarding its efficacy towards preventing and/or resolving ransomware. I came across this article on PC Mag regarding the best Anti-Ransomware for 2018, and the writer makes no reference to ESET.

Have a look: The Best Ransomware Protection of 2018

If Eset's HIPS can do better than any of the Anti-Ransomware recommended in the aforementioned article, how should it be configured to supplement the module? What rules should be configured?

If not, based on the recommendations in Neil Rubinek's article, which would any of you recommend?
 
D

Deleted member 178

I came across this article on PC Mag regarding the best Anti-Ransomware for 2018, and the writer makes no reference to ESET.
Rubenking is a joke, all people in Infosec knows it, he dislikes everything who ask prompts so obviously he used ESET at default setting, which makes the HIPS useless, all software must be tweaked to fit the user.
 
D

Deleted Member 3a5v73x

I think not required because the latest version has a 'Ransomware Shield' which you can enable for protection
Oh? Since what version? I have fallen of with following Eset new features and improvements.

I also agree that Eset is complete suite and once tweaked, not needed to use HMP.A, OSArmor, etc. alongside. Eset is more for experts, there are much settings to tune, but with defaults it's also fine if e.g. your mom just browse the web and don't download and instal additional programs.

If not, based on the recommendations in Neil Rubinek's article, which would any of you recommend?
He just pretends to be a security expert, because he gets the $$$$. Better read MalwareTips for suggestions how to improve your security. :D
 
Last edited by a moderator:

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
Just for the hell of it, I just came across a couple of websites talking positively about Kaspersky Anti-Ransomware for Business which individuals can download as well.

I disabled the Eset IS Ransomware Shield, and am running this tool alongside it. No conflicts so far or slow down. At

Everything else I tweaked with Roboman's configuration file posted above. Might be a good combo.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top