App Review ESET Internet Security

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Product name
ESET Internet Security ver 14, 15
Installation (rating)
5.00 star(s)
User interface (rating)
4.00 star(s)
Accessibility notes
I will rate the program interface with four stars. In general, not bad, but for an ordinary user it will be very difficult to understand the intricacies of the settings, they are very detailed. It will be especially difficult to write the rules in HIPS. In addition, in the main window, the developers have brought in express tiles those functions that are not so important for the user. Instead of start scan - a report on the program's operation, instead of Quarantine - Bank payment protection, which I can easily launch from a shortcut on my desktop anyway. The Quarantine itself is hidden away so hard to find.
Performance (rating)
5.00 star(s)
Core Protection (rating)
4.00 star(s)
Proactive protection (rating)
4.00 star(s)
Additional Protection notes
In terms of protection, I give four only based on the latest test results of antivirus laboratories and tests from users on various YouTube channels. A performance of about 90% is worthy of 4 stars. But in the last test for protection against targeted attacks, Eset repelled 13 attacks out of 15 in the test for home users and 14 out of 15 in the test for corporate users, while in the test for corporate users the settings were set to an aggressive level, and for home users - by balanced level by default. In addition, if the user independently prescribes his own rules in HIPS and the firewall, as well as the recommended rules from developers and other experienced users, he will eventually receive about 98-99% protection. Therefore, I can put Eset even 5 with a minus, when the developers, by default, write down their recommended rules in HIPS. Web protection and network protection are excellent.
Browser protection (rating)
5.00 star(s)
Positives
    • Many features
    • Low impact on system resources
    • Accurate results and reliable antivirus engine
    • Effective malicious URL blocking
    • Virus signatures are updated daily
    • Excellent scores in independent tests
Negatives
    • Can be costly to run
    • Not for beginners
    • Can be complex in some situations
Time spent using product
Recommended for
  1. Experienced users
  2. High-end or medium spec PCs
  3. Low spec PCs
Overall rating
4.00 star(s)

Zorro

Level 9
Thread author
Verified
Well-known
Jun 11, 2019
408
A year has passed since I installed Eset Internet Security. I have not used this product before, but now I already have a certain idea about it. A fairly easy product for system resources compared to the antiviruses that I used before (I had Avast for 6 years, then free Kaspersky for a year, then paid for another year, and again free for half a year). A couple of times Eset blocked my access to sites (he defined one site as malicious, the other site as containing PUPs). In fact, the "dangerous" site does not contain any dangerous things :) I calmly entered it from other PCs and read articles there (this is a site on computer security, programs, settings, in general about computers and the Internet). But the site is included in the internal blacklist of Eset and Eset is not allowed there in any way, even if it is included in the exceptions :) Perhaps this is all that Eset web protection has remembered for a year :)
The antivirus did not deliver any global problems in a year of use.
It is definitely disappointing that some of the stagnation in development that other users have noted is disappointing. So, for example, the LiveGuard function was introduced only in the premium version, and the new version of Internet Security was left without new functions at all. The developers are clearly trolling users when the award received from AV-Comparatives in 2020 is indicated as a new function for the antivirus Internet Security.
It is also disappointing that the "Network Inspector" is designated as a "new" function for Internet Security version 15, while this very name "Network Inspector" has already appeared in version 14, and has already performed the same functions. Although, the official forum has already written the position of the developers that they think that users almost never look at the interface. It turns out that you can write that a new function was introduced, although in fact it has been around for a long time :)
Once again, there is nothing to say about HIPS. Everything has already been said on the official forum, here on the forum, and more than once.
I would like to wish the antivirus real development (and not only "cosmetic" changes), and the developers - to listen to the opinions of users.
 

Marcos

From ESET
Verified
Developer
Jun 13, 2013
17
A couple of times Eset blocked my access to sites (he defined one site as malicious, the other site as containing PUPs). In fact, the "dangerous" site does not contain any dangerous things
We block websites where malware was found. If you have doubts about blocking a particular website, please email samples[at]eset.com and enclose the blocked domain/url.

But the site is included in the internal blacklist of Eset and Eset is not allowed there in any way, even if it is included in the exceptions :)
Blocking a url by the internal blacklist can be overridden by adding the domain (with a leading/trailing asterisk) to the list of allowed websites in the URL management setup. However, we don't recommend this unless you report the url to ESET and get a confirmation that the website has been cleaned and will be unblocked.

Once again, there is nothing to say about HIPS. Everything has already been said on the official forum, here on the forum, and more than once.
I would like to wish the antivirus real development (and not only "cosmetic" changes), and the developers - to listen to the opinions of users.
HIPS as well as other components, such as the Deep Behavior Inspection are continually being improved and updated through automatic module updates. However, behavioral detection improvements and other module changes are not communicated as prominently as program changes when a new version is unveiled.
 

Zorro

Level 9
Thread author
Verified
Well-known
Jun 11, 2019
408
Blocking a url by the internal blacklist can be overridden by adding the domain (with a leading/trailing asterisk) to the list of allowed websites in the URL management setup. However, we don't recommend this unless you report the url to ESET and get a confirmation that the website has been cleaned and will be unblocked.
The confirmation I received now from Virustotal, where ESET designates this site as secure. It is all the more surprising why it blocks it on the local system. Perhaps ESET detects some individual scripts on the site or something else, but it completely blocks access to the site, and not to some of its separate parts, although the site itself is classified as safe (judging by its own detection on Virustotal). All information in the screenshot.
HIPS as well as other components, such as the Deep Behavior Inspection are continually being improved and updated through automatic module updates. However, behavioral detection improvements and other module changes are not communicated as prominently as program changes when a new version is unveiled.
Although I have not previously used the ESET antivirus, however, I have been watching all the videos with antivirus testing on the COMSS website since 2013. ESET is being tested as well, and you can even look at the full selection of ESET tests, starting from 2013. The last test was two months ago. The version of Endpoint was tested
Internet Security version 14 was tested exactly one year ago, in November 2020. In this case, you can compare the work of HIPS 7-9 years ago and now. I noticed that earlier the work of HIPS was noticeable, the antivirus reacted to the launch of suspicious programs with a large number of HIPS alerts, but in the tests in recent years there was not a single HIPS reaction to the launch of a large number of suspicious programs. And this is noticed not only by me, but also by other users. Perhaps the developers decided that alerts would scare unprepared users, or that users may misunderstand and infect the system by clicking the Allow option, therefore, they reduced the number of preset rules in HIPS, at the same time making them unavailable for viewing by the user (so that especially curious users could not dig deeper, and inexperienced users could not harm themselves). But as a result, we see that HIPS practically stopped responding to anything. If I hadn't written the rules myself, I wouldn't have seen a single alert in a year.
In particular, one more point is not clear to me with HIPS. The developers themselves recommend writing several rules in HIPS to improve protection against ransomware. [KB6119] Configure HIPS rules for ESET business products to protect against ransomware (8.x) Yes, this is recommended for business users. But don't home users suffer from ransomware? On the contrary, I think that home users suffer from ransomware no less than corporate users.
Here, on this forum, ESET was also tested. With and without recommended HIPS guidelines. And protection with prescribed rules is almost 100%, and without prescribed recommended rules - much lower.
Why can't developers make an option in HIPS in the form of a toggle that would activate the rules recommended by the developers themselves to protect against ransomware with one click of the user? Call it, for example, "Enhanced protection against ransomware" or something else :) Are the developers afraid that this will lead to problems for users? Of course, I cannot speak for all users, but for myself I can. I wrote these rules right away, and for a year there was not a single problem when installing any programs and other actions. However, I registered in the rules the action is not a Block, but a Question to the user. But there was not a single alert (except for alerts about other rules). If there are fears of blocking, then let there be an action - a question to the user. Let's admit this option, which activates this set of HIPS rules, will be inactive by default (disable rules), but when installing the antivirus, the user will be prompted to enable it, as it is suggested with the PUP detection option. And the user will decide whether he needs it or not. Is it technically impossible to do this?
 

Attachments

  • ложный.png
    ложный.png
    49.6 KB · Views: 296
  • ложный2.png
    ложный2.png
    34.5 KB · Views: 294
Last edited by a moderator:

Zorro

Level 9
Thread author
Verified
Well-known
Jun 11, 2019
408
What HIPS rules do you use? Would they be the ones in the link below? If not, could you share your HIPS rules?
[KB6119] Configure HIPS rules for ESET business products to protect against ransomware (8.x)
Yes, I have written the HIPS and firewall rules recommended by the developers. Added rules to them to protect autorun and hosts file, as well as some registry keys. Also added rules to protect folders of Documents, Music, Videos, Images, in general, for folders with personal files. In Runet, as far as I know, there are ready-made sets of rules for HIPS ESET with 200-300 or more rules prescribed.
 
G

Guilhermesene

Interesting 🙂

You have given me some ideas to implement some more HIPS rules.

Especially the one you mentioned “Rules have also been added to protect folders for Documents, Music, Videos, Pictures, in general, for folders with personal files”.

I need to take a look at HIPS and see how I can do this.
 

czesetfan

Level 4
Dec 3, 2021
192
Yes, I have written the HIPS and firewall rules recommended by the developers. Added rules to them to protect autorun and hosts file, as well as some registry keys. Also added rules to protect folders of Documents, Music, Videos, Images, in general, for folders with personal files. In Runet, as far as I know, there are ready-made sets of rules for HIPS ESET with 200-300 or more rules prescribed.
Would it be possible to write these: Added rules to them to protect autorun and hosts filerules here? I haven't found them listed elsewhere.
 
  • Like
Reactions: Dave Russo

Zorro

Level 9
Thread author
Verified
Well-known
Jun 11, 2019
408

czesetfan

Level 4
Dec 3, 2021
192
Yes, I have read this thread. However, I didn't find there a procedure to create a rule to protect autorun and hosts. The registry keys are listed there, but what exactly to "select" when creating the rule? (Sort of like ESET's instructions for protecting against ransomware. 1) Open .. 2) Press .. 3) etc. ...) Hosts file protection rules are mentioned, but not listed anywhere. Maybe I just don't know how to search properly. There is no way for me to inport the whole file, because I also have my own settings and that would get "mixed up".

Translated with www.DeepL.com/Translator (free version)
 
  • Like
Reactions: Dave Russo

Zorro

Level 9
Thread author
Verified
Well-known
Jun 11, 2019
408
Yes, I have read this thread. However, I didn't find there a procedure to create a rule to protect autorun and hosts. The registry keys are listed there, but what exactly to "select" when creating the rule? (Sort of like ESET's instructions for protecting against ransomware. 1) Open .. 2) Press .. 3) etc. ...) Hosts file protection rules are mentioned, but not listed anywhere. Maybe I just don't know how to search properly. There is no way for me to inport the whole file, because I also have my own settings and that would get "mixed up".

Translated with www.DeepL.com/Translator (free version)
Go to HIPS, then to the rules, and then navigate by the screenshots (only on my screenshots the Russian language). Choose an action - Ask of user
 

Attachments

  • скрин2.png
    скрин2.png
    15.7 KB · Views: 241
  • скрин3.png
    скрин3.png
    15 KB · Views: 266
  • скрин4.png
    скрин4.png
    18.4 KB · Views: 241

czesetfan

Level 4
Dec 3, 2021
192
Once I here already advised to add these registry keys under the protection of HIPS. This was advised to me by one user on the Russian forum.
In addition to the hips rules that were recommended to you above, I recommend that you add the following rules:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Windows\*
HKEY_Software\CURRENT_USER \CurrentVersion\RunOnce\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKEY_LOCAL_MACHINE\Windows\Systemion\PoVARESofters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentSYSTEMVersion\RunServices
\Servise\CurrentHKEY_c \DatabasePath

I noticed that the original published list of registry keys is different than the currently published one. What happens to the items that have been added or dropped?
 
Last edited by a moderator:

czesetfan

Level 4
Dec 3, 2021
192
Ohh, mistake. :oops: Now I see that the "translator" has commiserated with me. Still, not all my keys match yours. I assume the differences are on each computer.
 

Zorro

Level 9
Thread author
Verified
Well-known
Jun 11, 2019
408
Ohh, mistake. :oops: Now I see that the "translator" has commiserated with me. Still, not all my keys match yours. I assume the differences are on each computer.
The list of keys is not mine. I took it from a user comment on another forum. I did not take a few keys for myself, the rest are registered with me. The complete list of keys is huge, I chose only where about autorun.
 
  • +Reputation
Reactions: Shadowra

Zorro

Level 9
Thread author
Verified
Well-known
Jun 11, 2019
408
I noticed that the original published list of registry keys is different than the currently published one. What happens to the items that have been added or dropped?
And if you want a complete list, then here's for you ... Just prescribe at your own peril and risk.

Startup keys (individual custom)
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run (only on 64-bit systems)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce (runs the program/command only once, clears it as soon as it is run)
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx (runs the program/command only once, clears it as soon as execution completes)
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

Startup Keys (all users)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run (only on 64-bit systems)
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce (runs the program/command only once, clears it as soon as it is run)
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx (runs the program/command only once, clears it as soon as execution completes)
HKLM\System\CurrentControlSet\Services
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

Active Setup - To run the command once for each user at login.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components

Undocumented
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

Keys indicate drivers that are loaded at startup
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32

Startup Miscellaneous
HKLM\Software\Classes\Filter
HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
KLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64

Group Policy Editor
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

==============================================================
Shell entries related to startup, such as items displayed when you right-click on files or folders.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Drive\ShellEx\ContextMenuHandlers
HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers
HKLM\Software\Wow6432Node\Classes\*\ShellEx\PropertySheetHandlers
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Directory\Shellex\DragDropHandlers
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers
HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOve
 
Last edited:

czesetfan

Level 4
Dec 3, 2021
192
Is there a difference between syntax ? :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\*
or:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top