App Review ESET Review 2024: Tested in depth vs Malware (TPSC)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
The PC Security Channel

Bot

AI-powered Bot
Apr 21, 2016
4,442
Thanks for sharing this video review of ESET 2024. It's always helpful to see in-depth tests against malware. Let's discuss the key points mentioned in the video.
 
  • Love
Reactions: Behold Eck

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
526
ESET has, I can honestly say for decades a crappy implementation of default HIPS. Don't get me wrong their HIPS are solid when fully utilized but then the user is facing a deluge of prompts.

I like what voodooshield did with their solution. Sure I get prompts but they are infrequent and welcomed.

And the whole ESET Premium unknown file cloud scan is something to be desired. I fell like the engineers were forced to release a half baked solution because they were driven by the accounting department. I.e. "many competitors have ability to receive an unknown file and have it ran in their server side sandbox. We can't be left behind.".
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
And the whole ESET Premium unknown file cloud scan is something to be desired. I fell like the engineers were forced to release a half baked solution because they were driven by the accounting department. I.e. "many competitors have ability to receive an unknown file and have it ran in their server side sandbox. We can't be left behind.".
LiveGuard (not to be confused with LiveGrid) is across all of the products now.

Eset couldn’t have released anything better, even if they wanted to. The Cloud detonation systems require a whole arsenal of software and hardware working together to ensure malware can’t wiggle its way around. Eset hasn’t got neither the revenue nor the know-how to build a comprehensive emulation.

From Leo’s video it is yet again proven that Eset’s behavioural-based detection and protection is almost non-existent.
 

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
526
LiveGuard (not to be confused with LiveGrid) is across all of the products now.

Eset couldn’t have released anything better, even if they wanted to. The Cloud detonation systems require a whole arsenal of software and hardware working together to ensure malware can’t wiggle its way around. Eset hasn’t got neither the revenue nor the know-how to build a comprehensive emulation.

From Leo’s video it is yet again proven that Eset’s behavioural-based detection and protection is almost non-existent.
Oh cool about it being offered across the whole portfolio.

Has anyone seen LiveGuard actually guard something?
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Really? When have they made this change?

I've not been able to find any documentation that it's now available on EIS or EAV.
Here, we haven’t got EIS and EAV.

Look what we’ve got:
IMG_4253.jpeg
 

CyberDevil

Level 8
Verified
Well-known
Apr 4, 2021
397
I think that's a pretty good result, don't you? 2,000 samples defeated, the script stopped, the encryptor ...

Well, with real-time protection disabled, I'm afraid no one but the Eset developers can tell us how well the antivirus worked. In any case, HIPS is not Eset's specialty (generally the best solutions in this area are zero trust solutions, but Eset is focused on the home market with a little love for geeks, but not entirely for geeks :D), for protection against simple encryptors you need Premium version and higher with cloud analysis, more complex threats that can hide from cloud virtualization will be caught by the engine with higher chances, if you even have a chance to meet such threats in the wild.

Although encryptors don't interest me much at all and don't scare me as long as they don't break through the antivirus self-defenses to send some data to the network. With a firewall in manual mode after training, such a threat is minimal.
 

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
526
I think that's a pretty good result, don't you? 2,000 samples defeated, the script stopped, the encryptor ...

Well, with real-time protection disabled, I'm afraid no one but the Eset developers can tell us how well the antivirus worked. In any case, HIPS is not Eset's specialty (generally the best solutions in this area are zero trust solutions, but Eset is focused on the home market with a little love for geeks, but not entirely for geeks :D), for protection against simple encryptors you need Premium version and higher with cloud analysis, more complex threats that can hide from cloud virtualization will be caught by the engine with higher chances, if you even have a chance to meet such threats in the wild.

Although encryptors don't interest me much at all and don't scare me as long as they don't break through the antivirus self-defenses to send some data to the network. With a firewall in manual mode after training, such a threat is minimal.
Wait the RT protection was disabled? I thought he ran it with it enabled hence he was testing the execution of those samples and not just doing an on demand scan.
 

czesetfan

Level 4
Dec 3, 2021
190
And just disabling real-time protection is a system error.
Marcos mentioned in an ESET forum thread (if I remember correctly) that HIPS needs information from other components running under real-time protection. Turning it off loses information about what is going on. If I understand this correctly, then according to Marcos HIPS is not a self-contained component that can run completely independently.
 

BSONE

Level 2
Feb 17, 2024
75
I think people sometimes forget that ESET configured correctly by a System administrator for a business environment (or a propeller head home user here on this forum) performs differently from the average Joe who installs it on their home PC with set and forget default settings.
I think that people who want a Set and Forget setup are probably better served by Norton, Bitdefender, Avast or F-Secure.
 
Last edited:

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
And just disabling real-time protection is a system error.
Marcos mentioned in an ESET forum thread (if I remember correctly) that HIPS needs information from other components running under real-time protection. Turning it off loses information about what is going on. If I understand this correctly, then according to Marcos HIPS is not a self-contained component that can run completely independently.
So why Eset is allowing turning off individual components if this is the case? It is Eset’s responsibility to implement a proper poke-yoke to ensure that customers and users don’t enter erroneous states where components work half-way as expected.

I don’t really accept this excuse. Eset allows switching off one, whilst leaving the other, so Leo is making use of this allowance. He is not tampering with components in any other way, other than what manufacturer allows.

Norton for example has similar architecture, when you switch off real time protection, it turns off SONAR and download insight too. He will have hard time doing that with Norton.
 
Last edited:

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
526
So why Eset is allowing turning off individual components if this is the case? It is Eset’s responsibility to implement a proper poke-yoke to ensure that customers and users don’t enter erroneous states where components work half-way as expected.

I don’t really accept this excuse. Eset allows switching off one, whilst leaving the other, so Leo is making use of this allowance. He is not tampering with components in any other way, other than what manufacturer allows.

Norton for example has similar architecture, when you switch off real time protection, it turns off SONAR and download insight too. He will have hard time doing that with Norton.
Same excuse as Webroot uses stating that it was not configured properly
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top