App Review ESET Smart Security 2022 (Custom Roboman's Settings)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
Content source
https://www.youtube.com/watch?v=S0S_6qv8_KE
Hello and welcome to the ESET test!
ESET is an antivirus company located in Bratislava, Slovakia.
Leader in security (partnership with Google Play, Chrome etc), ESET is very well known in the world of security and very appreciated by gamers because it is very light.

In this test, we have imported rules created by the community to strengthen the HIPS, which has always been a weakness.

Overall, ESET did very well!
It caught up well with the malware in the pack thanks to HIPS!
Just one piece of malware hurt it, ESET blocked its actions well, but it manages to get into the MBR. Impossible to start the machine.

Apart from this mistake, ESET is still recommendable and one of the best antivirus products!

RAM Usage : Light
Phishing Test : 2/4 (2 missed, 1 dead)
Malware URL test : 9/9 (All detected, 1 dead)
Fake crack : 1/1 (detected)
Malware Pack : Remaining 156 out of 985 files

Result :
- ESET : 4
- Hitman Pro : 1
- NPE : 2 (Norton indicates 604 because a malware created random files on the desktop)
- KVRT : 1
- Comodo : 0

The MBR has unfortunately been modified, a 3D cube appears after reboot!

ESET rules : @RoboMan
Request by : @RoboMan and @SFox

All undetected malware has been send a @Marcos from ESET Team !

 
  • Like
  • +Reputation
  • Applause
Reactions: nikos200, icarus, Behold Eck and 16 others
Zorro

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
408
On the one hand, the antivirus showed itself not bad, we can say that only 1 malicious program was able to harm the system, and in total there were almost 1000 such programs in the test. 1 in 1000 is not bad.
But with such tight settings, the antivirus should not have let this malware pass. Moreover, this is not even the Internet Security - this is a whole Premium, in which there is LiveGuard! Besides, if I'm not mistaken, ESET has some kind of protection against changes to the master boot record. Or is there no such function? In any case, if the case turns out as in the test, then the average user is unlikely to be able to restore the boot record on his own. And this is very bad. For an ordinary John. He will have to pay for the services of a computer specialist.
What will Marcos say?
 
  • Like
  • +Reputation
Reactions: Evjl's Rain, roger_m, Zartarra and 7 others
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,485
Thank you @Shadowra for your video!!

Overall, we've seen ESET HIPS in serious action, warning us about most of the malware you executed.

Just an observation, I saw you imported my configuration file "June_2021", which is the outdated configuration file. This one only includes ransomware protection, but nothing else. Several days in the past, I updated my thread, including rules for:
  • Registry Protection
  • Hosts File Protection
I really believe my November_2021 file offers a stronger, more solid protection! Anyways, I hope you can re-test it in the future with this one.

This file can be found in my thread: Q&A - Configure ESET Antivirus for Maximum Security (by RoboMan)

Or directly in: UPLOAD.EE - ESET_NOD32_November_2021.xml - Download

All in all, aforementioned, this was a really good result.
 
  • Like
  • Applause
Reactions: roger_m, Zartarra, Guilhermesene and 6 others
Zorro

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
408
RoboMan said:
I really believe my November_2021 file offers a stronger, more solid protection! Anyways, I hope you can re-test it in the future with this one.
Click to expand...
I also noticed that in the configuration file that was imported, there were no rules for protecting against ransomware and other rules for protecting the registry. But the test has already been carried out, and Shadowra will not be re-tested.
 
  • Like
Reactions: Zartarra, Guilhermesene, Shadowra and 4 others
Zorro

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
408
One more point. One of the users with whom we discussed this test on another forum noted that the settings do not enable file blocking in LiveGuard until the result of cloud analysis (proactive protection). Could this affect the launch of malware that damaged the system? Big question :)
 
  • Like
Reactions: SeriousHoax and Gandalf_The_Grey
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
SFox said:
One more point. One of the users with whom we discussed this test on another forum noted that the settings do not enable file blocking in LiveGuard until the result of cloud analysis (proactive protection). Could this affect the launch of malware that damaged the system? Big question :)
Click to expand...

The Roboman settings disable LiveGuard, but I re-enabled it behind ;)

On which forum is this talking about my video?
 
  • Like
Reactions: SeriousHoax, Gandalf_The_Grey and Kongo
Zorro

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
408
  • Like
Reactions: Shadowra, SeriousHoax and Gandalf_The_Grey
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
SFox said:
We are discussing on the Russian forum (ESET NOD32 Internet Security - Комментарии и отзывы - Страница 3). It's not about whether LiveGuard was turned on, but about its settings, there is a screenshot in the discussion on the Russian forum.
Click to expand...

I was able to read a little bit by copying and pasting in DeepL, I even saw that a member did not like Eset :D

As you say, the probability of a malware destroying the MBR is very low, especially since in my tests, I always push the antivirus to its maximum :) (using different scenarios: Virus, Worm, Trojan, RAT, MBRLock etc )

On the other hand, I hope that Eset will improve the protection at startup. The malware is still well detected by the antivirus...

VT detection :

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
 
  • Like
Reactions: roger_m, SeriousHoax, Gandalf_The_Grey and 1 other person
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Shadowra said:
I was able to read a little bit by copying and pasting in DeepL, I even saw that a member did not like Eset :D

As you say, the probability of a malware destroying the MBR is very low, especially since in my tests, I always push the antivirus to its maximum :) (using different scenarios: Virus, Worm, Trojan, RAT, MBRLock etc )

On the other hand, I hope that Eset will improve the protection at startup. The malware is still well detected by the antivirus...

VT detection :

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
Click to expand...
WoW so some products like Avira and Kaspersky even have very accurate signature for it, "DiskWriter" while ESET isn't even detecting it.
First submission on VT, "2021-11-05". That's almost 20 days now. They should've known about it by now. I wonder what's the origin of this sample. Because ESET often doesn't perform well against malware with Chinese origin. Lack of honeypot, lack of users in that area or something else could be the reason. Since ESET is highly signature oriented, if ESET hasn't seen similar sample before then the chance of it having signature/heuristics to detect that is low.
 
  • Like
  • +Reputation
Reactions: Dimitriss, Venustus, roger_m and 5 others
Andrew3000

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
537
SeriousHoax said:
WoW so some products like Avira and Kaspersky even have very accurate signature for it, "DiskWriter" while ESET isn't even detecting it.
First submission on VT, "2021-11-05". That's almost 20 days now. They should've known about it by now. I wonder what's the origin of this sample. Because ESET often doesn't perform well against malware with Chinese origin. Lack of honeypot, lack of users in that area or something else could be the reason. Since ESET is highly signature oriented, if ESET hasn't seen similar sample before then the chance of it having signature/heuristics to detect that is low.
Click to expand...
Eset has been tracking the sample in their cloud for 2 weeks.
I sent it to EDTD (Eset Dynamic threat defense) sandbox available for business products and the report gives the sample as clean :O

dsds.jpeg
 
Last edited:
  • Wow
  • Like
Reactions: fabiobr, Venustus, brambedkar59 and 3 others

Similar threads

Shadowra
    • Like
    • +Reputation
    • Applause
App Review Eset Smart Security 2024
Replies
26
Views
2,914
Video Reviews - Security and Privacy
superleeds27
S
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review ESET Smart Security Premium 2024
Replies
20
Views
3,864
Video Reviews - Security and Privacy
Shadowra
Shadowra
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Avira Pro Antivirus
Replies
5
Views
772
Video Reviews - Security and Privacy
Khushal
Khushal

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top