notabot

Level 14
I want to make a recommendation to a friend who doesn’t want to use Defender due to bad experience from 7 years ago, I told them things are different now but they want to go with a paid suite. I was thinking on paper ESET looks good, though I haven’t used it so I don’t really know.

It seems configurable and their HIPS features look good too.

Where it falls short is test results , though it’s consistently strong, other AVs ( Kaspersky, Symantec) consistently perform better. Tests however do not run ESET with hardened settings.

What’s your experience with ESET at hardened settings ? How does it compare to Kaspersky or Symantec ?
 

shmu26

Level 83
Verified
Trusted
Content Creator
I haven't used ESET in a while, but from what I know, it becomes strong if you enable proactive mode for the HIPS, but this produces a flood of prompts, and is suited only for very dedicated users.
 

Azure

Level 24
Verified
Content Creator
On the hands of someone that can make hips rules, ESET can be very strong.

There are two ways to strengthen ESET.

1. Put HIPS (and/or Firewall) in learning mode for a few days. Note: this will leave you a little vulnerable so be careful. After that, change learning mode into interactive.

2. Put HIPS (and/or Firewall) in automatic mode or smartmode for HIPS. And write your own custom rules. Depending on your rules you can make ESET a lot stronger without increasing alert prompt too much.

ESET does offer some suggestions on rules users can make to better protect from ransomware.
Configure HIPS rules for ESET business products to protect against ransomware

I haven't tried this myself so I don't know how many alerts you will get.
 

Raiden

Level 13
Verified
Content Creator
I've used Eset in the past and IMHO it's a great program. It's definitely one of the top security programs out there and has tons of features and flexibility to make the system very secure. It's also one of the lightest programs available. Protection wise its very good, but in staying that, at default settings other programs may be a little better, however if you take the time to tweak it and take advantage of things like HIPS it's very strong. @RoboMan created a fantastic setup/configuration thread for Eset Internet security. I would start there if you have any questions about it's settings and how to configure it for stronger protection.

The one thing to keep in mind, while from a protection stand point it's probably best to set both the firewall and HIPS to interactive mode, however like @shmu26 said, it can be very noisy. One way around this would be to put both the firewall and HIPS into training mode for a day or 2, run all the programs they use and let Eset set the rules for all of those programs, then set both of them to Interactive. You would have to ensure the system is clean first though, but that was how I set my rules to limit the amount of noise interactive mode can bring.

Depending on your friend's technical level I would maybe install a trial and see what they think. It's a very good program overall, but like I've said depending on how you configure it, it can be a little noisy and if your friend isn't very technically adept to know what to do with those prompts, it may be a little overwhelming for them. Let them try it for a bit and see what they think.
 
Last edited:

Robbie

Level 29
Verified
Content Creator
To start with, worry not about tests performances with suites. Take with a grain of salt, as usually, they do not represent the final user. ESET is a market leader, is light, and can be either really strong or really weak according on how you set it up. You probably can't go wrong with it.
 

omidomi

Level 68
Verified
Trusted
Malware Hunter
And what About Avast Harded mode?
or
SandBoxie :D
Eset Also very poor in 0-malware...so ...em,but better than WD....As you want to pay for your AV its not a good choice....
 
Last edited:

Mahesh Sudula

Level 16
Verified
Malware Tester
Yes on tweak ESET is a good AV solution atleast better than WD.
Eset response to newer threats is also good..up to date signatures.
On Tweak __> Hips --> Can avail the same if not better in Qihoo, Comodo, or other freewares.
Eset is damn poor against any zero hour malware, ransomware protection is solely based on signatures, Clean Up against Unknown malware is next to none.
 

Brie

Level 9
Verified
Yes on tweak ESET is a good AV solution atleast better than WD.
Eset response to newer threats is also good..up to date signatures.
On Tweak __> Hips --> Can avail the same if not better in Qihoo, Comodo, or other freewares.
Eset is damn poor against any zero hour malware, ransomware protection is solely based on signatures, Clean Up against Unknown malware is next to none.
:giggle: hi
where did you get this information?
 

Wraith

Level 13
Verified
Malware Tester
ESET IS is probably one of the BEST Suites you will get. It's extremely light on resources and static threat detection is superb. But as others have pointed out, it does not have any proactive defense or behaviour blocker. However ESET has HIPS which is technically far superior to any BB IF YOU KNOW HOW TO CONFIGURE IT. With default settings ESET is meh but once you tweak the HIPS it acts as an anti-executable. Follow the link @Azure Phoenix gave you. I myself have been using those rules for the past one month without any problems. As for configuring other settings, Turn ON scan for PUP/Unsafe applications. Enable Smart/DNA Signatures in Real Time Protection and scan of Runtime Packers. Set HIPS to SMART Mode along with the rules provided in the link and Firewall to Interactive along with the rules provided in the link. Also in the Intrusion Detection part of the Firewall make sure that all options are checked. If you want to make the HIPS behave like an anti-executable you will need to create a HIPS rule to ask you for every new process launched via Explorer(I use this Rule). Another excellent option ESET IS provides is the Device Control. It is disabled by default but it offers very granular control of what devices can be accessed. You can block USB devices, DVD drives, Bluetooth devices, printers, firewire, LPT/COM ports. No matter which suite one uses, he/she should learn to make use of all the features in the suite. And remember that an AV is ALWAYS the LAST line of defence. The user is the first followed by a properly configured backup.
 

notabot

Level 14
ESET IS is probably one of the BEST Suites you will get. It's extremely light on resources and static threat detection is superb. But as others have pointed out, it does not have any proactive defense or behaviour blocker. However ESET has HIPS which is technically far superior to any BB IF YOU KNOW HOW TO CONFIGURE IT. With default settings ESET is meh but once you tweak the HIPS it acts as an anti-executable. Follow the link @Azure Phoenix gave you. I myself have been using those rules for the past one month without any problems. As for configuring other settings, Turn ON scan for PUP/Unsafe applications. Enable Smart/DNA Signatures in Real Time Protection and scan of Runtime Packers. Set HIPS to SMART Mode along with the rules provided in the link and Firewall to Interactive along with the rules provided in the link. Also in the Intrusion Detection part of the Firewall make sure that all options are checked. If you want to make the HIPS behave like an anti-executable you will need to create a HIPS rule to ask you for every new process launched via Explorer(I use this Rule). Another excellent option ESET IS provides is the Device Control. It is disabled by default but it offers very granular control of what devices can be accessed. You can block USB devices, DVD drives, Bluetooth devices, printers, firewire, LPT/COM ports. No matter which suite one uses, he/she should learn to make use of all the features in the suite. And remember that an AV is ALWAYS the LAST line of defence. The user is the first followed by a properly configured backup.
Thanks for this, it’s for a friend, I’m quite happy with WD and GPO hardening, but the above sounds quite good. Does it block autorun as well for usb?
 

notabot

Level 14
How good is the anti exploit ? Eg Exploit Guard is quite thorough, I haven’t compared it to HMPA to see if it covers everything but it’s thorough. How good is the ESET anti exploit ? Eg with Exploit Guard when making browser profiles I’ve pretty much enabled all anti exploit mechanisms but two, is ESET as thorough ?
 
  • Like
Reactions: Nevi and Raiden

Raiden

Level 13
Verified
Content Creator
How good is the anti exploit ? Eg Exploit Guard is quite thorough, I haven’t compared it to HMPA to see if it covers everything but it’s thorough. How good is the ESET anti exploit ? Eg with Exploit Guard when making browser profiles I’ve pretty much enabled all anti exploit mechanisms but two, is ESET as thorough ?
I am not sure if this particular component has been tested by itself, trying to test exploit capabilities properly is quite difficult. From what I remember it's not very configurable, you cannot add/remove programs and select settings like HMPA or Exploit Guard, but I think it protects things like vulnerable apps (ie: browsers, etc...), core OS components, but I'm not 100% sure. One thing Eset likes to state when talking about their products is that they are designed in such a way that all components (AV, FW, HIPS, Live Grid, exploit, etc...) work together and really shouldn't be considered as separate entities. If anything disabling one component may severely affect another as they all work together. Personally I think the best defense against exploits is to simply keep Windows and all your programs up to date and to remove programs you rarely/don't use.

As I've said in my previous post, if you take the time to configure it and really take the time to make good use of it's HIPS, you will have a very secure system on all fronts IMHO.
 

notabot

Level 14
I am not sure if this particular component has been tested by itself, trying to test exploit capabilities properly is quite difficult. From what I remember it's not very configurable, you cannot add/remove programs and select settings like HMPA or Exploit Guard, but I think it protects things like vulnerable apps (ie: browsers, etc...), core OS components, but I'm not 100% sure. One thing Eset likes to state when talking about their products is that they are designed in such a way that all components (AV, FW, HIPS, Live Grid, exploit, etc...) work together and really shouldn't be considered as separate entities. If anything disabling one component may severely affect another as they all work together. Personally I think the best defense against exploits is to simply keep Windows and all your programs up to date and to remove programs you rarely/don't use.

As I've said in my previous post, if you take the time to configure it and really take the time to make good use of it's HIPS, you will have a very secure system on all fronts IMHO.
Anti exploit is mainly for 0day mitigation and sufficiently orthogonal to the other components. Everything you’ve said about updates, more layers is true but this doesn’t change that anti exploit is excellent mitigation on its own right
 
  • Like
Reactions: Raiden