Raiden

Level 13
Verified
Content Creator
Anti exploit is mainly for 0day mitigation and sufficiently orthogonal to the other components. Everything you’ve said about updates, more layers is true but this doesn’t change that anti exploit is excellent mitigation on its own right
Oh don't get me wrong, I am in no way against someone using an anti-exploit program, I understand it can be very useful. My post was mostly to highlight the fact that I don't believe Eset's anti-exploit feature has been thoroughly tested, so I don't think we know for sure how it performs. The same can be said for most products that have anti-exploit capabilities, as it's very difficult to test anti-exploit programs/features. Knowing Eset, it's probably very capable, but like every other product it won't be bullet proof, hence my reasoning about keeping everything up to date.

As I've said there's more to Eset than one particular feature, they are all meant to compliment one another. You have to look at the product as a whole, not just one aspect of it and the same can be said for every other program out there.:)
 
  • Like
Reactions: Wraith and Azure

Wraith

Level 13
Verified
Malware Tester
How good is the anti exploit ? Eg Exploit Guard is quite thorough, I haven’t compared it to HMPA to see if it covers everything but it’s thorough. How good is the ESET anti exploit ? Eg with Exploit Guard when making browser profiles I’ve pretty much enabled all anti exploit mechanisms but two, is ESET as thorough ?
HMPA is a specialised anti exploit tool. You can't compare it with any suite like ESET or Kaspersky both of which have anti exploit capabilities. However their procedure is a bit different. Mostly they block the exploit payload. But believe me if you keep your OS and Softwares patched it's hard to get exploited. Most 0 day exploits target the corporate environment. And once again I repeat ESET HIPS configured properly can block exploits.
 
Last edited:

Wraith

Level 13
Verified
Malware Tester
Thanks for this, it’s for a friend, I’m quite happy with WD and GPO hardening, but the above sounds quite good. Does it block autorun as well for usb?
Autorun can be blocked within Windows. You can also add SysHardener and OSArmor with ESET to make it bullet-proof. ESET device control will block total access to the device, not just the autorun. Here's some screenshots of the HIPS with the anti executable rule and the Device control.
 

Attachments