Advice Request How does hardened ESET compare to other AVs?

Please provide comments and solutions that are helpful to the author of this topic.

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
I want to make a recommendation to a friend who doesn’t want to use Defender due to bad experience from 7 years ago, I told them things are different now but they want to go with a paid suite. I was thinking on paper ESET looks good, though I haven’t used it so I don’t really know.

It seems configurable and their HIPS features look good too.

Where it falls short is test results , though it’s consistently strong, other AVs ( Kaspersky, Symantec) consistently perform better. Tests however do not run ESET with hardened settings.

What’s your experience with ESET at hardened settings ? How does it compare to Kaspersky or Symantec ?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I haven't used ESET in a while, but from what I know, it becomes strong if you enable proactive mode for the HIPS, but this produces a flood of prompts, and is suited only for very dedicated users.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
On the hands of someone that can make hips rules, ESET can be very strong.

There are two ways to strengthen ESET.

1. Put HIPS (and/or Firewall) in learning mode for a few days. Note: this will leave you a little vulnerable so be careful. After that, change learning mode into interactive.

2. Put HIPS (and/or Firewall) in automatic mode or smartmode for HIPS. And write your own custom rules. Depending on your rules you can make ESET a lot stronger without increasing alert prompt too much.

ESET does offer some suggestions on rules users can make to better protect from ransomware.
Configure HIPS rules for ESET business products to protect against ransomware

I haven't tried this myself so I don't know how many alerts you will get.
 
F

ForgottenSeer 72227

I've used Eset in the past and IMHO it's a great program. It's definitely one of the top security programs out there and has tons of features and flexibility to make the system very secure. It's also one of the lightest programs available. Protection wise its very good, but in staying that, at default settings other programs may be a little better, however if you take the time to tweak it and take advantage of things like HIPS it's very strong. @RoboMan created a fantastic setup/configuration thread for Eset Internet security. I would start there if you have any questions about it's settings and how to configure it for stronger protection.

The one thing to keep in mind, while from a protection stand point it's probably best to set both the firewall and HIPS to interactive mode, however like @shmu26 said, it can be very noisy. One way around this would be to put both the firewall and HIPS into training mode for a day or 2, run all the programs they use and let Eset set the rules for all of those programs, then set both of them to Interactive. You would have to ensure the system is clean first though, but that was how I set my rules to limit the amount of noise interactive mode can bring.

Depending on your friend's technical level I would maybe install a trial and see what they think. It's a very good program overall, but like I've said depending on how you configure it, it can be a little noisy and if your friend isn't very technically adept to know what to do with those prompts, it may be a little overwhelming for them. Let them try it for a bit and see what they think.
 
Last edited by a moderator:

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
To start with, worry not about tests performances with suites. Take with a grain of salt, as usually, they do not represent the final user. ESET is a market leader, is light, and can be either really strong or really weak according on how you set it up. You probably can't go wrong with it.
 

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
And what About Avast Harded mode?
or
SandBoxie :D
Eset Also very poor in 0-malware...so ...em,but better than WD....As you want to pay for your AV its not a good choice....
 
Last edited:

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
Yes on tweak ESET is a good AV solution atleast better than WD.
Eset response to newer threats is also good..up to date signatures.
On Tweak __> Hips --> Can avail the same if not better in Qihoo, Comodo, or other freewares.
Eset is damn poor against any zero hour malware, ransomware protection is solely based on signatures, Clean Up against Unknown malware is next to none.
 

Brie

Level 10
Verified
Well-known
Jan 1, 2018
488
Yes on tweak ESET is a good AV solution atleast better than WD.
Eset response to newer threats is also good..up to date signatures.
On Tweak __> Hips --> Can avail the same if not better in Qihoo, Comodo, or other freewares.
Eset is damn poor against any zero hour malware, ransomware protection is solely based on signatures, Clean Up against Unknown malware is next to none.
:giggle: hi
where did you get this information?
 

Wraith

Level 13
Verified
Top Poster
Well-known
Aug 15, 2018
634
ESET IS is probably one of the BEST Suites you will get. It's extremely light on resources and static threat detection is superb. But as others have pointed out, it does not have any proactive defense or behaviour blocker. However ESET has HIPS which is technically far superior to any BB IF YOU KNOW HOW TO CONFIGURE IT. With default settings ESET is meh but once you tweak the HIPS it acts as an anti-executable. Follow the link @Azure Phoenix gave you. I myself have been using those rules for the past one month without any problems. As for configuring other settings, Turn ON scan for PUP/Unsafe applications. Enable Smart/DNA Signatures in Real Time Protection and scan of Runtime Packers. Set HIPS to SMART Mode along with the rules provided in the link and Firewall to Interactive along with the rules provided in the link. Also in the Intrusion Detection part of the Firewall make sure that all options are checked. If you want to make the HIPS behave like an anti-executable you will need to create a HIPS rule to ask you for every new process launched via Explorer(I use this Rule). Another excellent option ESET IS provides is the Device Control. It is disabled by default but it offers very granular control of what devices can be accessed. You can block USB devices, DVD drives, Bluetooth devices, printers, firewire, LPT/COM ports. No matter which suite one uses, he/she should learn to make use of all the features in the suite. And remember that an AV is ALWAYS the LAST line of defence. The user is the first followed by a properly configured backup.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
ESET IS is probably one of the BEST Suites you will get. It's extremely light on resources and static threat detection is superb. But as others have pointed out, it does not have any proactive defense or behaviour blocker. However ESET has HIPS which is technically far superior to any BB IF YOU KNOW HOW TO CONFIGURE IT. With default settings ESET is meh but once you tweak the HIPS it acts as an anti-executable. Follow the link @Azure Phoenix gave you. I myself have been using those rules for the past one month without any problems. As for configuring other settings, Turn ON scan for PUP/Unsafe applications. Enable Smart/DNA Signatures in Real Time Protection and scan of Runtime Packers. Set HIPS to SMART Mode along with the rules provided in the link and Firewall to Interactive along with the rules provided in the link. Also in the Intrusion Detection part of the Firewall make sure that all options are checked. If you want to make the HIPS behave like an anti-executable you will need to create a HIPS rule to ask you for every new process launched via Explorer(I use this Rule). Another excellent option ESET IS provides is the Device Control. It is disabled by default but it offers very granular control of what devices can be accessed. You can block USB devices, DVD drives, Bluetooth devices, printers, firewire, LPT/COM ports. No matter which suite one uses, he/she should learn to make use of all the features in the suite. And remember that an AV is ALWAYS the LAST line of defence. The user is the first followed by a properly configured backup.

Thanks for this, it’s for a friend, I’m quite happy with WD and GPO hardening, but the above sounds quite good. Does it block autorun as well for usb?
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
How good is the anti exploit ? Eg Exploit Guard is quite thorough, I haven’t compared it to HMPA to see if it covers everything but it’s thorough. How good is the ESET anti exploit ? Eg with Exploit Guard when making browser profiles I’ve pretty much enabled all anti exploit mechanisms but two, is ESET as thorough ?
 
F

ForgottenSeer 72227

How good is the anti exploit ? Eg Exploit Guard is quite thorough, I haven’t compared it to HMPA to see if it covers everything but it’s thorough. How good is the ESET anti exploit ? Eg with Exploit Guard when making browser profiles I’ve pretty much enabled all anti exploit mechanisms but two, is ESET as thorough ?

I am not sure if this particular component has been tested by itself, trying to test exploit capabilities properly is quite difficult. From what I remember it's not very configurable, you cannot add/remove programs and select settings like HMPA or Exploit Guard, but I think it protects things like vulnerable apps (ie: browsers, etc...), core OS components, but I'm not 100% sure. One thing Eset likes to state when talking about their products is that they are designed in such a way that all components (AV, FW, HIPS, Live Grid, exploit, etc...) work together and really shouldn't be considered as separate entities. If anything disabling one component may severely affect another as they all work together. Personally I think the best defense against exploits is to simply keep Windows and all your programs up to date and to remove programs you rarely/don't use.

As I've said in my previous post, if you take the time to configure it and really take the time to make good use of it's HIPS, you will have a very secure system on all fronts IMHO.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
I am not sure if this particular component has been tested by itself, trying to test exploit capabilities properly is quite difficult. From what I remember it's not very configurable, you cannot add/remove programs and select settings like HMPA or Exploit Guard, but I think it protects things like vulnerable apps (ie: browsers, etc...), core OS components, but I'm not 100% sure. One thing Eset likes to state when talking about their products is that they are designed in such a way that all components (AV, FW, HIPS, Live Grid, exploit, etc...) work together and really shouldn't be considered as separate entities. If anything disabling one component may severely affect another as they all work together. Personally I think the best defense against exploits is to simply keep Windows and all your programs up to date and to remove programs you rarely/don't use.

As I've said in my previous post, if you take the time to configure it and really take the time to make good use of it's HIPS, you will have a very secure system on all fronts IMHO.

Anti exploit is mainly for 0day mitigation and sufficiently orthogonal to the other components. Everything you’ve said about updates, more layers is true but this doesn’t change that anti exploit is excellent mitigation on its own right
 
  • Like
Reactions: ForgottenSeer 72227

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top