Pano

Level 1
1586111741927.png


Leo owned.
 

Attachments

  • 1586111727856.png
    1586111727856.png
    205.1 KB · Views: 61

JohnB

New Member
Hello Fellow ESET Users,

I saw your discussion about ESET and I wanted to see if some of you that use ESET could answer a "WHY" type of question for me.

I have used ESET for several years, and I like it. But, I have also tried to harden it by adding a few of the "Best Practices" types of rules that have been recommended here in MT, and also by ESET on their support webpage. Namely, I have added the HIPS rules to prevent unwanted execution of malware in certain folders on my machine, such as APPDATA, TEMP, Excel & MS Word scripts, etc. That being said, my question is this: Why doesn't ESET take the time to add simple options buttons in their settings screens to allow us to easily block the execution of files in these vulnerable directories? Why do we have to go to the trouble of manually adding this rules?

I certainly understand the idea that some programs need to execute in those folders, so some people would not want them turned on. But since most home users don't need scripts running is those folders, why hasn't ESET simply expanded their setting options to allow us to easily block those things? From what I have seen in the ESET discusion folder, when a person adds these advanced hardening rules to ESET HIPS, it performs much better. Hence that is why is is recommended. It seems like a simple no brainer.

They could add these settings, and turn them on by default when the program is installed, and then add a simple interactive dialog question when a program such as EXCEL tries to run in those folders. But they don't do that - like it is too hard to add these simple hardening techniques to their system. Clearly, after all this time of ESET support recommending these hardening rules, they certainly have thought about this, but they have made the decision not to add them. Indeed, if they did do this, I bet their program would perform even better on those tests that we all see on AVTEST and AV-COMPARABLES., and would probably increase their overall program sales.

I suspect that part of the problem is that ESET is very much focused on the business corporate AV market - a market that typically uses professional IT managers who can easily write group policy rules, etc. I think they tend to thing of the retail home users a afterthought and don't really write their program with home users in mind. What do all of you think? Thanks
 

SeriousHoax

Level 30
Verified
Malware Tester
Hello Fellow ESET Users,

I saw your discussion about ESET and I wanted to see if some of you that use ESET could answer a "WHY" type of question for me.

I have used ESET for several years, and I like it. But, I have also tried to harden it by adding a few of the "Best Practices" types of rules that have been recommended here in MT, and also by ESET on their support webpage. Namely, I have added the HIPS rules to prevent unwanted execution of malware in certain folders on my machine, such as APPDATA, TEMP, Excel & MS Word scripts, etc. That being said, my question is this: Why doesn't ESET take the time to add simple options buttons in their settings screens to allow us to easily block the execution of files in these vulnerable directories? Why do we have to go to the trouble of manually adding this rules?

I certainly understand the idea that some programs need to execute in those folders, so some people would not want them turned on. But since most home users don't need scripts running is those folders, why hasn't ESET simply expanded their setting options to allow us to easily block those things? From what I have seen in the ESET discusion folder, when a person adds these advanced hardening rules to ESET HIPS, it performs much better. Hence that is why is is recommended. It seems like a simple no brainer.

They could add these settings, and turn them on by default when the program is installed, and then add a simple interactive dialog question when a program such as EXCEL tries to run in those folders. But they don't do that - like it is too hard to add these simple hardening techniques to their system. Clearly, after all this time of ESET support recommending these hardening rules, they certainly have thought about this, but they have made the decision not to add them. Indeed, if they did do this, I bet their program would perform even better on those tests that we all see on AVTEST and AV-COMPARABLES., and would probably increase their overall program sales.

I suspect that part of the problem is that ESET is very much focused on the business corporate AV market - a market that typically uses professional IT managers who can easily write group policy rules, etc. I think they tend to thing of the retail home users a afterthought and don't really write their program with home users in mind. What do all of you think? Thanks
I think almost no mainstream AV on the market has such one click option to block scripts, macros, unknown program blocking, etc features. Giving such option directly in the UI could do more harm than good if a not so knowledgeable user decides to play with those options. ESET even recommends not to play with HIPS if the user don't know what they are doing and ESET being a very false positive sensitive company, I don't ever see them adding those features directly in the UI.
For your comment regarding AV labs, all AV labs tests specially for home users are done on default settings. So it won't change the outcome of ESET's results.
Another good example is, Kaspersky had one kind of a similar feature on their products with "Trusted Application Mode" which only allowed programs trusted by Kaspersky cloud to run. But they removed the feature in their latest version saying barely anyone use this feature. The same protection can be achieved by modifying their application control module so they didn't see any reason to keep a separate module.
So, I think ESET don't see it fit to give such options either. Besides, ESET lets you save all of your settings to a file. Even if you reinstall it, you can always restore every modifications you made from that file.
Personally I don't want an one click option rather I want an improved HIPS with wildcard support so that it can be hardened even more.
 

The Cog in the Machine

Level 23
Verified
Kaspersky had one kind of a similar feature on their products with "Trusted Application Mode" which only allowed programs trusted by Kaspersky cloud to run. But they removed the feature in their latest version saying barely anyone use this feature. The same protection can be achieved by modifying their application control module so they didn't see any reason to keep a separate module.
But TAM was one-click away and you're system is protected. Now you need the knowledge to replicate TAM using application control module. When a friends asked me how to configure Kaspersky, all I needed to do is tell them to enable TAM.
 

SeriousHoax

Level 30
Verified
Malware Tester
But TAM was one-click away and you're system is protected. Now you need the knowledge to replicate TAM using application control module. When a friends asked me how to configure Kaspersky, all I needed to do is tell them to enable TAM.
Yes but like i said, very few users use it so they decided to remove it. Advanced users would know how to configure application control.
 

The Cog in the Machine

Level 23
Verified
very few users use it so they decided to remove it
Maybe from commercial point of view they did remove it; it requires maintenance and since a few people use it they saw it is useless to keep developing it.

Advanced users would know how to configure application control.

Advanced users will always know what to do and how to handle infections. Inexperienced users, on the other hand, are always in need for automated and lockdown protection. If any of my inexperienced friends (I consider myself inexperienced too lol) ask for my opinion, I recommend them to install Avast with hardened mode enabled or just to use BD. I used to recommend Kaspersky with TAM enabled but not anymore.
 

JohnB

New Member
Hi Serious,

I understand what you are saying - I know there is a "balance" between protection and "ease of use" that they are trying for. But when you look at those AV tests, you are right, they always run them with default "out of the box" options - no hardening. When you look at ESET support, as well as knowledgeable ESET users on this forum, and they all recommend hardening ESET with these extra rules. I would think ESET could find a good program to add some sort of interactive question on the install setup to ask the use something along the lines of whether or not they want to ESET to ask the user for permission when macros from running in EXCEL, etc. Other programing companies (Microsoft, Google, Intuit, Apple, etc, are able write plane english install question to step a user through the options when they install. Or, maybe instead ESET gives you different levels of "hardening" that add they options on. At least it would be better to give us the option to turn it on or off.

Also, I have tried using ESET's save setting feature to copy the ESET savings between different computers. It doesn't always work because you have to save all of the settings or none - you can't pick and choose. My ESET settings on my computer are different from the 14 yo daughter's laptop. The ESET settings just don't translate well. Consequently, I have to manually set up these rules on five different family computer. I can't just set up a group policy. ESET could make this whole hardening process much easier - especially since their support teams highly recommend the hardening rules. They just don't make it easy. You said it yourself - when someone asks you - you recommend BitDefender instead - because you don't have to do this extra hardening of the program. The BD programmers took care of it for you when they set the default settings of the program.

Anyhow - just me gripping - I hate it when I see computer tech programmers write a good program, but they don't pay much attention to what the customer experiences when they actually use the program. The get the ball to the 10 yard line, and they can' get it across the goal line! Thanks for your thoughts on the matter.

Best Regards
JohnB
 
Top