novice

I understand that " disconnect means to terminate the connection " but my questions were: 1.Why Eicar has a reputation of only 5 days when should be 10 years or more? 2.If the question is "Block access?" why the option offered are "Disconnect" and "Ignore Threat"?? Shouldn't rather be "Block" and "Allow"????

Just tested ESET against Eicar. The Pop-Up warning says , on reputation, "Discovered 5 days ago" And as options: Block access? But the possible buttons are : Disconnect and Ignore So, how come is "Discovered 5 days ago" and if I am asked "Block" why the option is "Disconnect" and not "Block" or "Ignore"

What about proving me wrong rather than banning , ah?

So is either your sophisticated unproved theory OR much simpler one: ESET failed to protect against that specific ransomware ...

Hate and love so close each other....

And you were advising me to work on my spelling skills....

I remember an antivirus ( do not recall which) asking for CAPTCHA in order to proceed with uninstall. A simple and elegant solution.

What about resetting the phone to factory default , as long as you are giving it to a child???

This doesn't matter... If somehow is an ESET glitch , still the old "an unauthorized person manages to log in with administrator rights and disabled ESET.." can be used successfully. Who can prove otherwise????

You do like this explanation, don't you????? What can be more convenient then blaming the user for "not securing his PC"???? And I assume I will banned for reveling the truth....

Thank you for your answer! Seems like ".. the attacker most likely logged in as an administrator and paused or uninstalled ESET " is the explanation of the day to justify ESET inability to protect against ransomware. At least several situations before were explained using the same (convenient) scenario. The addition of "antiransomware shield" to ESET was advertised as a big achievement , yet I have never seen it "in action" and the number of people coming here and complaining about being infected by ransomware is higher than any other forum. Despite all bells and whistles, it seems like ESET still relies 99.9% on signatures and Live Grid, while HIPS/behavior/heuristic has an insignificant contribution.

Just out of curiosity , how the dedicated "antiransomware module +HIPS" work, if we still rely on " The detection was added on June 24 "??? Shouldn't the computer be protected somehow even before "adding the detection" by those 2 modules (antiransomware module +HIPS)??? If we still rely on a signature to be added, what's the point of having the antiransomware module +HIPS?

You are right assuming my lack of experience in securing a business computer network . However I overcompensate with common sense. If: " Most likely this is what happened: - an attacker logged in with administrator privileges (stole an admin password, guessed it or brute-forced it) via RDP - ESET was not password protected so they paused or removed the AV " why doesn't ESET , by default, ask the business network administrator to implement a password during install with a certain strength. So, the vulnerability of having an unprotected ESET will disappear. How complicated could be to implement this? Is already implemented on various forums where you are asked for a password with upper characters, lower characters , numbers, special characters, certain strength... The down part of this would be that ESET cannot blame the user anymore...., not good!

What do you mean by "the option has nothing to do with either"???? You just said " Sophos has a simple mitigation "

So why Sophos and not ESET? Doesn't seem to be rocket science....

You are absolutely right. So why the fantasist explanation about "an attacker who brute-forced the password, disabled ESET, encrypted everything, enabled ESET back and left"?????

This is the "convenient" story but why the attacker would re-enable protection after encrypting the whole PC???? What about more logical story : EFSW 7.1 even installed and updated couldn't prevent the encryption. If you browse the forum, wouldn't be the first time.

First steps in correcting a problem is to acknowledge there is a problem. Blindly defending ESET no-matter-what doesn't help anyone. Let's close this discussion here. I was talking about 2 PC used to browse the internet daily (wife and daughter) Win 7/64, fully updated , admin account, UAC set to max, IE with SmartScreen filter enabled.

I prefer a FP compared with a Ransomware not being detected I have HIPS in "Smart mode"; never had a warning from HIPS in over 2 years That is true. However , there are competitors able to score 100% or close to it ,each and every test. Nobody has intention to make ESET look bad; the tests are the same for all players involved This is a strange logic. Is like saying :" I drink a glass of water every day and I did not get cancer; hence the water is protecting me against cancer" I have been using MSE for over 6 years on certain computers and I never got infected, so what conclusion should I make????

Yes, you are right, let's lock this thread and move it somewhere else , so will be invisible to the common user and pretend this problem never existed; you have some time now till next AV comparative review , for another good explanation.

If the malware has " been seen on less than 10 machines in total" what other "proper" submission is to be expected??? That means the "LiveGrid" of 10 machines somewhere in the word reported this malware , hence the conclusion "has been seen"

Not a bad idea but I can bet that will never happen.

I do not think so. Marco's answer was very clear :" It's been seen on less than 10 machines in total " which suggests that "10 machines with ESET" Would be impossible for ESET to know that my machine (with Kaspersky let's say) encountered that specific malware. Regardless how are you trying to sugarcoat it, the fact remains: for a while now ESET is subpar compared with other players on the market. Strange thing, all these players which performed better than ESET , have a free version to offer (Avast!, Bitdefender, Avira, Kaspersky, Microsoft)

Still I did not get it: if ESET encountered 10 times a certain malware which otherwise was detected by a significant number of vendors, why did not add a rule or something to have that particular malware detected? Why was necessary for an user to pinpoint the problem and to persuade ESET to implement a detection????