novice
-
Posts
263 -
Joined
-
Last visited
-
Days Won
1
Posts posted by novice
-
-
Just tested ESET against Eicar.
The Pop-Up warning says , on reputation, "Discovered 5 days ago"
And as options:
Block access?
But the possible buttons are : Disconnect and Ignore
So, how come is "Discovered 5 days ago" and if I am asked "Block" why the option is "Disconnect" and not "Block" or "Ignore"
-
9 minutes ago, itman said:
Definitely trolling. Time for you to be banned.
What about proving me wrong rather than banning , ah?
-
10 hours ago, itman said:
Although the device had no Internet connectivity it is assumed it had internal network connectivity. The attacker gained access to the network via RDP or other means; most likely the server. Access to the this device was gained from the compromised network device. As such, he could have disabled Eset's real-time and HIPS protection and forced a reboot for the device. At this point, Eset's ransomware protection is disabled and the ransomware could run the unimpeded.
Was Eset's GUI settings on this device password protected?
Also in theory, Windows Defender real-time protection should have been enabled when Eset's was disabled. So assume the attacker disabled it which is rather trivial to do unless you are running ver. 1903 and WD's tamper protection had been previously manually enabled. Of course, the only way that can be done is if WD's real-time protection had been previously enabled. Note that by default tamper protection is disabled. Finally even if tamper protection was enabled, it could be manually disabled. Unlike Eset, WD has no password protection for its settings.
If you are running either Windows Server 2008 R2 or Windows Server 2008, have you applied the OS patches against the BlueKeep worm?
So is either your sophisticated unproved theory OR much simpler one: ESET failed to protect against that specific ransomware ...
-
9 hours ago, peteyt said:
I hate to sound personal but I love how when it comes to ....
Hate and love so close each other....
-
20 minutes ago, itman said:
You overall best protection against unwanted....
And you were advising me to work on my spelling skills....
-
1 hour ago, itman said:
Also for the record, any third party Windows AV solution can be uninstalled by simply doing so via Control Panel -> Uninstall programs option.
I remember an antivirus ( do not recall which) asking for CAPTCHA in order to proceed with uninstall.
A simple and elegant solution.
-
8 hours ago, Татьяна said:
Tell me, what can I do?
What about resetting the phone to factory default , as long as you are giving it to a child???
-
47 minutes ago, itman said:
we haven't established that Eset is non-functional
This doesn't matter... If somehow is an ESET glitch , still the old "an unauthorized person manages to log in with administrator rights and disabled ESET.." can be used successfully.
Who can prove otherwise????
-
4 hours ago, Marcos said:
it happens that if a user doesn't have settings protected with a password and an unauthorized person manages to log in with administrator rights, the person (attacker) pauses protection or uninstalls ESET.
You do like this explanation, don't you?????
What can be more convenient then blaming the user for "not securing his PC"????
And I assume I will banned for reveling the truth....
-
6 hours ago, Marcos said:
I didn't say ...
Thank you for your answer!
Seems like ".. the attacker most likely logged in as an administrator and paused or uninstalled ESET " is the explanation of the day to justify ESET inability to protect against ransomware. At least several situations before were explained using the same (convenient) scenario.
The addition of "antiransomware shield" to ESET was advertised as a big achievement , yet I have never seen it "in action" and the number of people coming here and complaining about being infected by ransomware is higher than any other forum.
Despite all bells and whistles, it seems like ESET still relies 99.9% on signatures and Live Grid, while HIPS/behavior/heuristic has an insignificant contribution.
-
Just out of curiosity , how the dedicated "antiransomware module +HIPS" work, if we still rely on " The detection was added on June 24 "???
Shouldn't the computer be protected somehow even before "adding the detection" by those 2 modules (antiransomware module +HIPS)???
If we still rely on a signature to be added, what's the point of having the antiransomware module +HIPS?
-
7 hours ago, itman said:
It appears you obviously have no Microsoft training in how to properly secure a business computer network.
You are right assuming my lack of experience in securing a business computer network . However I overcompensate with common sense. If:
" Most likely this is what happened:
- an attacker logged in with administrator privileges (stole an admin password, guessed it or brute-forced it) via RDP
- ESET was not password protected so they paused or removed the AV "why doesn't ESET , by default, ask the business network administrator to implement a password during install with a certain strength. So, the vulnerability of having an unprotected ESET will disappear.
How complicated could be to implement this? Is already implemented on various forums where you are asked for a password with upper characters, lower characters , numbers, special characters, certain strength...
The down part of this would be that ESET cannot blame the user anymore...., not good!
-
7 minutes ago, itman said:
The option has nothing to do with either. Both gpedit.msc or secpol.msc are Windows policy/security utilities only available on the Pro+ versions.
What do you mean by "the option has nothing to do with either"????
You just said " Sophos has a simple mitigation " -
7 minutes ago, itman said:
I will also add that Sophos
So why Sophos and not ESET? Doesn't seem to be rocket science....
-
12 hours ago, itman said:
specific details on the staging events of the attack .... we will never know what they were
You are absolutely right.
So why the fantasist explanation about "an attacker who brute-forced the password, disabled ESET, encrypted everything, enabled ESET back and left"?????
-
On 7/19/2019 at 1:19 AM, Marcos said:
Most likely this is what happened:
- an attacker logged in with administrator privileges (stole an admin password, guessed it or brute-forced it) via RDP
- ESET was not password protected so they paused or removed the AV
- the attacker ran a ransomware to encrypt files
- the attacker re-enabled AV protection.This is the "convenient" story but why the attacker would re-enable protection after encrypting the whole PC????
What about more logical story : EFSW 7.1 even installed and updated couldn't prevent the encryption.
If you browse the forum, wouldn't be the first time.
-
28 minutes ago, Rami said:
But in your case novicee
First steps in correcting a problem is to acknowledge there is a problem.
Blindly defending ESET no-matter-what doesn't help anyone.
Let's close this discussion here.
43 minutes ago, itman said:Blanket statements like this
I was talking about 2 PC used to browse the internet daily (wife and daughter)
Win 7/64, fully updated , admin account, UAC set to max, IE with SmartScreen filter enabled.
-
16 hours ago, peteyt said:
Really - Did you not see how many false positives WD
I prefer a FP compared with a Ransomware not being detected
16 hours ago, peteyt said:Eset has stuff like HIPS
I have HIPS in "Smart mode"; never had a warning from HIPS in over 2 years
16 hours ago, peteyt said:So simply put no security will ever be 100 percent
That is true. However , there are competitors able to score 100% or close to it ,each and every test.
16 hours ago, peteyt said:one security program appear the worst
Nobody has intention to make ESET look bad; the tests are the same for all players involved
16 hours ago, peteyt said:I have never been infected with eset
This is a strange logic. Is like saying :" I drink a glass of water every day and I did not get cancer; hence the water is protecting me against cancer"
I have been using MSE for over 6 years on certain computers and I never got infected, so what conclusion should I make????
-
18 minutes ago, itman said:
Since you seem fixated on this point, we are referring to an incident that happened almost 2 years ago. I have previously posted the same did not occur with a malware submission I recently submitted. So move on to something else.
Yes, you are right, let's lock this thread and move it somewhere else , so will be invisible to the common user and pretend this problem never existed; you have some time now till next AV comparative review , for another good explanation.
-
3 hours ago, itman said:
It really appears what happened in this instance was the malware was not properly submitted for analysis. This is what caused the unusually long delay in signature creation.
If the malware has " been seen on less than 10 machines in total" what other "proper" submission is to be expected???
That means the "LiveGrid" of 10 machines somewhere in the word reported this malware , hence the conclusion "has been seen"
-
25 minutes ago, TomFace said:
I do not see any link to the quote that "novice" is claiming that Marcos posted in this Forum.
Could you share it "novice"?
Regards,
Tom
-
Not a bad idea but I can bet that will never happen.
-
7 hours ago, itman said:
The Eset forum response as to "10 times" was in regards to the "in-the-wild" instance of the malware; not how many times an Eset product detected it.
I do not think so. Marco's answer was very clear :" It's been seen on less than 10 machines in total " which suggests that "10 machines with ESET"
Would be impossible for ESET to know that my machine (with Kaspersky let's say) encountered that specific malware.
Regardless how are you trying to sugarcoat it, the fact remains: for a while now ESET is subpar compared with other players on the market. Strange thing, all these players which performed better than ESET , have a free version to offer (Avast!, Bitdefender, Avira, Kaspersky, Microsoft)
-
1 minute ago, itman said:
If only a few samples exist in the wild, their targets are restricted to a specific area or business concern, etc., the likelihood of quick detection by existing monitoring methods are quite low.
Still I did not get it: if ESET encountered 10 times a certain malware which otherwise was detected by a significant number of vendors, why did not add a rule or something to have that particular malware detected?
Why was necessary for an user to pinpoint the problem and to persuade ESET to implement a detection????
About Eicar
in ESET NOD32 Antivirus
Posted
I understand that " disconnect means to terminate the connection " but my questions were:
1.Why Eicar has a reputation of only 5 days when should be 10 years or more?
2.If the question is "Block access?" why the option offered are "Disconnect" and "Ignore Threat"?? Shouldn't rather be "Block" and "Allow"????