novice

I was referring to this: The official explanation: " It's a Chinese ransomware written in Python with Chinese instructions. It's been seen on less than 10 machines in total. " While the OP complained : " another of real-life experience with ransomware bypassing ESET protection layers. It is still "at large" even for now with ver15819 definition and has 3 days of reputation history... Other vendors have successfully blocked the encryption through their behavioral detection layer "

Most anti viruses, if not all , have these days sophisticated mechanisms to deal with unknown malwares : behavior blockers, heuristics, HIPS, generic signatures.... To expect to get a sample first and add detection after is impossible these days ; I remember one of ESET officials saying " this sample was seen only 10 times by ESET , in the whole word, that's why we did not detect it" I was shocked by such statement.

Sorry, I did not see it at first. But 98.4%???? . We have Avira (free) , Kasersky (free) at 100%, Bitdfender (free) at 99.9%, Microsoft (free) at 99.6% .

So ESET is not even mentioned here....

The odds of encountering a sample cannot justify the acceptance of ESET low performance; when even Microsoft scores better , the expectation would be that somebody from ESET would step in and offer an official statement.

If the devices have identical names, how can the OP "remove the device that hasn't been connected for a longer time"????

This is not the first time when ESET , described with full capabilities to stop a ransomware , failed to do it. See here: ... and your best explanation was " It's been seen on less than 10 machines in total"!!!!! The OP clearly mentioned that" Other vendors have successfully block the encryption through their behavioral detection layer" and the detection ratio on Virus Total was 35/63. Common sense dictates that something is not quite right with ESET. And is not ranting...

From ESET "WHITE PAPER" Ransomware Shield ESET Ransomware Shield is an additional layer protecting users from the threat also known as extortion malware. This technology monitors and evaluates all executed applications using behavioral and reputation-based heuristics. Whenever a behavior that resembles ransomware is identified or the potential malware tries to make unwanted modifications to existing files (i.e. to encrypt them), this feature notifies the user. Ransomware Shield is fine-tuned to offer the highest possible level of ransomware protection together with other ESET technologies including Cloud Malware Protection System, Network Attack Protection and DNA Detections. Obviously, the "ransomware Shield" doesn't work. The fact that is a "new" variant is not an explanation. If would have been an "old" variant , probably would have been detected even by MSE

Claiming and protecting are two different things. Browse the forum to see how many times ESET failed to protect against ransomwares despite having a dedicated antiransomware shield /module.

And why is that? A moderator hiding a fact will not help ESET performing better. I saw the post yesterday , being removed / hidden today and I wanted to investigate myself. Yes, this is what is important. That's why I paid for an antivirus, to be protected when I am on-line, not when my PC is OFF!

AV Comparatives / March 2019 ESET 99.86% with only 1 FP 😀 Very good result, yet from all competitors, ESET got the last place.

If you want the ability to "selective allow" , using strict cleaning for everything else will seriously impair this ability . Aren't you interested to see what ESET blocked , maybe is a FP or maybe is a crack you are using it for something but ESET wants to delete . Giving a program discretionary power to delete things from your computer is a questionable choice.

I still believe that having "Threat sense" settings in 6-7 places is a non-sense. Show me ONE user who wants ,in certain situations, "strict cleaning" and, in some other situations, "no cleaning"

I'm am sorry, but I am not here to be "liked or disliked" by "the rest of you". I am an ESET user looking for answers. There is no conspiracy here: I while ago , I forgot my credentials and I created another user; later on I restored my PC from an Acronis image and I got the first credentials back. That's all.

"A sarcastic person has a superiority complex that can be cured only by the honesty of humility" Sometimes, there is no cure....😀

Now, if you mentioned that; isn't this the behavior of Windows firewall? ( allow all outbound network traffic)???? So, what is the benefit of using ESET firewall?

Typically , there are two kind of users; users who want ESET to make a decision for them (strictly cleaning) and users who want to make their own decision (no cleaning) Is hard to imagine a situation in which an user will want "strictly cleaning" in one profile but "no cleaning" in another... In addition , I had situations where a switch to "no cleaning" in all possible places only to have ESET cleaning a detection, because somewhere deep inside was another "Threathsense" set to "strictly cleaning" , which I couldn't find it browsing the menu in a logical way.

I agree with the OP. ESET has the most cumbersome interface from all anti malware solutions I ever used. The re is no logic to follow in order to advance in a menu; you have to click left , right , bottom corner , etc. The most puzzling is 'Threat sense parameter" for which you have to go in multiple places to choose the action. Is very unlikely an user would want threat sens on "strictly cleaning" in one section but "no cleaning" in another one....

Hilarious... what are you , five????

You know that the objects in a mirror are reversed....😀

Thank you!

How being an "expert" in firewalls will help me determine which exceptions to add in ESET NOD 32? TomFace (the "wiseman"!!!), I asked a simple question. If you know, please share the knowledge ; if not, I am not interested in any other comments...

A rules based firewall is never obsolete as long as is compatible with an OS ( is like saying that Notepad is obsolete) None of them, including the firewall from ESET, would add value or security to a computer: 1. all firewalls currently available can be easily bypassed by a child application connecting through a parent application (Example: app.exe is blocked but app.exe can connect through explorer.exe, which is allowed.) 1. none of them use FQDN , so is impossible to create rules for applications with dynamic addressing ( Example: "program" will update accessing www. program.com , which can take any IP values ) So, that's why I am using PC Tools

No, PC Tools Firewall Plus on a Win7 /64 PC.

You do not add "exclusions" only if the application is a type of "threat" . A typical example is Malwarebytes and another antivirus , where exceptions are required. Anyway, back to my question....