Pankaj
Members-
Posts
20 -
Joined
-
Last visited
About Pankaj
-
Rank
Newbie
Profile Information
-
Location
India
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
As I have said multiple times before, no AV is or can be 100%. And I am not looking for one either. Why does it matter if the malware is received via USB or e-mail? The scenario that I gave earlier was an example and not exhaustive use case scenario. If it is not in the signature, the malware WILL most probably NOT be detected (unless there is some kind of behavioural detection or a cautious USER is driving the system using the Interactive HIPS). And if the ransomware/zero day threat is using some kind of brand new behaviour then even the behavioural blocker will not be able to protect. Eventually its the USER who can take the most reasonable action in this case and therefore the USER must be given more control of his system (in this case HIPS and Firewall) if he so chooses.
-
That is so very true that NO AV is 100%. That is the reason why I don't just believe any AV testing lab when they say that a particular AV product scored 100% in zero day samples. Regarding the replicator farm, that is really exciting and I am pretty sure that ESET will do what ever is required to BEST protect its users. As far as the new samples of various filecoders that you mentioned are concerned, that is what I always have loved about ESET. ESET is one of the quickest to add signatures for brand new malware. And Marcos, when I said that ransomware protection is weak, I never said that it is weak compared to some other AV suite. None of the AV suites can proactively deflect each and every ransomware or zero day attack. Having one of the best signatures is not the only way to prevent a successful ransomware attack in my opinion. That is the reason I don't like highly automated AV suites and why ESET (being so configurable as far as HIPS and Firewall are concerned) is more prepared to offer better protection against ZERO day threats by creating more HIPS generated hurdles for such threats thus giving the end user more chance to realise the threat.
-
I am in no way an expert on these things but I do know that modern malware may or may not be sandbox or VM aware. So if a malware is aware of a virtualised environment then how would it alter its behaviour? Would it try to evade detection by not showing any malicious behaviour? If that is the case then it should not do any harm to the virtual machine and therefore not be detected by the AV. But that is not what is observed in the videos whereby the malware not only encrypts the data but is also not detected by the AV. Let's assume that the ransomware in the 2nd video was delivered via a USB drive and copied over to the host machine after the USB 's contents were scanned with ESET. If the user then intentionally or unintentionally executed this file and since this sample is not in the signatures (and a normal user is using the 'automatic' or 'smart' mode for the HIPS and firewall), what do you think would have happened? An advanced user could have been using the HIPS in interactive mode and if he was observant enough could (maybe) detect the suspicious behaviour of the malware and block it. But an average user would have had the same fate as that AMATEUR youtube tester. With no disrespect for these reputed AV-testing labs who most certainly know what and how to do their thing, these youtube videos can't be just ignored like that. Many of them are trying to do these tests to help the AV companies make their products better. Just because they don't have the resources like the av-testing labs their effort should not be disregarded. Also some of the AV COMPANIES do respond to these videos and co-ordinate with these testers so as to VERIFY these results and fix the issues in their products.
-
What do you think about these videos from youtube: 1.) 2.) In link No. 2, please have a look at 10:00 min. where he gets hit by a ransomware. I know that no one would be clicking away at links blindly like that but just adding additional HIPS rules will definitely make it difficult for such things to happen. I mean we can add HIPS rule to protect files in select Folders and make it more secure but what if a ransomware was trying to attack only a given file type. Using a Wildcard (*.jpg etc) might be helpful for example. And I believe that the true power of ESET HIPS is its Interactive or Policy driven modes. Automatic mode is a little bit too permissive in my opinion.
-
I in no way doubt that ESET is more than capable of attaining these results. But also have a look at these results: https://www.mrg-effitas.com/wp-content/uploads/2016/11/MRG-Effitas-360-Assessment-Q3-2016.pdf and there are many "see for yourself" tests done on youtube that show the weakness of many AV suites (including ESET) against zero-day threats including ransomware. Kindly note that I do not doubt the efficacy of ESET Live Grid. But nothing is perfect.
-
As much as I respect ESET Windows products (version 10 being the best), I would like to say that NO product is actually bullet proof against true zero day threats. Regarding those Testing organisations, we can not just blindly trust those results, the same way we cannot just blindly agree that RanSim can never be a real case scenario. All those tests are done in labs behind closed doors and we can only take there word for it. I am not saying that these Testing organisations cannot be trusted, far from it. But I do want to say that having some kind of backup defence if the AV suite is not totally ready for a zero day threat cannot be taken lightly. There are many youtube channels and videos where Internet Security 10 just fails badly against certain new variants of ransomware while it also manages a completely awesome performance against some other new/zero day threats in some other videos. Let me be clear, I love ESET products specially windows versions. I love it so much that after trying ALMOST all of the other AV suites I always come back to ESET because of how customisable its HIPS are and the way I can tweak it to my liking. But I want to help improve it even further, therefore its annoying when some features which have been requested for so long just don't come to fruition.
-
Hi, No progress on this matter so far. Is this feature ever going to come out in Internet Security or Smart Security? Have been waiting for a long time for this feature. Considering how weak the Ransomware protection is and looking at the rate at which ransomware are coming out, creating HIPS rules to protect certain file types is the only line of Defence until they are included in the signatures. This should be one of the "at the top of the list" features for ESET Windows consumer based products and should be implemented as soon as possible. Thanks.
-
Hi, I have read the various ESET knowledge base articles regarding preventing data encryption by Filecoders and have made various HIPS rules to that effect. And instead of blocking I made it "to ask" to make it more practical for Home use. This is where I was genuinely impressed with Internet Security 10. The power that you get with custom HIPS rules is just unbelievable. I agree with Marcos on this one. RanSim is a legitimate program and runs the encryption inside a simulation, therefore it should not be detected as a threat by any AV. If an AV catches it as a threat then that AV is just doing something specific to that program just to pass that test. Any AV can create test specific rules/settings in their software to pass that test but that would not mean that they would pass all kinds of that test. For example an AV that can pass the AMTSO phishing test will not necessarily block all phishing attempts. Even worse that AV may only pass just that AMTSO test but could fail badly in real world phishing cases. All in all a it is important that the behaviour patterns of all known Ransomware is monitored and caught by an AV and not passing a test which may or may not a real world scenario.
-
Hi, Can someone from ESET kindly comment on when can we expect a brand new v7.0 (with new features similar to Smart Security) and not just another 6.x upgrade with minor bug fixes? Cyber Security from ESET is really lagging behind right now compared to not only other AV suites but also its own Smart Security suite. Thanks.
-
No IMAPS or POP3S scanning ESET for Mac??
Pankaj replied to bld's topic in ESET Cyber Security (for Mac)
Hi, I don't know how difficult it is to implement, but I am pretty sure that ESET does not care about the OSX version of their AV. It exists just so that they can say that they have a Mac version as well. Cyber security has been on version 6 for I don't know how long and will be there for I dont know how long. No new features will be added to it as far as I can tell looking at the track record of Cyber Security Pro. When was the last time any one from ESET commented on the ongoing or future plans/development of cyber security/pro. Cyber Security is like a shadow/afterthought of Smart Security/Internet security. -
Cyber Security Freezes MAC @ Startup
Pankaj replied to NRMC's topic in ESET Cyber Security (for Mac)
I have the exact same issue. At first I thought I did something wrong somewhere, so I reinstalled everything including the OS from scratch. Guess what...the same thing happened again. I have macOS 10.12.2 and Cyber security pro 6.3.70.1. ESET Cyber security is full of bugs and issues. And not only in this version all of them. It seems they are just trying to fix a broken piece of software with new versions every year. Mac version is still on version 6 while the Windows version is on 10....you get my point. -
Hi, I have Cyber Security Pro and my MacBook is pretty much unusable because of it. I have the latest version v6.3.70.1 and as soon as cyber security pro fires up upon startup of macOS 10.12.2, everything goes into a loop. it seems the startup of all other apps is pretty much stopped by ESET which itself stops working as well. I could not even uninstall it so I had to reinstall the whole OS. This is really bad quality control from ESET's side. And it is not the first time it has happened as well. In previous versions issues like no or slow internet (all of a sudden without any reason) and system instability. Every time I had to uninstall ESET and wait for the next version to be usable. I had heard good things about ESET but I think those good things are only applicable to the Windows version.
-
No IMAPS or POP3S scanning ESET for Mac??
Pankaj replied to bld's topic in ESET Cyber Security (for Mac)
So after 3 years since the addition of the feature request for scanning of HTTPs, POPs and IMAPs, Cyber Security / Pro still does not have it. Look at all the other Security suites for Mac and the features they support compared to ESET Cyber Security / Pro. I don't even expect to see this feature being implemented any time in the future. ESET just drop this product all together if you feel it does not deserve what the Windows version gets every year. The only reason I bought the Multi-Device subscription was that I expected the Mac version to be on par with the Windows version (which is awesome by the way) in most of the features and GUI, which obviously it is not.