Jump to content

0xDEADBEEF

Most Valued Members
  • Content Count

    294
  • Joined

  • Last visited

  • Days Won

    3

0xDEADBEEF last won the day on June 5

0xDEADBEEF had the most liked content!

2 Followers

Profile Information

  • Location
    USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yes, as I said, HIPS is the foundation of Ransomware Shield. In general, you can view the ransomware shield as HIPS + a complex rule set made by ESET that is not visible to end users. And that's why it is a behavioral-based defense layer.
  2. In most cases it should be ok. But as the forum rules said: https://forum.eset.com/topic/76-rules-of-the-eset-security-forum/ I just don't want to touch any topics that fall inside the grey zone
  3. I think Marcos was referring solely to the HIPS module (by default the auto mode indeed doesn't block most behaviors, but it is serving as a foundation for other protection layers like memory scanner and ransomware shield). Ransomware shield is different. It is a behavior-based defense layer. It is more complicated than writing custom rules in the HIPS rule table because so far there is no simple rule in the world that can block ransomware with the guarantee of low FPs. I can say this for sure because I've tested the ransomware shield using my own code.
  4. Kaspersky indeed has some decent behavioral defense mechanisms, but it is not without its issues. I tend not to compare products in this forum so I will stop here 🙂 Generally there are always trade offs
  5. yes it is a behavior monitoring component (potentially combined with cloud reputation and other methods). The thing to keep in mind is that it is hard to distinguish malicious file modification behaviors versus legitimate ones. So to balance the detection rate and false positives, there will be weaknesses of such protection layer. And that's why multi-layer protection is important.
  6. I'd like to participate in the early access program 😁
×