Jump to content

0xDEADBEEF

Most Valued Members
  • Content Count

    321
  • Joined

  • Days Won

    3

0xDEADBEEF last won the day on June 5 2018

0xDEADBEEF had the most liked content!

2 Followers

Profile Information

  • Location
    USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. The only reason I was mentioning this is because web protection has more sensitive heuristics than on-demand scan or realtime scan, as Marcos has stated in this thread. This means though the realtime scan or AMS will anyway catch the malware if the file is extracted to disk or memory, it might missed the more sensitive heuristic in the web protection layer, if my understanding is correct. As for how much more sensitive the web protection is compared to normal scanner, I've no idea
  2. Agree with the VPN part. the only reason I am asking is because of the more sensitive download heuristic ESET has in the web protection. For differentiating encrypted archive, common file format should be handled (ESET scan log will show such detail)
  3. It depends on where ESET intercepts the traffic. Essentially when the file is landed on the disk, it is not encrypted, so ESET will have a chance to inspect it using more aggressive heuristic. However I guess so far because this is handled by realtime monitoring and it doesn't scan archives by default, such more sensitive detection won't be activated. The way ESET scans SSL traffic seems to be different from some other vendors (e.g. bitdefender). ESET will install its own CA to intercept the traffic (thus the https website in the browser shows ESET CA). I am not sure at this level will ESET be able to inspect the traffic. I guess it should because the data received is likely to be decrypted by VPN first and then decrypted by HTTPS, so inspecting at HTTPS will not be affected. Also I've heard other people saying ESET won't inspect archives downloaded by IDM or other download software.
  4. Wondering if you have confirmed my observation. If so, is there a plan to fix it? (along with VPN plugin issue)
  5. if this is the case, it seems to be a security vulnerability that can bypass the web protection heuristics.
  6. For this kind of detection, will it be shown as some specific malware name? or it will just redirect the browser to the ESET warning page? BTW, I am not a web dev pro, but I suspect the reason why ESET cannot detect firefox send is due to its HTML5-based download system (similar to mega.co.nz). I did the same test on mega.co.nz and ESET cannot detect it as expected.
  7. does this mean web protection may detect something that on-demand scan cannot detect?
  8. After some more tests, I feel like this is website dependent. For the same archive that contains malware, downloading from dropbox is fine (ESET detects it), but downloading from firefox send doesn't work. My test results (On windows 10 1903 Edge + EES 7.1.2045) Dropbox Firefox Send Eicar zip: detected detected (after some delay) malware zip: detected not detected I've sent u the zip I used to test this through private msg BTW, VPN plugin also affect this. For example my main browser is Chrome + surfshark VPN plugin. When the VPN plugin is enabled, the zip won't be detected. Disabling the plugin will have ESET detect it. I don't know if this is considered a bug... The test I had on Edge is orthogonal to this though, it is a barebone Edge browser with no plugin
  9. Does ESET web protection/realtime scan malware inside an archive (e.g. zip)? The reason I am asking this is because in most cases the zip containing malware (no password) I downloaded doesn't trigger any detection from ESET until I unzip it. These archives are small (<512KB). However, for the eicar test zip file ESET will detect it immediately. This is a bit confusing. I tried both on Edge and Chrome, and the results are the same.
×
×
  • Create New...