Jump to content

illumination

Members
  • Posts

    24
  • Joined

  • Last visited

Posts posted by illumination

  1. Just came in this morning and broke the scanning and detection of connected home.. I uninstalled, restarted the device and reinstalled and it fixed it, but wanted to bring this to your attention, as there are those that will not think of this, and will be disappointed that it is not detecting their devices. 

     

    Other then, keep up the good work Eset, love the mobile version. 

  2. 26 minutes ago, User said:

    This problem still isn't fixed by ESET after more than 2 months.

     

    The author of Adsbypasser posted in the github forum that he won't fix this problem in the script, because it is a false positive from ESET:

    https://github.com/adsbypasser/adsbypasser/issues/1747

     

    On 9/14/2017 at 10:18 AM, Marcos said:

    The detection is from 2012. Please run ELC, also select "Quarantined files" and generate a zip archive. When done, upload it to a safe location and pm me a download link.

    One of you users will need to do as Marcos asked and generate a zip archive, upload it to a safe place and send it to him via PM so they can "confirm" if it is a false positive or not. 

  3. 14 minutes ago, John Alex said:

    I installed NOD 32 on all family members; when I visit, I take a look on whatever is in "Quarantine" ; if a file is both in Quarantine and on original location (at least a file with the same name) this can be very confusing.

    1. did ESET restore the file after a signature database?

    2.the file restored by itself?

    3.it is a recurring problem?

    I am quite sure this can be done better.

    If you are looking in quarantine and finding items, and then seeing the original files still intact on the system, those files have been disinfected. With Eset, i have yet to find a false positive, but one can usually tell if they find an entry in quarantine and the application it belongs to is now broken/corrupted, will not launch ect. The user can always upload the file to Virus Total to cross check its validity, or they may if they wish to pursue it further, upload it to an automated sandbox malware analysis site to analyze it further. Unless you find something broken on the system, it is safe to assume eset has done its job as intended and those entries in quarantine can be viewed as a log. If the file has been disinfected as stated above, the user can safely delete those entries in quarantine. 

  4. 1 hour ago, John Alex said:

    This is not the point!

    This is the point: 2 identical files, one "disinfected" in original location and one "infected" in Quarantine

    What they are trying to state here is, that when Eset disinfects/deletes the original file, it places a copy of the file in quarantine, so if the original file disinfected or deleted turns out to be a false positive, it can be restored from quarantine. Not only can it be restored from quarantine but the options are there to restore/restore and exclude from further scans/ and to delete it from quarantine. If the file is not a false positive the user can simply delete it from quarantine and move on. 

  5. 24 minutes ago, John Alex said:

    I never understand why HIPS is not coming with the rules preconfigured and give the user the opportunity to select or not a specific rule. 

    The above underlined, is exactly what "interactive mode" in hips is for, to allow the user to pick/define the rules. 

     

    As for the average users, most of them could care less about how their product works, and will not spend the time to learn it. This goes for all products. Most of them will not even attempt a manual scan, or update, they just want to use their computers with no inconvenience.  

    None of the top name AV's hit 100% with zero days, as they simply can not. New samples/modifications come out daily in large amounts, they need to be seen in the wild before the AV industry can get their hands on them, analyze them, and make the necessary signatures to push, this means they have hit systems/ or been discovered online before they are even known to exist. 

    Today, an AV is not enough, you need AV's/full suites with other modules and or anti exes, SRP "software Restriction Policy" applications, ect in order to combat this. It is totally up to the user of their systems to learn to use the products they have, and none of these products come preconfigured for max protection out of the box, they are all set basically at minimum protection levels for that above convenience of consumers. 

     

     The saying, you can not protect a user from themselves is quite relevant here.  

  6. To rely on signatures is a very serious mistake. None of the AV's on the market can keep up with zero days and signatures, submitting a few here and there on a daily basis helps, but it is barely scratching the surface when it comes to amount of new/modified files showing up daily. To be concerned if whether they are added the first day or 5th day they are in the wild and so forth, is a waste of energy. This is why most suites/AV's have extra modules. As pointed out earlier in this thread, if the HIPS is configured correctly, it will stop this file. Also most of us have removed and or stopped using Java some time ago and many of us supplement our suites with another security product "just in case", not to mention those of us with enough time in this field, realize that counting on security products period, thinking we are 100% safe, is the biggest mistake of it all, and rely more so on regular back ups and images to secure our content and be better prepared.

  7. The only way to narrow this down, as obviously Eset is not causing everyone's systems to be slow or this thread would be full, is to as stated above, send the requested logs so the Developers and support of Eset can look and establish the issue. This could be anything from a corrupt OS/ 3rd party software/left over files from a previous installation. One thing that stands out when users mention running Eset, is how light n fast it is, so to have this issue no matter version you are running, tells everyone, there is an underlying issue. 

  8. 47 minutes ago, cyberhash said:

    Changelog is always available if you go to the advanced download section for the product in question on ESET homepage.

    For this release

    • Fixed: Unable to change protection state using keyboard
    • Fixed: Unable to select Region during License Key registration
    • Fixed: “Anti-Theft has been successfully disabled” message appears after changing the device name
    • Fixed: Username and password data for Updater go missing after product activation
    • Fixed: Gamer Mode does not work in Manual mode
    • Fixed: Various localization issues
    • Fixed: Various internal bugs

     

    Thank you for the reply. I was wondering actually if there was a more transparent changelog available, such as what "various internal bugs" were fixed ect. 

  9. On ‎10‎/‎15‎/‎2017 at 12:52 PM, Arik said:

    1. Do you trust It?

    2. Do you trust the company ESET?

     

    1. I have put EIS through the ringer for months on end in a Virtual machine, do I trust it, Yes, Yes I do. 

    2. As of right now, still on the fence with this question, but time will tell. 

  10. 18 hours ago, itman said:

    Also one reason HIPS wildcard support for the retail vers. are desperately needed so a rule like C:\*\wscript.exe can be created. Also the HIPS needs to be checking the internal process name and not the directory name.

     

    As of now, I run Appguard combined with EIS just for this very reason. The vulnerable services are disabled by AG on my system via wildcards. It would be nice to not have to use multiple products to do this. 

     

  11. By my mentioning verifying samples as I suggested above a few times, providing hashes is one method. For these amateur "tests" the tester can use free tools such as PeStudio which will provide "File Indicators" among other information per sample as well which can be done in the video with a simple screen shot of each file, of course like the hashes, will take a little time if they are trying to push through 200 to 300 samples or better of clustered sample packs. Vendors not only need access to samples to verify, but samples missed need submitted to be analyzed and processed as well.  

     

    I guess if the company is ok with their user base being "Worried" about these "test" results, to the point of removing the product thinking it is defective due to these misguiding methods/tests, then there is no point in users like myself trying to point out that they are flawed beyond belief the way they are represented. I have nothing more to say in this thread then. 

  12. 20 minutes ago, itman said:

    One finally comment I am going to make.

    When testing with samples from malware packs, you are in essence testing the malware payload. Delivery of malware in testing is a critical factor. When an AV Lab such as A-V Comparatives performs its periodic realtime tests, it is using actual URLs where malware is present. It considers a detection to be anything that prevents the malware from executing on the test device. This means that if access to the URL is blocked, the dropper download is blocked,  or if the malware dropper execution used to deliver the malware payload is blocked, the AV solution passed the test. In other words, preventing the malware from being delivered to the target PC is actually more important than actually detecting any malicious activities from it.

    This is why I mentioned having an actual real email account to test emails from, and or leaving realtime enabled while downloading samples from various sites, as these methods are how malware are realistically introduced to the system and of course test products how they are actually designed to function. While I'm not a professional tester by any means myself, methods can be used to simulate realistic scenarios. Samples executed from the desktop, still have their place, at least as far as removal media is concerned. Testing statically is pointless with old samples. Using older, wider variety of samples to test Dynamically how ever is not, as then all modules have their chance to shine. Tests can be useful to gather a glimpse of the products abilities, but they certainly need samples vetted and scenarios adjusted to be more realistic. 

  13. 2 hours ago, Malware Blocker said:

    I have read all of your points & here is my reply:

    1) I was a member of MalwareTips & then a staff member tried to insult me via DM for asking him a question so I decided to leave. I was not banned, I was warned several times for posting videos in the wrong place on their forum, but there's a section there where you can advertise your videos (it's allowed on their forum). The last point here is completely false when did I discuss revenue with another Youtuber?

    2) That's great, but I swear on my life that none of those samples are from Virussign - if you don't believe me then fine, but I am telling the truth & you clearly are ignoring my statements because you dislike me. I haven't used any Virussign samples since starting this channel in 2016 - most of them are from Hybrid Analysis & Malshare for example.

    3) To be honest I really have no reason to continue doing Youtube when it all brings is unfair criticism from people like yourself - you are ignoring all my replies for some reason & not believing that anything I am saying is true. They don't misinform users anymore than AVTest or AVComparatives who shows AV products getting 100% in tests - which they are not capable of getting in the real world.

    4) I also like ESET & I don't understand where you got the idea that I dislike the product? It's in my top 5 Paid AVs list!

    1) I did not say you were banned, I said you left after being told you could not advertise there any more. Do you deny spamming the forum with profile statuses and post asking how to quickly build your youtube channel with followers? Do you deny asking the other youtubers how to get built up quickly, do you deny discussing with a staff member possibilities of making money from the channel that you learned of from another youtuber. Do keep in mind, I was a staff member there when all this took place. 

    2) Both Malshare and Hybrid analysis only provide single samples not sample packs of 300 or 400 or 1000. Are you telling me you take the time to individually download each sample and build those massive packs that way. I should mention Virussign comes in pre-packed sample packs. 

    3)So you believe pouring salt on an ax wound is better then trying to heal the issue? It is ok to misinform others because others are doing it? 

    4) I never once stated you did not like Eset, nor did I state you tried to make it look bad or any other statement you may try to use to justify, re-read the above messages again. 

    I am no longer a member of that forum myself, because I stood up to many that misinform users, it is wrong period. It is not a matter of liking you or not liking you, as I do not personally know you, but I know what your videos represent, and that, I do not like. 

     

    Now before this thread becomes a book of back and forth banter, if you wish to speak to me some more on this subject, you are welcome to personal message me. 

  14. 4 hours ago, TomFace said:

    Hello illumination and welcome to the forum. We are glad you are here.:)

     

    1 hour ago, jadinolf said:

    Welcome to the Forum, illumination.

    We are glad to have you aboard.

    I'm sure you will enjoy your stay.:)

    Thank you for the warm welcome. I am glad to be here. 

  15. 2 hours ago, itman said:

    My favorite AV Lab is SE Labs in the U.K.. I state this because they go to lengths in their comparative tests to not only show the results but also the methods those results are based upon.

    For example in their latest consumer security product test for July/Aug/Sept 2017 which can be downloaded here: https://selabs.uk/en/reports/consumers , I am posting the extract of the scoring methodology used in determining protection effectiveness. Of note is that evaluation is not a simple "pass or fall" result employed by amateur security testers. Rather a number of factors need to be evaluated in determining a product's overall effectiveness against malware. BTW - Kaspersky edged out "by a hair" Eset for first place:
     

     

    This is one I have not looked into, but have book marked it and will look into it later tonight, thank you for sharing it. 

  16. Hello everyone, I am known as illumination through out the internet.

    I am a security enthusiast that has logged many hours in a VM testing malware/Betas over the last few years. I have for the most part slowed down doing so, generally testing for my own personal needs now. I have come to this forum as I want to keep up on changes/issues with Eset. After all my testing of different products, it has become my favorite security suite and one that now guards the entry to my Network and all my devices on a permanent basis. 

  17. 13 minutes ago, itman said:

    This discussion is also a great example to only rely on vetted AV Lab test results. They test with default product settings. Many use the AMTSO malware database for their samples ensuring a standardized and verified source. They include with the test results or reference the methodology used. Most AV Labs do not use VM's but stand alone test rigs. Etc., etc.. 

    Exactly, and even these professional testing centers have disclaimers to take their results with a grain of salt as they may or may not be exactly accurate. 

     

    Real world testing that includes the "mark of the web" ect is definitely a more accurate painting of the whole picture. 

    When testing for example, I have 3 email accounts, one for personal, one for product licensing and forums, and one strictly for spam collecting for testing. What happens when you open that email that has one link titled "Website" and an invitation to click it while running Eset, once clicked, Eset jumps into action and terminates the connection stopping that Trojan from ruining your day. 

    What happens when you leave the products realtime active and go to these malware sample sites to download the samples, do they even make it onto the desktop, probably not... 

     

    These youtube tests do nothing but misinform users, leaving them doubting their security they just paid for. They can actually endanger average users with misinformation. 

  18. 18 hours ago, Malware Blocker said:

    Several things:

    1) I am not concerned with Youtube traffic & I spend my time creating these videos to inform other people.

    2) Yes my methodology is flawed because I don't have the time nor resources to have fully realistic testing methodology.

    3) I don't use malware from Virussign so please don't spread the word that I do...I use samples from several sources including Hybrid Analysis, Malshare, VirusShare, etc.

    4) Next thing, no I don't rename files themselves, I download the samples individually or as ZIP files created by others & then change the file extensions usually from .bin to .exe.

    5) On top of all the other time spent creating a video you expect me to execute every sample? I don't have the time to do that, I am not unemployed & I do have other activities going on in my life.

    6) If I am downloading the samples individually I do upload them using the VirusTotal uploader to VirusTotal & check the first submission date for each sample. If I am using samples in packs provided by other people then I just have to trust that what they say is accurate as once again I don't have the time to check each .exe file.

    7) That's correct I don't take the time to "learn the product" because again I don't have that time. A key thing to note is that normal users don't necessarily take the time to learn the product either - lots of users install the product & leave it alone because they just want protection. That's why I do the tests on default settings.

    I agree with you that my methodology is flawed, if you think you can do better then feel free to join the Youtube community & start uploading tests yourself. I don't have the resources nor time to "test correctly" as in test with tremendous accuracy & I don't understand how you can expect someone like myself to have that much free time to spend.

    Finally, as a message to the moderator reading this - none of what I have written above is intended to be offensive or insulting towards anyone on this thread, I am simply trying to correct this person's comment because he appears to have just plucked random information out of thin air (eg. that I use VirusSign for samples).

    1) You used to be a member of a security forum, that you were spamming and asking how you could gain many followers quickly on youtube. You left said forum because you were stopped from advertising. You connected with other youtube members and were discussing revenue from youtube. 

    2) I do test security products and have for a very long time, I use multiple resources to do so, and recognize those packs from Virussign you have been using, as I have used some myself, and from doing so, I know they are not fresh samples, just a wider variety of, which is why I use them sometimes myself personally, you may be lucky and find 8 to 9 fresher samples in one of those packs. I do not upload to youtube as my testing is for personal use only. 

    3) Please explain if you do not have the time to vet samples correctly and or learn products correctly or take time to refine your methodolgy, why you even test in the first place if it is not for youtube traffic. As all your tests do, being performed this way, is grossly misinform users. 

    4) Before you spam this thread with 5 more consecutive posts, please take the time to re-read these first 3 points, and let them sink in a little. Eset is a great product, and why I have joined here in this forum after a couple years use and testing of it. I am here to support them. 

  19. 7 hours ago, TomFace said:

    I do not see a selection choice to "run as administrator" when setting up my scheduled scan. Where is it pray tell?

    In previous versions (up to 11) I do not believe there was a choice to "run as administrator" when setting up a scheduled in-depth scan....it just checked all the files automatically. It's was that way for years/many versions.

    That is a good question, as I do not ever use scheduled scans, but run on demand scans when my system has down time to do so. Upon looking, I see no option to do so.

  20. I would not take this tester above seriously in any way shape or form. He is concerned with YouTube traffic and not testing correctly. First I should mention, he likes to claim the use of zero days, anyone with any experience testing will know instantly, that these samples are far from this. They are collected from Virussign in sample packs, file extension renamed, and normally he renames the files themselves. He does not vet the samples for working/broken or legitimacy nor does he vet the samples for age and detection. He does not take the time to learn the product, how it functions and works as designed. As Marcos pointed out and is quite correct, his methodology is beyond flawed. 

     

×
×
  • Create New...