Hands

Who’s?

Interesting. I’m excited to see how HIPS V12 will perform once released.

My apologies, I’ll try not to compare products next time.

Hmmm, now I wonder how Kaspersky’s System Watcher performs so well.

This question is to anyone: How does the ransomware shield work? Is it a behavior monitoring component? I’m asking this because while this was implemented a while back, ESET still misses some ransomware samples.

Thanks for the suggestions. I’ve been trying to work with multiple AV vendors such as Kaspersky, ESET, Emsisoft, and ZoneAlarm by Checkpoint, by going to their forums and posting these suggestions. I’m just trying to suggest improvements to make these products better. That being said, I will follow your advice.

My point still stand though. I can source other videos where ESET fails to protect against ransomware. Beta or not, there are some improvements to be made. I’m not trying to bash ESET either, just trying to make a great AV product better.

Hmmmm

He’s right. Looks like my point still has something to back it up.

I understand your point. I will now close this topic, and keep monitoring ESET’s performance against malware. If I see that some improvements still need to be made, I will create a new, yet similar topic.

Video link: In this video, it shows ESET Endpoint security tested against a ransomware sample that ESET doesn’t have a signature for. ESET fails despite having the Anti-Ransomware shield activated. The reason I posted this on the Home topic, is because if Endpoint protection fails, then it doesn’t speak too highly about the Home products.

I understand now, but the reason I'm pointing this out is so ESET can be better equipped to deal with 0-day variants of this type of ransomware because signatures can't catch everything. Thank you for the information though, very useful.

Okay, I will be asking this question in the Sophos Community. Hopefully, I will get an answer back.

Well, maybe the specific module just monitors for malicious behavior directed towards the MBR. I’m just asking this because of this video I encountered where only the HIPS and Ransomware shield is being tested against various types of ransomware. ESET protects against all but Petya ransomware and lets it encrypt the Master Boot Record (MBR). I’m asking this so that the product can be improved and be better equiped to deal with this type of threat.

Let me be a bit more specific here: MBR encrypting ransomware like the infamous Petya variant encrypt the Master Boot Record (MBR) and gets the user to pay to unlock it. This method of ransomware encryption evades the usual tactic of just protecting/monitoring folders. Since this is a very important attack to protect against, I’m wondering if ESET has a specific module to protect against this type of attack. The image shows this type of protection module implemented in Sophos Home Premium.