[Ransomware Protection Improvements]

3 minutes ago, galaxy said:

Your posts are boring and make no sense

Who’s?

[Ransomware Protection Improvements]

5 minutes ago, itman said:

Eset's API monitoring in ver. 12; part of which appears to be already implemented in 11.2.63, will put it on par with Kaspersky's System Watcher feature. I have see enough detections by Eset's advanced memory scanner(AMS) to state it is better than anything Kaspersky has.

Also as previously commented upon, System Watcher is known for problematic behavior.

Interesting. I’m excited to see how HIPS V12 will perform once released.

[Ransomware Protection Improvements]

22 minutes ago, 0xDEADBEEF said:

Kaspersky indeed has some decent behavioral defense mechanisms, but it is not without its issues. I tend not to compare products in this forum so I will stop here ? Generally there are always trade offs

My apologies, I’ll try not to compare products next time.

[Ransomware Protection Improvements]

7 minutes ago, 0xDEADBEEF said:

yes it is a behavior monitoring component (potentially combined with cloud reputation and other methods).

The thing to keep in mind is that it is hard to distinguish malicious file modification behaviors versus legitimate ones. So to balance the detection rate and false positives, there will be weaknesses of such protection layer. And that's why multi-layer protection is important. 

Hmmm, now I wonder how Kaspersky’s System Watcher performs so well.

[Ransomware Protection Improvements]

This question is to anyone: How does the ransomware shield work? Is it a behavior monitoring component? I’m asking this because while this was implemented a while back, ESET still misses some ransomware samples.

[Ransomware Protection Improvements]

Thanks for the suggestions. I’ve been trying to work with multiple AV vendors such as Kaspersky, ESET, Emsisoft, and ZoneAlarm by Checkpoint, by going to their forums and posting these suggestions. I’m just trying to suggest improvements to make these products better. That being said, I will follow your advice.

[Ransomware Protection Improvements]

1 minute ago, TomFace said:

Hmmm is right.

My point still stand though. I can source other videos where ESET fails to protect against ransomware. Beta or not, there are some improvements to be made. I’m not trying to bash ESET either, just trying to make a great AV product better.

[Ransomware Protection Improvements]

2 minutes ago, TomFace said:

novice is just a troll. Keep that in mind.

Hmmmm

[Ransomware Protection Improvements]

3 minutes ago, novice said:

Yet, MSE (free) detected the malware as Trojan: Win32/Tiggre!plock

There is a certain limit of decency up to which you can blindly defend ESET. 

He’s right. Looks like my point still has something to back it up.

[Ransomware Protection Improvements]

I understand your point. I will now close this topic, and keep monitoring ESET’s performance against malware. If I see that some improvements still need to be made, I will create a new, yet similar topic.

[Ransomware Protection Improvements]

Video link: 

In this video, it shows ESET Endpoint security tested against a ransomware sample that ESET doesn’t have a signature for. ESET fails despite having the Anti-Ransomware shield activated. The reason I posted this on the Home topic, is because if Endpoint protection fails, then it doesn’t speak too highly about the Home products.

 

[ESET Features]

I understand now, but the reason I'm pointing this out is so ESET can be better equipped to deal with 0-day variants of this type of ransomware because signatures can't catch everything. Thank you for the information though, very useful.

[ESET Features]

Okay, I will be asking this question in the Sophos Community. Hopefully, I will get an answer back.

[ESET Features]

Well, maybe the specific module just monitors for malicious behavior directed towards the MBR. I’m just asking this because of this video I encountered where only the HIPS and Ransomware shield is being tested against various types of ransomware. ESET protects against all but Petya ransomware and lets it encrypt the Master Boot Record (MBR). I’m asking this so that the product can be improved and be better equiped to deal with this type of threat. 

 

[ESET Features]

Let me be a bit more specific here: MBR encrypting ransomware like the infamous Petya variant encrypt the Master Boot Record (MBR) and gets the user to pay to unlock it. This method of ransomware encryption evades the usual tactic of just protecting/monitoring folders. Since this is a very important attack to protect against, I’m wondering if ESET has a specific module to protect against this type of attack. The image shows this type of protection module implemented in Sophos Home Premium.

[ESET Features]

I’m not sure where to post this, but I am here to ask about ESET features. Does ESET have MBR protection the way Sophos Home Premium does?