ECELeader gave kudos to Marcos in Anti-phising and ssl/tls filtering not working in Firefox Developer Edition
I have no problem here:
If you check information about the certificate used on this forum, do you see ESET there?
As for SSL filtering, it is important to keep it enabled since more and more malware is downloaded via https and the number of malicious websites utilizing SSL is growing as well. Also the fact that browsers are starting to report http connections as unsecure, bad guys have a good motivation to move to https as well.
By coincidence last week I attended a presentation by an ethical hacker who attempted to attack a machine utilizing Meterpreter. He failed once thanks to SSL filtering employed by ESET. When he managed to bypass it, the payload was detected and blocked upon injection by Advanced Memory Scanner.
ECELeader gave kudos to peteyt in Ransomware
Yeah I'd go for this and have it disabled by default.
I get the whole thing about false positives and it is a risky balance but really the users eset wants to protect should hardly ever need to go into the advanced option. These users would probably just install eset with standard defaults.
The thing is a lot of users like choice and I'd worry eset would put some more advanced users off by not having these options.
Hips for example can be dangerous in the wrong hands but it's an option and generally standard users will not enable because of the risks so things like the thing above should work as only those knowing the risks should enable them
ECELeader gave kudos to wraith in Ransomware
Imho ESET should add some advanced features like itman suggested. Keep them switched off by default so that only advanced users can enable them. I agree with the LiveGrid implementation part. Allow all safe processes(green), monitor the activities of non-popular(yellow) and alert upon suspicious behaviour and block for unsafe processes(red). If that sounds too much, implement a protected folders feature like defender, trend micro, BitDefender, avast so that files in those folders can only be accessed by safe applications and will be prompted if accessed by unknown applications.
ECELeader gave kudos to Marcos in Ransomware
The sample was internally evaluated as suspicious by the ransomware detection mechanisms, however, another antiFP mechanism came into play. We'll loose the conditions a bit and improve proactive detection of this kind of ransowmare as well.
@wraith, please collect logs with ESET Log Collector from the machine where you tested the sample and provide me with the generated archive. It looks like we didn't get it via the LiveGrid feedback system and couldn't react to it earlier.
ECELeader gave kudos to itman in Ransomware
One final comment in regards to Live Grid's performance in this incident.
Refer back in this thread to the posted Live Grid screen shot showing ransom.exe running. Note the red color. What does that mean? Per Eset online v12 help:
Hum ........ It certainly appears Eset's front-end heuristic scanning did its job.
So why can't Eset offer an option to be alerted to "risky" processes pre-execution? It most certainly appears to be the correct and logical action to take. For me, I can only conclude the following:
1. Eset has such little faith in Live Grid's reputational analysis that it doesn't trust it for user alert purposes. In this case, get rid of the feature and just perform any submission activities in the background.
2. Eset's avoidance of a false positive detection has reached the level that it is jeopardizing overall system security.
ECELeader gave kudos to itman in Are You Still Not Convinced RDP Is A Major Vulnerability?
Kaspersky just released their 2018 Malware Incident Report today. Most notable is the following:
ECELeader gave kudos to wraith in Controlled Folder feature
Anyways it seems pointless to discuss this since the mods will not implement it because according to them it's basically useless. I can also say that ESET can implement a smart firewall like Norton where the firewall will block known malicious applications from making outbound connections, allow safe apps to connect and ask for unknown apps when they try to connect to the internet. But again the same answer will come up that this will lead to false positives and inconvenience for some users. Again I can say that this smart feature can be disabled by default but will be enabled by advanced users but again I will be replied that ESET interactive mode will do the job. Basically this goes on in a loop and so I quit giving suggestions to improve ESET.
ECELeader gave kudos to AGH1965 in Future changes to ESET Internet Security and ESET Smart Security Premium
It is very simple. Use SetThreadExecutionState. See: link to Microsoft Windows Dev Center.
ECELeader gave kudos to JoMos in Future changes to ESET Internet Security and ESET Smart Security Premium
Another nice feature for the firewall component that would help a lot with maintaining the firewall rules:
Description: Firewall rules cleanup of unnecessary / invalid entries
Detail: I've set my firewall filter setting to interactive mode, meaning that I can define for every program what the firewall should do. Over the time, you have entries in the firewall rule set about programs that are not existing on the computer anymore. A button for an automatic cleanup of those rules (delete all firewall rules that are pointing to applications that don't exist on the computer anymore) would make it easier to keep the firewall rule list tidy and it also benefits the administration of the rule set.