Jump to content

ECELeader

Members
  • Content Count

    24
  • Joined

  • Last visited


Kudos

  1. Upvote
    ECELeader gave kudos to Marcos in Anti-phising and ssl/tls filtering not working in Firefox Developer Edition   
    I have no problem here:

    If you check information about the certificate used on this forum, do you see ESET there?

     
    As for SSL filtering, it is important to keep it enabled since more and more malware is downloaded via https and the number of malicious websites utilizing SSL is growing as well. Also the fact that browsers are starting to report http connections as unsecure, bad guys have a good motivation to move to https as well.
    By coincidence last week I attended a presentation by an ethical hacker who attempted to attack a machine utilizing Meterpreter. He failed once thanks to SSL filtering employed by ESET. When he managed to bypass it, the payload was detected and blocked upon injection by Advanced Memory Scanner.
  2. Upvote
    ECELeader gave kudos to peteyt in Ransomware   
    Yeah I'd go for this and have it disabled by default.
    I get the whole thing about false positives and it is a risky balance but really the users eset wants to protect should hardly ever need to go into the advanced option. These users would probably just install eset with standard defaults.
    The thing is a lot of users like choice and I'd worry eset would put some more advanced users off by not having these options. 
    Hips for example can be dangerous in the wrong hands but it's an option and generally standard users will not enable because of the risks so things like the thing above should work as only those knowing the risks should enable them
  3. Upvote
    ECELeader gave kudos to wraith in Ransomware   
    Ok that sounds reasonable. But ESET can surely implement the idea of protected folders. Let it be disabled by default. Advanced users who want that can enable that but at least provide it as an option.
  4. Upvote
    ECELeader gave kudos to wraith in Ransomware   
    Imho ESET should add some advanced features like itman suggested. Keep them switched off by default so that only advanced users can enable them. I agree with the LiveGrid implementation part. Allow all safe processes(green), monitor the activities of non-popular(yellow) and alert upon suspicious behaviour and block for unsafe processes(red). If that sounds too much, implement a protected folders feature like defender, trend micro, BitDefender, avast so that files in those folders can only be accessed by safe applications and will be prompted if accessed by unknown applications.
  5. Upvote
    ECELeader gave kudos to Marcos in Ransomware   
    The sample was internally evaluated as suspicious by the ransomware detection mechanisms, however, another antiFP mechanism came into play. We'll loose the conditions a bit and improve proactive detection of this kind of ransowmare as well.
    @wraith, please collect logs with ESET Log Collector from the machine where you tested the sample and provide me with the generated archive. It looks like we didn't get it via the LiveGrid feedback system and couldn't react to it earlier.
  6. Upvote
    ECELeader gave kudos to wraith in Ransomware   
    if only ESET displayed this warning for each and every unsigned file that tries to encrypt files.
  7. Upvote
    ECELeader gave kudos to itman in Ransomware   
    One final comment in regards to Live Grid's performance in this incident.
    Refer back in this thread to the posted Live Grid screen shot showing ransom.exe running. Note the red color. What does that mean? Per Eset online v12 help:
    Hum ........ It certainly appears Eset's front-end heuristic scanning did its job.
    So why can't Eset offer an option to be alerted to "risky" processes pre-execution? It most certainly appears to be the correct and logical action to take. For me, I can only conclude the following:
    1. Eset has such little faith in Live Grid's reputational analysis that it doesn't trust it for user alert purposes. In this case, get rid of the feature and just perform any submission activities in the background.
    2. Eset's avoidance of a false positive detection has reached the level that it is jeopardizing overall system security.
  8. Upvote
    ECELeader gave kudos to itman in Are You Still Not Convinced RDP Is A Major Vulnerability?   
    Kaspersky just released their 2018 Malware Incident Report today. Most notable is the following:
    https://securelist.com/incident-response-analytics-report-2018/92732/
    Also:
    https://www.infosecurity-magazine.com/news/the-great-big-ransomware-revival/
  9. Upvote
    ECELeader gave kudos to wraith in Controlled Folder feature   
    Anyways it seems pointless to discuss this since the mods will not implement it because according to them it's basically useless. I can also say that ESET can implement a smart firewall like Norton where the firewall will block known malicious applications from making outbound connections, allow safe apps to connect and ask for unknown apps when they try to connect to the internet. But again the same answer will come up that this will lead to false positives and inconvenience for some users. Again I can say that this smart feature can be disabled by default but will be enabled by advanced users but again I will be replied that ESET interactive mode will do the job. Basically this goes on in a loop and so I quit giving suggestions to improve ESET. 
  10. Upvote
    ECELeader gave kudos to Marcos in Correct name for North Macedonia   
    Thanks for the heads-up, noted.
  11. Upvote
    ECELeader received kudos from ProTruckDriver in What License Do I Buy?   
    Please note that multi-device-security will not activate a Smart Security Premium license but an Internet Security one. That means that you won't be able to use the Password Manager and Secure data encryption features.
  12. Upvote
    ECELeader gave kudos to AGH1965 in Future changes to ESET Internet Security and ESET Smart Security Premium   
    It is very simple. Use SetThreadExecutionState. See: link to Microsoft Windows Dev Center.
  13. Upvote
    ECELeader gave kudos to JoMos in Future changes to ESET Internet Security and ESET Smart Security Premium   
    Another nice feature for the firewall component that would help a lot with maintaining the firewall rules:
    Description: Firewall rules cleanup of unnecessary / invalid entries
    Detail: I've set my firewall filter setting to interactive mode, meaning that I can define for every program what the firewall should do. Over the time, you have entries in the firewall rule set about programs that are not existing on the computer anymore. A button for an automatic cleanup of those rules (delete all firewall rules that are pointing to applications that don't exist on the computer anymore) would make it easier to keep the firewall rule list tidy and it also benefits the administration of the rule set.
×
×
  • Create New...