Jump to content

SeriousHoax

Members
  • Content Count

    45
  • Joined

  • Last visited

Profile Information

  • Location
    Bangladesh

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. It's better to avoid SSL filtering. I keep it turned off. Anyway, wait for a reply from someone who knows about this issue.
  2. But via email, I just uploaded the samples and didn't provide any additional analysis and they respond quickly anyway.
  3. One thing I noticed that, if a sample is submitted to ESET via email, they response fast. Few days ago they replied with a verdict of the malwares within 25 minutes and another time within 13 minutes. Both time sent them 3 samples. The response time may vary depending on the work load and time of the day but certainly a better procedure than sending via the product.
  4. Interesting. I don't know what XOR is but maybe Windows Defender's Advanced ransomware protection can block this? Any idea?
  5. Yes. WD doesn't have a signature locally but is detected by their cloud signature. ESET & Kaspersky doesn't have signatures and their ransomware protection module fails to stop the threat as well. Bitdefender and AVG has signatures but their Behavior blocker fails to block encryption. The ransomware probably doing something differently that's why able to bypass every AVs behavior blocker/ransomware protection module. Bitdefender's can block encryption of files made by this ransomware in the protected folders. Another example why ESET should have it too.
  6. It's a relatively new ransomware named: GoRansom POC Ransomware ESET doesn't have a signature for it yet. On execution it failed to detect encryption made by the ransomware. On a side note: Kaspersky which is very well known to protect against ransomware failed to stop this ransomware as well. So, seems like a serious one. My reason of posting is not to blame ESET but want to know what's so special about this ransomware that other reputable AVs ransomware protection module is failing as well. Hopefully ESET will analyze and protect users from similar ransomwares in the future. A link of the ESET test: https://malwaretips.com/threads/goransom-poc-ransomware-20-09-2019.95105/post-835332 The sample has already been sent to ESET. I can share the sample here if you want. This is the sha-256 file hash: 83b3dc0ce9250636c0a19335e7991e90646e46b2e0fc376c0d3fa1abf013104d
  7. If you're in a hurry you can download this. I uploaded this from my pc. If you have any doubt about the authenticity of the file, then after downloading check the file on virustotal and also check the digital signatures. Sha-1 hash of the file: 74A946136D9F040E7A368BFA46ED81581EC1A9F1 This is a one time only downloadable link: https://send.firefox.com/download/cbfcdc63a6c5ad9a/#ZhkV5ctf8D3sgzZl5Ogtzw
  8. Yes, you are right. ESET is always around the 98% mark. A test before this one they scored 98.4% which was lower than every other (Except Total Defense). So, everyone else doing better. I'm pretty sure too that it's not related to PUA. Eset is pretty good at detecting those. The report of the February-May 2019 test was more detailed. It showed Eset failed to detect 12 threats out of 752 but didn't mention what type of threats those were: https://www.av-comparatives.org/tests/real-world-protection-test-february-may-2019/ Also, check the report of the February-May test. They categorized by prevalence of the false positive from Very low, low, medium and high and most of the WD false positives were on the group of very low and low. So, rarely an average user would face false positive issue. Maybe most of those detected false positive samples were blocked by SmartScreen. SmartScreen is mostly reputation based so it's a possibility.
  9. Everything can be done via this tool. One tool for everything related to Windows Defender: https://github.com/AndyFul/ConfigureDefender
  10. Here's the latest AV-Comparatives Real-World Protection Test Jul-Aug 2019: https://www.av-comparatives.org/tests/real-world-protection-test-jul-aug-2019-factsheet/ Comparison chart: https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart2&chart_year=2019&chart_month=Jul-Aug&chart_sort=1&chart_zoom=2 ESET blocked 98.3% with 1 False positive. While 98.3% is not a bad result but ESET finished last in this test and likes of McAfee, Tencent finishing ahead of ESET is what bothering me the most. Did you get a detailed result of the types of malwares ESET missed in this test? Were ESET able to detect them after executing or the execution is done in this test too?
  11. I see. In my PC WD often randomly uses high CPU. Didn't face any performance issue though, even while gaming but ESET is definitely lighter. Anyway, keep testing them together and let us know how things go.
  12. I have this rules active on ESET HIPS as well. Very useful. I have enabled some SRP which covers almost all of these but it's nice that ESET has such options.
  13. Do you not feel any slowdown with two of them together? WD is a lot heavier than ESET. I always use ESET with Voodoshield free version. A great companion.
×
×
  • Create New...