Jump to content

SeriousHoax

Members
  • Content Count

    66
  • Joined

  • Last visited

  • Days Won

    2

SeriousHoax last won the day on November 30 2019

SeriousHoax had the most liked content!

Profile Information

  • Location
    Bangladesh

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. @Marcos Hello, off topic: Before it was possible to see all the sigantures added to each updates from here: https://www.virusradar.com/en/update/info/ But it's been a while it's not there anymore. Is this a permanent change? Is it available anywhere else?
  2. I know about the HIPS rules blocking script execution, etc and have set it on mine. Those are post execution rule and I even have better pre execution blocking rules set with the help of Hard_Configurator but anyway these are not for average users. I wouldn't say WD is better but it's enough for almost every home users and can be made better by enabling extra features but ESET has a lot more features and definitely the lightest. ESET has everything but a behavior blocker that's why it struggles against unknown malware and specially against ransomwares. Good to see it was detected in Windows 10 with the help of AMSI so maybe WD would detect it too? I don't know. After the integration of Augur into the product I hoped to see it in action in such scenarios but personally haven't seen any.
  3. ESET's protection modules didn't react to this ransomware as well. VT: https://www.virustotal.com/gui/file/b6e9eb3a56f495a13892859e3de26109cbc7950b1e8bd57d374e87c94c99c7e5/detection
  4. This is interesting and very good to see. It would be nice if it's implemented in the beta version of consumer products so that beta testers can provide feedback.
  5. That's where behavior protection module would kick in. Of course behavioral protection isn't going to be effective always and it behaves differently on different product. Like, Emsisoft has an excellent behavior blocker but that's extremely sensitive and false positive prone while Kaspersky has the best behavior blocker yet almost no false positives like ESET. ESET care too much about false positives and that's why they are behind than most other big guns in behavioral protection section. There's no logic behind still setting HIPS to Automatic by default. It should be set to Smart mode and should trigger when something suspicious is detected. ESET is excellent at detecting new variants of known malware but if it's something new it barely does anything to stop that. Sadly, Quick Heal an Indian AV which is pretty terrible has a better, effective behavioral blocker than ESET. Edit: Norton is implementing their Data Protector module. It's already available in some of their product and tested it against unknown binaries and it successfully detected. For both Norton and Kaspersky let that binary encrypt 3 files before stopping it. But none of the originals files were lost. Both were smart enough to detect massive unwanted encryption while ESET did nothing.
  6. Ah this just reminded me I forgot to use VPN which I do for safety before testing any malware.
  7. I agree, ESET has a lot of room for improvements in the proactive area. Bitdefender recently has put their AI into testing in Virustotal and it's doing really well. It would be great to see ESET's Augur in action. User "itman" even suggested this in another thread few weeks ago. Bitdefender probably after training their AI for a year or two will implement into their product which would greatly benefit them. After implementing Augur into version 13 there were lot of complain in the forum about ML/Augur detection. I wonder if ESET has toned downed the AI for now in later updates.
  8. You know this isn't suitable for day to day use, at least not the way ESET is at the moment. I create this kind of rule in Kaspersky and in case of Kaspersky instead of only AppData I select the whole C drive and other important folders in other drives. It's practical in Kaspersky thanks to Appliation Manager and reputation info from KSN, there you can make rules to allow trusted programs automatically and ask permission when something else try to do any modification. ESET doesn't have anything similar to that but it's very much possible to implement something like this into the product as it already has LiveGrid.
  9. No I didn't have the time yet. Maybe ESET is already detecting it via LiveGrid. I'll try checking when I get back home.
  10. Smart mode isn't very smart but still an improvement over Automatic mode. I don't understand why Smart isn't the default mode yet.
  11. Ah silly me, I didn't notice it's the anti-ransomware you're talking about. I'll check that in my free time.
  12. Free version doesn't have real time protection so not possible.
  13. For testing purpose I ran this ransomware in a VM and it encrypted everything of Desktop and Library folders including Documents, Pictures, etc with MZ173801 extension. No alert from any ESET modules. The sample was automatically sent to ESET. Attached the ransom note below. Hopefully necessary steps would be taken so that ESET's ransomware module can detect this kind of encryption in the future and please stop caring too much about false positives if you can. Virustotal: https://www.virustotal.com/gui/file/7a92a80e742dbcb0d30948dbf6c4d7a6236a5692c5864a1276cfc84d5c71e375/detection This one looks like related to the ransomware as well. Does the same exact thing as the above: https://www.virustotal.com/gui/file/52d93471de20f886a059f5d6b5751afc1929e1aed28c5e39404445f462069479/detection Read_ME_PLS.txt
  14. I suggested this in the Future changes couple of months ago mentioning Kaspersky as an example. Less detailed than Kaspersky but G-Data has this too. ESET can upgrade their running processes tool and turned that into something similar to Kaspersky's Application Control.
×
×
  • Create New...