Jump to content

SeriousHoax

Members
  • Content Count

    45
  • Joined

  • Last visited

Everything posted by SeriousHoax

  1. It's better to avoid SSL filtering. I keep it turned off. Anyway, wait for a reply from someone who knows about this issue.
  2. But via email, I just uploaded the samples and didn't provide any additional analysis and they respond quickly anyway.
  3. One thing I noticed that, if a sample is submitted to ESET via email, they response fast. Few days ago they replied with a verdict of the malwares within 25 minutes and another time within 13 minutes. Both time sent them 3 samples. The response time may vary depending on the work load and time of the day but certainly a better procedure than sending via the product.
  4. Interesting. I don't know what XOR is but maybe Windows Defender's Advanced ransomware protection can block this? Any idea?
  5. Yes. WD doesn't have a signature locally but is detected by their cloud signature. ESET & Kaspersky doesn't have signatures and their ransomware protection module fails to stop the threat as well. Bitdefender and AVG has signatures but their Behavior blocker fails to block encryption. The ransomware probably doing something differently that's why able to bypass every AVs behavior blocker/ransomware protection module. Bitdefender's can block encryption of files made by this ransomware in the protected folders. Another example why ESET should have it too.
  6. It's a relatively new ransomware named: GoRansom POC Ransomware ESET doesn't have a signature for it yet. On execution it failed to detect encryption made by the ransomware. On a side note: Kaspersky which is very well known to protect against ransomware failed to stop this ransomware as well. So, seems like a serious one. My reason of posting is not to blame ESET but want to know what's so special about this ransomware that other reputable AVs ransomware protection module is failing as well. Hopefully ESET will analyze and protect users from similar ransomwares in the future. A link of the ESET test: https://malwaretips.com/threads/goransom-poc-ransomware-20-09-2019.95105/post-835332 The sample has already been sent to ESET. I can share the sample here if you want. This is the sha-256 file hash: 83b3dc0ce9250636c0a19335e7991e90646e46b2e0fc376c0d3fa1abf013104d
  7. If you're in a hurry you can download this. I uploaded this from my pc. If you have any doubt about the authenticity of the file, then after downloading check the file on virustotal and also check the digital signatures. Sha-1 hash of the file: 74A946136D9F040E7A368BFA46ED81581EC1A9F1 This is a one time only downloadable link: https://send.firefox.com/download/cbfcdc63a6c5ad9a/#ZhkV5ctf8D3sgzZl5Ogtzw
  8. Yes, you are right. ESET is always around the 98% mark. A test before this one they scored 98.4% which was lower than every other (Except Total Defense). So, everyone else doing better. I'm pretty sure too that it's not related to PUA. Eset is pretty good at detecting those. The report of the February-May 2019 test was more detailed. It showed Eset failed to detect 12 threats out of 752 but didn't mention what type of threats those were: https://www.av-comparatives.org/tests/real-world-protection-test-february-may-2019/ Also, check the report of the February-May test. They categorized by prevalence of the false positive from Very low, low, medium and high and most of the WD false positives were on the group of very low and low. So, rarely an average user would face false positive issue. Maybe most of those detected false positive samples were blocked by SmartScreen. SmartScreen is mostly reputation based so it's a possibility.
  9. Everything can be done via this tool. One tool for everything related to Windows Defender: https://github.com/AndyFul/ConfigureDefender
  10. Here's the latest AV-Comparatives Real-World Protection Test Jul-Aug 2019: https://www.av-comparatives.org/tests/real-world-protection-test-jul-aug-2019-factsheet/ Comparison chart: https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart2&chart_year=2019&chart_month=Jul-Aug&chart_sort=1&chart_zoom=2 ESET blocked 98.3% with 1 False positive. While 98.3% is not a bad result but ESET finished last in this test and likes of McAfee, Tencent finishing ahead of ESET is what bothering me the most. Did you get a detailed result of the types of malwares ESET missed in this test? Were ESET able to detect them after executing or the execution is done in this test too?
  11. I see. In my PC WD often randomly uses high CPU. Didn't face any performance issue though, even while gaming but ESET is definitely lighter. Anyway, keep testing them together and let us know how things go.
  12. I have this rules active on ESET HIPS as well. Very useful. I have enabled some SRP which covers almost all of these but it's nice that ESET has such options.
  13. Do you not feel any slowdown with two of them together? WD is a lot heavier than ESET. I always use ESET with Voodoshield free version. A great companion.
  14. I'm kinda confused. So, you're using ESET and Windows Defender at the same time but ESET real time protection is turned off? Some features of both AVs are active and some are not? Hybrid? Something like, ESET Defender? lol. What are the exact feature that you enabled/disabled?
  15. I thought Windows Defender Controlled Folders works alongside other AVs but it doesn't 😐
  16. Yes, that is correct. I'm familiar with the other entries but I'm seeing these Windows Defender related entries only after upgrading to 12.2.29.0.
  17. Also found multiples entries of this from the HIPS log. Related to Windows Defender starting at startup I guess.
  18. I installed ESET IS and registration to Windows Security Center was successful but like mentioned above, WD is starting for some minutes at startup. There used to be an option to ask the user before performing a program update. Why was it removed? I installed the 12.2.23.0 version from the offline installer and after the first update it automatically updated to 12.2.29.0. Who thought it would be a better idea to remove the option to ask the user??!! A lot of us could've avoided this if the option was still there.
  19. I see. That makes sense. Since their cloud AI server is bigger, they are able to process more files at a time than surely any other AV which has such protection. Hmm that's understandable. Ok I found the video: Cloud malware protection system It says typical response time is under 20 minutes. So like you said there's other factors too so I guess I got my answer. Thanks.
  20. Ow hmm you are right. I skimmed through this blog post few days ago. WD of course has improved over the last 2-3 years but still some other established AVs are currently ahead of it. Beside, WD is still pretty buggy which is bothering me. I might get back to ESET sooner than I expected. I hope the issue of the latest version 12.2.29.0 gets fixed very soon.
  21. Well, what I mean is, recently I ran a fresh malware on Sanboxie with Windows Defender installed. WD failed to detect this malware and the malware also created startup entries. 2 minutes later I tried to delete the contents of Sandboxie and as soon as my pc accessed that file again, WD notified me and deleted the threat. I re scanned the sample on my pc and WD detected that as well while 2 minutes ago it didn't. So, probably after executing the malware WD sent the sample to the cloud and their AI sent back a verdict that the file was malicious so WD detected it later and also seems like a signature was saved locally. AVs like Kaspersky is pretty fast in similar scenarios in my experience but that takes more time. Maybe 10-15 minutes or more I'm not sure. Microsoft claims that they only require few milliseconds. I was more or less skeptical about it but from the above experience it seems they are right about it as in my particular case it was less than 2 minutes. My question is, how fast is ESET in such case with the help of Live grid? In a official video from few years ago I think they said 15 minutes. My post is not about comparing ESET with Windows Defender. I came across this yesterday so was just wondering, that's it.
  22. I was talking about this as well. More or less 6-7 months ago I once enabled it to check it out and after that it wasn't deleting any malware. I don't know if it's still buggy or not.
  23. I'm not sure how WD handle that but here's a recent article about fileless malware and Microsoft's take on it. What is fileless malware and how do you protect against it? Actually, WD's sandbox feature is not stable yet and it acted weird the last time enabled it. So I have kept it off. Hopefully they will make it stable and turn it on by default soon. Thanks for this suggestion. But actually I've already enabled some ASR rule and also added some additional protection feature on WD via this two tool. I wouldn't use WD otherwise I think. Hard_Configurator ConfigureDefender Anyway, I haven't moved to WD permanently. ESET's web protection, signature and performance is superior to WD. I never gave WD a try before so thought about giving it a go now. Also, I see some people are having problem with the latest ESET update so it's ok to stay away for some time.
×
×
  • Create New...