Jump to content

SeriousHoax

Members
  • Content Count

    66
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by SeriousHoax

  1. @Marcos Hello, off topic: Before it was possible to see all the sigantures added to each updates from here: https://www.virusradar.com/en/update/info/ But it's been a while it's not there anymore. Is this a permanent change? Is it available anywhere else?
  2. I know about the HIPS rules blocking script execution, etc and have set it on mine. Those are post execution rule and I even have better pre execution blocking rules set with the help of Hard_Configurator but anyway these are not for average users. I wouldn't say WD is better but it's enough for almost every home users and can be made better by enabling extra features but ESET has a lot more features and definitely the lightest. ESET has everything but a behavior blocker that's why it struggles against unknown malware and specially against ransomwares. Good to see it was detected in Windows 10 with the help of AMSI so maybe WD would detect it too? I don't know. After the integration of Augur into the product I hoped to see it in action in such scenarios but personally haven't seen any.
  3. ESET's protection modules didn't react to this ransomware as well. VT: https://www.virustotal.com/gui/file/b6e9eb3a56f495a13892859e3de26109cbc7950b1e8bd57d374e87c94c99c7e5/detection
  4. This is interesting and very good to see. It would be nice if it's implemented in the beta version of consumer products so that beta testers can provide feedback.
  5. That's where behavior protection module would kick in. Of course behavioral protection isn't going to be effective always and it behaves differently on different product. Like, Emsisoft has an excellent behavior blocker but that's extremely sensitive and false positive prone while Kaspersky has the best behavior blocker yet almost no false positives like ESET. ESET care too much about false positives and that's why they are behind than most other big guns in behavioral protection section. There's no logic behind still setting HIPS to Automatic by default. It should be set to Smart mode and should trigger when something suspicious is detected. ESET is excellent at detecting new variants of known malware but if it's something new it barely does anything to stop that. Sadly, Quick Heal an Indian AV which is pretty terrible has a better, effective behavioral blocker than ESET. Edit: Norton is implementing their Data Protector module. It's already available in some of their product and tested it against unknown binaries and it successfully detected. For both Norton and Kaspersky let that binary encrypt 3 files before stopping it. But none of the originals files were lost. Both were smart enough to detect massive unwanted encryption while ESET did nothing.
  6. Ah this just reminded me I forgot to use VPN which I do for safety before testing any malware.
  7. I agree, ESET has a lot of room for improvements in the proactive area. Bitdefender recently has put their AI into testing in Virustotal and it's doing really well. It would be great to see ESET's Augur in action. User "itman" even suggested this in another thread few weeks ago. Bitdefender probably after training their AI for a year or two will implement into their product which would greatly benefit them. After implementing Augur into version 13 there were lot of complain in the forum about ML/Augur detection. I wonder if ESET has toned downed the AI for now in later updates.
  8. You know this isn't suitable for day to day use, at least not the way ESET is at the moment. I create this kind of rule in Kaspersky and in case of Kaspersky instead of only AppData I select the whole C drive and other important folders in other drives. It's practical in Kaspersky thanks to Appliation Manager and reputation info from KSN, there you can make rules to allow trusted programs automatically and ask permission when something else try to do any modification. ESET doesn't have anything similar to that but it's very much possible to implement something like this into the product as it already has LiveGrid.
  9. No I didn't have the time yet. Maybe ESET is already detecting it via LiveGrid. I'll try checking when I get back home.
  10. Smart mode isn't very smart but still an improvement over Automatic mode. I don't understand why Smart isn't the default mode yet.
  11. Ah silly me, I didn't notice it's the anti-ransomware you're talking about. I'll check that in my free time.
  12. Free version doesn't have real time protection so not possible.
  13. For testing purpose I ran this ransomware in a VM and it encrypted everything of Desktop and Library folders including Documents, Pictures, etc with MZ173801 extension. No alert from any ESET modules. The sample was automatically sent to ESET. Attached the ransom note below. Hopefully necessary steps would be taken so that ESET's ransomware module can detect this kind of encryption in the future and please stop caring too much about false positives if you can. Virustotal: https://www.virustotal.com/gui/file/7a92a80e742dbcb0d30948dbf6c4d7a6236a5692c5864a1276cfc84d5c71e375/detection This one looks like related to the ransomware as well. Does the same exact thing as the above: https://www.virustotal.com/gui/file/52d93471de20f886a059f5d6b5751afc1929e1aed28c5e39404445f462069479/detection Read_ME_PLS.txt
  14. Description: A Manage application section like Kaspersky or an Application network rules section like Kaspersky or maybe both. Details: Currently there is no way to know which programs I ran on my PC that was trusted by Eset or not. By having an Application manager it would make really easy give a detailed representation. Eset already kind of has this but that's for running processes only but not for all the products and also this window just shows information but I can't interact with it like it's possible in Kaspersky. And for Firewall, it's possible to add rules for specific programs of course but it would be better if there was list of all applications to show what is set to allowed by Eset and what not. This should be interactive too so if a user want to deny let's say "Cleaner" internet connection then the he/she would select Ccleaner from the list and deny it internet access instead of the current situation where user need to manually browser the program to block it in Firewall. The current implementation should always be there of course but my proposed interface would make everything much easier. Also a program can have multiple files that access to the internet. From this list it would be much easier to find that out. So, overall user experience would improve a lot. To have a closer look you may try installing Kaspersky to understand how this two mode works on their product. I don't want Eset to have the exact same to same that Kaspersky has but the basic idea should be the same. I love Eset because it's great product and super lite. But I want Eset to have these features. I'm sure it's not just me but everybody would appreciate it and it will make the product even better. Examples:
×
×
  • Create New...