Jump to content

SeriousHoax

Members
  • Content Count

    72
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by SeriousHoax


  1. 1 hour ago, Marcos said:

    Please provide examples of script malware that ESET was unable to detect. We actually have a very effective script scanner which is why users often report us alleged false positives on their website because "no other AV detected malware". However, after checking the website we confirmed that it was really compromised and infected.  ESET also employs a command line and AMSI scanner to improve detection even more on systems with AMSI support.

    I am not saying it's bad at this but saying I've seen it missing script malwares more than other types. I always email those samples to the ESET lab and they also response when they add those to the signatures. But haven't found any sort of serious misses in recent times like ransomwares but I will share here if I find such. I think @itman may have some examples of misses.

    Edit: Well I was right about him. He even has logs.


  2. 2 hours ago, itman said:

    I will also add that malware developers are constantly adapting to security solutions detection methods. Currently they have evolved to increasing deploying Win OS trusted system utility processes to execute their malicious scripts. Therefore it is up to Eset security researchers to be "on top" of these attacks and add appropriate machine learning rules to the Augur engine and flag these script executions as suspicious. And to hell with the false positive element in this regard I say.

    I think Trend Micro is one of the products that kind of does what you are suggesting and blocks most of the suspicious script executions by default. It may result in some false positives but it's very good against script based malwares where ESET is a bit weak in this department. 


  3. 11 minutes ago, Marcos said:

    You can temporarily change the blocking rule to an ask rule and you'll be prompted for an action. Then you can allow the action and create a permissive rule. However, the more exceptions you'll make the less resistant the block rule will be against ransomware that may inject into legitimate processes.

    Yeah right. I usually use ask for most HIPS rules so personally troubleshooting what needs to allowed for certain modification would be better. Ok, thanks.


  4. Description: A Manage application section like Kaspersky or an Application network rules section like Kaspersky or maybe both.

    Details: Currently there is no way to know which programs I ran on my PC that was trusted by Eset or not. By having an Application manager it would make really easy give a detailed representation. Eset already kind of has this but that's for running processes only but not for all the products and also this window just shows information but I can't interact with it like it's possible in Kaspersky.


    And for Firewall, it's possible to add rules for specific programs of course but it would be better if there was list of all applications to show what is set to allowed by Eset and what not. This should be interactive too so if a user want to deny let's say "Cleaner" internet connection then the he/she would select Ccleaner from the list and deny it internet access instead of the current situation where user need to manually browser the program to block it in Firewall. The current implementation should always be there of course but my proposed interface would make everything much easier. Also a program can have multiple files that access to the internet. From this list it would be much easier to find that out. So, overall user experience would improve a lot.


    To have a closer look you may try installing Kaspersky to understand how this two mode works on their product. I don't want Eset to have the exact same to same that Kaspersky has but the basic idea should be the same.
    I love Eset because it's great product and super lite. But I want Eset to have these features. I'm sure it's not just me but everybody would appreciate it and it will make the product even better.

    Examples:

    IbJEXVM.png

    ery0rLS.png

×
×
  • Create New...