-
Posts
359 -
Joined
-
Last visited
-
Days Won
10
Everything posted by SeriousHoax
-
Scheduled Scans
SeriousHoax replied to Aryeh Goretsky's topic in ESET Internet Security & ESET Smart Security Premium
Description: Logging of dropped packets/blocked connections in Interactive Firewall mode Detail: When I deny access to something in Interactive firewall mode there's no way to later check what site that particular app tried to connect. It would be very useful if all the dropped packets can be log so that one can later check everything and do the research if required. This logging shouldn't be enabled by default but there should be an option to enable that when the user activate Interactive mode from advanced settings. Discussion moved to https://forum.eset.com/topic/23153-logging-of-dropped-packetsblocked-connections-in-interactive-firewall-mode/ -
This is Firefox decision I think. They got tired of issues reported by the users about certificate error thing. Most of the issues were reported by Avast and Kaspersky users. Firefox's way was definitely safer. It maintains its own store and don't use windows certificate store before they decided to do change that partially to make it easy for average users I guess. Average users wouldn't know how to manually import certificate to Firefox. But I like the way Firefox still shows that it doesn't trust the certificate.
-
I actually checked that already. I had only one certificate in the trusted authority and it was also the same one but for some reason it was still not working. But anyway I fixed it by manually deleting it from the windows store, restarted the system, a new certificate has been created by Eset automatically and now everything is working fine. Thanks
-
My certificate isn't working on Firefox either. Everything seems to set nicely. Tried enabling, re-enabling this configs but still same. I also have another app named Phyrox which is an unofficial portable version of Firefox. It's not working there anymore either. This is a new installation of the newly released version of Eset. Working in other browser but not in any Firefox based one.
-
Windows Registry Helps Find Malicious Docs Behind Infections
SeriousHoax replied to itman's topic in General Discussion
Does ESET have any defense against this except manually creating HIPS rules? -
Hips Configuration
SeriousHoax replied to govind's topic in ESET Internet Security & ESET Smart Security Premium
Any thoughts on this? https://www.bleepingcomputer.com/news/security/windows-explorer-used-by-mailto-ransomware-to-evade-detection/ -
Hips Configuration
SeriousHoax replied to govind's topic in ESET Internet Security & ESET Smart Security Premium
I am not saying it's bad at this but saying I've seen it missing script malwares more than other types. I always email those samples to the ESET lab and they also response when they add those to the signatures. But haven't found any sort of serious misses in recent times like ransomwares but I will share here if I find such. I think @itman may have some examples of misses. Edit: Well I was right about him. He even has logs. -
Hips Configuration
SeriousHoax replied to govind's topic in ESET Internet Security & ESET Smart Security Premium
I think Trend Micro is one of the products that kind of does what you are suggesting and blocks most of the suspicious script executions by default. It may result in some false positives but it's very good against script based malwares where ESET is a bit weak in this department. -
Hips Configuration
SeriousHoax replied to govind's topic in ESET Internet Security & ESET Smart Security Premium
Yeah right. I usually use ask for most HIPS rules so personally troubleshooting what needs to allowed for certain modification would be better. Ok, thanks. -
Hips Configuration
SeriousHoax replied to govind's topic in ESET Internet Security & ESET Smart Security Premium
@Marcos What windows related processes should I allow if I want to allow manual modification of files in that folders like manually renaming, moving, pasting new files. -
Files encrypted by ransomware
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
Oh, bummer 😕 -
Files encrypted by ransomware
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
@Marcos Hello, off topic: Before it was possible to see all the sigantures added to each updates from here: https://www.virusradar.com/en/update/info/ But it's been a while it's not there anymore. Is this a permanent change? Is it available anywhere else? -
Files encrypted by ransomware
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
I know about the HIPS rules blocking script execution, etc and have set it on mine. Those are post execution rule and I even have better pre execution blocking rules set with the help of Hard_Configurator but anyway these are not for average users. I wouldn't say WD is better but it's enough for almost every home users and can be made better by enabling extra features but ESET has a lot more features and definitely the lightest. ESET has everything but a behavior blocker that's why it struggles against unknown malware and specially against ransomwares. Good to see it was detected in Windows 10 with the help of AMSI so maybe WD would detect it too? I don't know. After the integration of Augur into the product I hoped to see it in action in such scenarios but personally haven't seen any. -
Files encrypted by ransomware
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
ESET's protection modules didn't react to this ransomware as well. VT: https://www.virustotal.com/gui/file/b6e9eb3a56f495a13892859e3de26109cbc7950b1e8bd57d374e87c94c99c7e5/detection -
Files encrypted by ransomware
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
This is interesting and very good to see. It would be nice if it's implemented in the beta version of consumer products so that beta testers can provide feedback. -
Files encrypted by ransomware
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
That's where behavior protection module would kick in. Of course behavioral protection isn't going to be effective always and it behaves differently on different product. Like, Emsisoft has an excellent behavior blocker but that's extremely sensitive and false positive prone while Kaspersky has the best behavior blocker yet almost no false positives like ESET. ESET care too much about false positives and that's why they are behind than most other big guns in behavioral protection section. There's no logic behind still setting HIPS to Automatic by default. It should be set to Smart mode and should trigger when something suspicious is detected. ESET is excellent at detecting new variants of known malware but if it's something new it barely does anything to stop that. Sadly, Quick Heal an Indian AV which is pretty terrible has a better, effective behavioral blocker than ESET. Edit: Norton is implementing their Data Protector module. It's already available in some of their product and tested it against unknown binaries and it successfully detected. For both Norton and Kaspersky let that binary encrypt 3 files before stopping it. But none of the originals files were lost. Both were smart enough to detect massive unwanted encryption while ESET did nothing. -
Files encrypted by ransomware
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
Ah this just reminded me I forgot to use VPN which I do for safety before testing any malware. -
Files encrypted by ransomware
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
I agree, ESET has a lot of room for improvements in the proactive area. Bitdefender recently has put their AI into testing in Virustotal and it's doing really well. It would be great to see ESET's Augur in action. User "itman" even suggested this in another thread few weeks ago. Bitdefender probably after training their AI for a year or two will implement into their product which would greatly benefit them. After implementing Augur into version 13 there were lot of complain in the forum about ML/Augur detection. I wonder if ESET has toned downed the AI for now in later updates. -
Files encrypted by ransomware
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
You know this isn't suitable for day to day use, at least not the way ESET is at the moment. I create this kind of rule in Kaspersky and in case of Kaspersky instead of only AppData I select the whole C drive and other important folders in other drives. It's practical in Kaspersky thanks to Appliation Manager and reputation info from KSN, there you can make rules to allow trusted programs automatically and ask permission when something else try to do any modification. ESET doesn't have anything similar to that but it's very much possible to implement something like this into the product as it already has LiveGrid.