SeriousHoax

Can you not confirm with the help of an ESET malware analyst to know if it was a false positive from Augur?

Looks like it got 100% only because of detection from other vendors. Everything else is Suspicious Indicators only. So the score would have been much lower without these AV detections. I'm also a fan of System Informer. It has some nice features not present in others. I would just use Process Explorer if MS had made it equivalent to it. Both have some unique features, so I use both.

Anyway, it's good to see that products like ESET, Kaspersky, Bitdefender are able to block this attack. I think for all of them it's a previously created detection that worked here also. I tested Bitdefender in a VM on this site and it indeed detects it. I also tested Avast and Norton, but they aren't able to detect it. Norton has IPS and their browser extension but no HTTPS scanning. So they probably have to find a solution for this via their extension. Detecting threats like this is one of the advantages of HTTPS scanning. Avast would just need to create a signature to detect as they have it. ESET in my experience is one of the best if not the best at detecting these malicious/suspicious javascripts injected on websites.

If it's that easy to evade LiveGuard then I have to say that LiveGuard seems very basic and ineffective. There are emulators/sandbox out there that can simulate user clicks. There are also malware that tries to fool such sandbox's but countermeasure can be taken to detect such evasion techniques which would indicate that the file is malicious. You can read all about it and much more here: https://evasions.checkpoint.com/techniques/human-like-behavior.html#check-mouse-movement:~:text=a sample emulation.-,2.2. Check via a request for user interaction,-Some malware samples It doesn't make much sense to charge premium price for LiveGuard when it can't even do this. LiveGuard would give safe verdict to such samples and users may end up getting infected. Samples marked as safe by LiveGuard probably aren't sent to malware analysts, so till they get their hands on such samples, it's a lost cause. There's a huge room for improvements here for ESET.

Thank you very much for the response, and really pleased to know that the issue will get fixed in a future update.

ESET should take part in this ransomware specific test to please some more customers, I think. ESET takes part in many tests but not this one which I find odd especially because many people have some doubts over ESET's ransomware protection capabilities (including myself). https://www.av-test.org/en/news/security-software-against-the-latest-ransomware-techniques/

Not Marcos but, I see that there are still many more rubbish popups on the website which opens up if no adblocker is installed. Tested in a VM with Avast multiple times before and after you removed the suggested domain and Avast still blocks many more as malvertisement and blacklisted URLs. Having ads on your website is fine but don't add popup ads that leads to potential malware or adware.

Does the memory usage keep increasing as you watch or stays at 234?

True. But the chance of that happening is extremely rare.

Yeah, this is expected behavior on a freshly installed Windows 11. But it bothers me also. So, I used "Defender Control" to turn off Microsoft Defender permanently which stops these updates. But Defender Control won't work with ESET already installed unless Defender's Tamper Protection was turned off prior to installing ESET. I don't know if there is any downside of using this, so do this at your own risk.

What I mean is that if the email is loaded in Thunderbird mainly when ESET's protection is off then scanning Thunderbird's profile folder might be able to pinpoint the exact email. I don't know if ESET can do that but as I shared above, Bitdefender can. I was able to find the exact email like this using Bitdefender in the past. It was an unprotected zip sample present in my sent emails that I sent to another AV lab.

If you can't find any other solution then one thing you can try is temporarily install an email client like Thunderbird which is free. Then log into your account in Thunderbird and see if ESET can pinpoint the email location this time. Maybe even disable ESET's protection temporarily while logging in so that the malicious attachment is loaded in Thunderbird's email files and then scan it using ESET. Though I don't know if ESET's scanner will show you the exact email, not every product can do this I think. This is something Bitdefender can, and it was helpful for me when I had slightly different but similar situation to yours a few years ago. Remove threats detected in e-mail attachments after a Bitdefender scan

Would you please also look at this thread where I mentioned a keyboard app that doesn't work with ESET unless keyboard protection/secure browser is disabled. Can you work for a fix for this app also?

Yeah, that's my opinion also. It should never have been implemented as a default option. It's not possible for me to recommend ESET to people around me as it stands.

Yeah, exactly. That's my point. It was not an issue when secure browser wasn't the default, but since now it is, the solution for this should come by default as well. The ESET team probably should've considered all the circumstances before making it default.

That's not a solution, though. That's a workaround. I know that disabling it makes it work but an average user doesn't know this and would have no clue. Since ESET has made the decision about secure browser being enabled by default, the solution has to come from ESET as well by default.

There's a keyboard app that I use to type in my language inside browsers and other places. But with ESET and its Keyboard Protection with Secure Browser Mode which is enabled by default, it's not possible to write with it. ESET randomizes every typed letter. This is a trusted app used by thousands or even millions who speak the language. So it's not an ideal situation. There's a decent number of ESET customers in my country and I'm sure most of them have no clue to why the app is not working. This is a major issue and something should be done to fix it. Any alternative method that requires users interaction can not be accepted. The solution has to be automatic. The app I mentioned is Avro Keyboard. There is also Bijoy which has more than one variants I think. I don't use that but I'm guessing users of Bijoy are also affected by this. So please do something about it, fix the issue. Link to download Avro: https://www.omicronlab.com/avro-keyboard.html It also has portable edition that I use. But the issue is present in both.

What you read is correct, Memory Integrity reduces gaming performance. Even Microsoft had to acknowledge it in the end. So if you prefer overal better gaming performance l, then disable it. But of course it depends on your system config. On a high-end system, the impact is low enough to ignore, I think.

That's good news. The quicker these die, the better.

Here's an article showcasing a lot of fraudulent web stores. I have not checked them all, so don't know how many are active or not. I urge @Marcosto send these to the malware analysts ASAP so that they can analyze and decide which sites need to be blocked before users get scammed from these. chair6.net – What's the word for a large collection of fraudulent web stores?

Great find and well noticed. This article was written to mainly showcase protection against cryptojackers. Maybe that's why they didn't write it. If the home version can use Intel TDT for cryptojackers then there doesn't seem to be any valid reason for not doing the same for ransomwares. I'm not sure of course, just assuming.

Microsoft everywhere writes documents only for MD Endpoint only, even though some of those are available for home MD. So it's not possible to know without an official answer. Their shared screenshot shows the MD home version's behavioral detection UI, so it's possible MD Endpoint is not necessary for this.

I'm not who you quoted, but this tool is extremely popular for quite a few years now and is available on GitHub. So if downloaded from the source, it's always the real one. The dev is always active on the malwaretips forum. His apps are also signed and never publishes a new version before making sure it's not detected by any vendor. It's possible to verify from the app itself whether the changes have been made or not and there are other ways to verify also. So those are not the issues. MD is not bad nowadays, but has some other annoying issues here and there.

Even Microsoft Defender supports Intel TDT. But Microsoft's documents almost never mention home version in anything, even though many Endpoint features are supported. So, I'm not sure if home users also benefits from it.

No, it's on even when Smart App Control is disabled. My SAC got auto disabled 1 day after my Windows 22H2 installation, but the Defender service kept running. It's the same for everyone.