Jump to content

SeriousHoax

Members
  • Posts

    201
  • Joined

  • Last visited

  • Days Won

    4

Kudos

  1. Upvote
    SeriousHoax received kudos from fabioquadros_ in Controlled Folder feature   
    Yes, surprising indeed. Maybe those sync with cloud first and they create signatures later. I don't know but WD is massively cloud depended and it's serving them pretty well lately so maybe they focus less on local signatures. ESET is kind of the opposite. ESET relies on signatures a lot and that's not a bad thing because available signature of a new malware is always better than protecting via other modules.
    About this test, you should keep in mind that, this is the only test that was done in Windows 7. As far as I know Windows Defender is not available in Windows 7. Did they use Microsoft Security Essential! Even if it's possible maybe in Enterprise level, it's always going to be a lot weaker than it is in Windows 10 with Exploit Protection and etc. So, I think there's this flaw in that test.
  2. Upvote
    SeriousHoax received kudos from fabioquadros_ in Controlled Folder feature   
    Yes, it is aggressive. It blocks any attempts to modify the contents of protected folders. It doesn't matter whether it's a trusted application or not. That's why it's not enabled by default. It's for advanced users only. But if implemented in ESET, user should be able to set it in ask/interactive mode so it would be more user friendly for advanced users.
    Yes, exactly. If they can provide such option then why can't ESET? I think these products don't have it enabled by default but users have the option to do so.
    I don't think ESET would do that. This seems like too much work for an antivirus. Unless ESET can do something similar to what Kaspersky does with System Watcher there's no way. Kaspersky has set an example in the industry with their System Watcher module. It's extremely good and I think it's the best behavior blocker of all. But of course this is not 100% bulletproof but very capable and Marcos already discussed they thought about it but weren't able to do so because of performance issue.
     
    I don't think anyone claims such feature is bulletproof. Here it depends on the capability of ESET HIPS. If it can block modifications for the protected folders then it should do the job. Besides ESET has other capabilities against Ransomwares and this protected folders option is gonna be only an additional option.
    ESET can experimentally add this feature on ESET beta. If it does what it's supposed to do and receive positive feedback from the beta testers then it would be added to the main product. I'll gladly become a beta tester.
  3. Upvote
    SeriousHoax received kudos from fabioquadros_ in Future changes to ESET Internet Security and ESET Smart Security Premium   
    Description: A Manage application section like Kaspersky or an Application network rules section like Kaspersky or maybe both.
    Details: Currently there is no way to know which programs I ran on my PC that was trusted by Eset or not. By having an Application manager it would make really easy give a detailed representation. Eset already kind of has this but that's for running processes only but not for all the products and also this window just shows information but I can't interact with it like it's possible in Kaspersky.

    And for Firewall, it's possible to add rules for specific programs of course but it would be better if there was list of all applications to show what is set to allowed by Eset and what not. This should be interactive too so if a user want to deny let's say "Cleaner" internet connection then the he/she would select Ccleaner from the list and deny it internet access instead of the current situation where user need to manually browser the program to block it in Firewall. The current implementation should always be there of course but my proposed interface would make everything much easier. Also a program can have multiple files that access to the internet. From this list it would be much easier to find that out. So, overall user experience would improve a lot.

    To have a closer look you may try installing Kaspersky to understand how this two mode works on their product. I don't want Eset to have the exact same to same that Kaspersky has but the basic idea should be the same.
    I love Eset because it's great product and super lite. But I want Eset to have these features. I'm sure it's not just me but everybody would appreciate it and it will make the product even better.
    Examples:


  4. Upvote
    SeriousHoax gave kudos to itman in Ransomware   
    Some additional comments on how Live Grid should be configured by Eset.
    1. The risky status alert option would be an "Advanced option" setting for the existing Live Grid setting in Eset's GUI. It would be disabled by default. Hence and God forbid, Eset gets "dinged" on an AV lab test because of it.
    2. It is assumed that Eset already has in place criteria for handling of known assumed safe apps such as OS apps in their respective directories, etc.. I will state that I have never seen any process set to "Red" status in viewing Live Grid's status screen. As such, I am assuming the "Red" status is reserved for unknown reputation apps performing questionable system modification activities.
    3. The alert would display additional descriptive information such as signing status, publisher, creation date, directory location, etc.
    As I see it, the most that could happen in blocking the process from running would be some app installation or some process .exe you purposely downloaded is blocked/borked. App installers can always be rerun.
    The above would allow one to submit the process to VirusTotal for additional verification or Hybrid-Analysis for a detailed sandbox analysis. Win 10 1903 users could additionally run the process in the  Windows sandbox.
    Unfortunately, these Live Grid operational modifications have been suggested by me and others in the past and have "fallen on deaf ears" as far as Eset is concerned. After all, Eset always knows best when it comes to security features.
  5. Upvote
    SeriousHoax gave kudos to wraith in Ransomware   
    In general ESET is usually one of the first to come with signatures. So 3 days seems pretty old to me. Many other vendors already have a signature for it. Btw did the researchers/analysts find anything about this sample?
  6. Upvote
    SeriousHoax gave kudos to peteyt in Ransomware   
    I'm new to this topic but just wanted to ask something and unsure if its been asked.
    Firstly - I have no issue with Eset - I know nothing can ever be 100 percent.  However in regards to ransomware would there not be a way to detect something is encrypting files which in turn could force an alert from Eset.
    I'm not talking about new unknown viruses, zero day etc but the act of encrypting itself. Basically could Eset not set it by default to alert users if it detects file encrypting and possibly even be set to pause the encryption until a user tells Eset to either allow or remove.
    Surely with that approach it wouldn't matter if it was a new virus unseen that eset didn't know as it would still see the encrypting part. Or are these viruses able to hide that they are encrypting things until it is too late? I don't have a lot of knowledge on these things so sorry if it is a lot more complex than that.
  7. Upvote
    SeriousHoax gave kudos to itman in Ransomware   
    One final comment in regards to Live Grid's performance in this incident.
    Refer back in this thread to the posted Live Grid screen shot showing ransom.exe running. Note the red color. What does that mean? Per Eset online v12 help:
    Hum ........ It certainly appears Eset's front-end heuristic scanning did its job.
    So why can't Eset offer an option to be alerted to "risky" processes pre-execution? It most certainly appears to be the correct and logical action to take. For me, I can only conclude the following:
    1. Eset has such little faith in Live Grid's reputational analysis that it doesn't trust it for user alert purposes. In this case, get rid of the feature and just perform any submission activities in the background.
    2. Eset's avoidance of a false positive detection has reached the level that it is jeopardizing overall system security.
  8. Upvote
    SeriousHoax gave kudos to wraith in Ransomware   
    Absolutely not. I'm taking about this ransomware scenario which we're discussing. This is an exe file. ESET doesn't have a signature and so it's not detected by the real time scanner. When I executed the file it spawned a process that began encrypting files. My point is that when the process started encrypting the files why didn't the anti ransomware module kick in and alert me that if I want to continue the operation or block it. This is the simple question for which I'm trying to get a reliable response nothing more.
  9. Upvote
    SeriousHoax gave kudos to wraith in Ransomware   
    Yeah that's why I don't like these features. I just gave them as examples since you asked about what block at first sight is. Moreover these make the AV heavy to use and I don't want ESET to become heavy like the other AV's. But I really want ESET to have a dedicated PROACTIVE Ransomware Module, not a REACTIVE one since all the complaints I receive regarding ESET only relates to ransomwares, nothing else.
  10. Upvote
    SeriousHoax received kudos from Leonardo in New version 12.2.23.0 ?   
    It's still in Pre-Release version. Any changelog?
  11. Upvote
    SeriousHoax received kudos from Leonardo in New version 12.2.23.0 ?   
    Thanks for the info. So, the changelog will be available only after it's released for all users?
  12. Upvote
    SeriousHoax gave kudos to Marcos in Lack of details and options in the new phising page detection alert in version 12.2.23.0   
    Yes, I still have it there too:

    The page with the alert "Website blocked" was not a phishing page but most likely a malicious one which was added by ESET on the blacklist. For such websites we didn't offer the option to report them in older versions either.
×
×
  • Create New...