[Ransomware]

Break in again, but why do other AV vendors have the option implemented in their AV suite for Consumers and Eset only wants to apply it for business users only ? If ESET wants the Endpoint protection as their core business i can understand that, but stop with stripped consumer versions and switch to Endpoint protection only or offer Endpoint protection to Consumers to.

[My own website shows in backlist by ESET, pls help]

5 hours ago, Bolin Xia said:

Hi,

My website berlinlasers.com has stopped work more than one month. We have also removed JS code Hijacking credit card information from our website. 

The website is working correctly. However, it is still in blacklist of ESET. Users cannot visit us successfully. Anyone else can help us? 

We are stopped, getting no good idea. How can I connect ESET to remove us from blacklist? Pls help, thank you in advance.

Your website is still infected, i checked with other AV program and its not just ESET that blocks it.

 

[Ransomware]

2 hours ago, itman said:

Getting back on topic in regards to this specific ransomware sample, it appears it is an attempt to hide an .exe attachment. If you use an ISP or a third party e-mail provider such as GMail, etc., you will never see such an e-mail arrive in your inbox. This is because these providers will delete any e-mail with an .exe attachment as part of their routine e-mail examination on their servers.

As far as the techniques employed by this ransomware sample, it is characteristic of a targeted attack employing APT like methods against a high valued target; i.e. enterprise level. The chances of an individual user receiving such an e-mail are about zip. In fact, almost all ransomware activities these days are criminal syndicate or state sponsored level against enterprise or government entities since these are the targets that are capable and willing to pay the ransom amount being demanded.

As such, individual user testing of ransomware samples they find is really of dubious value unless the intent is to show some flaw in their security software detection mechanism. Again consumer based security software is "tuned" to the threats encountered by individual users.

-EDIT- Another way this attack could be deployed is good old phishing. You're tricked into downloading what you believe is a .pdf file. You open it and you're nailed.

To prevent this, make sure you have Win Explorer always set to show File Name Extensions. It is assume you have the "smarts" not to open a .exe file downloaded in this scenario.

I understand what you are saying, but people rely on their AV program to intercept any suspicious file.

If they do not see the double extention, and think its a .pdf they are infected. So in my opinion a AV program should block these immediately.
Thats why File Insight or a Sonar like active protection module should be in place to intercept any suspicious file.

[Ransomware]

13 minutes ago, Marcos said:

The fact thatba file is new and only very few users have encountered it doesn't make it malicious. The example above appears to have been detected by a signature as Linux/Mirai.

i get your comment, you work for eset, the point is Eset lacks a good behaviour blocker that works together with the firewall.

And linux/mirai is indeed the name of the file, but detected with Sonar, If Sonar is enabled ALL users of Norton are protected regardless if they received the signatures or not. Thats what @wraith is trying to point out, if Eset does not detect by received signatures the virus or malware slips through the security, there is no active BB or online check active or the online check is hibernating and not active, i personally never seen the behaviour blocker of Eset in action ( im an active malware tester ).

[Ransomware]

9 minutes ago, wraith said:

With the only difference being SONAR can detect and stop ransomwares that are not detected by signatures whereas ESET cannot. ☹️

Correct Sonar blocks and stops the thread happening and deletes the file, rates the risk of the file.

If ESET could implement a system like this, all areas are covered, signatures and without signatures.

[Ransomware]

If Eset had a similar system like Nortons Sonar, the sample would have been detected.

[issue number 2 (live grid)]

47 minutes ago, SlashRose said:

I know this behavior of Eset Live Grid, if you use a not quite correct Eset license, have it tested!

The guy/girl who reported is gone here, had his/her account removed.

[no files in qurantine]

2 hours ago, upasanamoza said:

thanks for the information but I don't see you as the staff of eset !

and so in order not to get support from anyone else that is why I tagged staff in the post

 

Regards

You can not expect support to be here all the time, those people have private lives too. So please dont be so impatient!

[issue number 2 (live grid)]

Just now, upasanamoza said:

well in that case i will wait for the experts to answer !

When you install ESET you need to register with a mailadres and a password, the program tells you those are incorrect.

[issue number 2 (live grid)]

Just now, upasanamoza said:

do you have the answer which credentials !

No you made them yourself

[issue number 2 (live grid)]

Your answer is in the screenshot :

You use incorrect credentials.

[Request new feature to ESET Smart Security Premium]

You can make custom HIPS rules to protect folders.

 

[Introduce yourself]

Hi All !

L0ckJaw here, i am a Microsoft professional and living in the Netherlands.

I am also a Malware tester for the Malwaretips community, and so far ESET did very good.

Love ESET because of its lightness, great signatures.
Keep up the good work!