wraith

Yes it was connected and I even opened LiveGrid to find out.

That's true mate but it is an exe file.

Sorry if I'm mistaken but shouldn't the Anti-Ransomware module kick in when it's detecting that something is encrypting a large number of files? Or does it wait until LiveGrid returns a verdict that the file is indeed malicious? I just want to know the way the Anti-Ransomware module works.

I have ESET IS 12 installed with all the shields enabled(except AMSI) since I'm on windows 7. I did make changes to some settings such as enabling advancedDNA is real-time and strict cleaning. Can you help me to export the log files? How do I do that?

Precisely sir. The ransomware ran for more than 5 minutes in the background consuming around 25% of the CPU. I even checked in the ESET tools of running processes and livegrid was showing it in orange. But not a single alert from ESET. It encrypted all the doc, PDF, MP3, mp4, jpg, png files but didn't touch any applications or shortcuts.

I downloaded it from upload.ee and ESET Web shield didn't warn me. I'm not trying to bash ESET my friend. In fact ESET is my favourite AV. I'm just saying that ESET BB and Anti-Ransomware module does not work as it should. Their main purpose is to identify malicious behaviour and alert the user or to stop the malicious action but they don't seem to be doing that.

I've messaged you the sample along with one of the encrypted documents. ESET was up to date and all the shields were on, but still the ransomware managed to bypass the BB and Anti-Ransomware module, which didn't give any single alert.

Thanks for the link Marcos. I'll get back to you positively the next time I encounter a ransomware for which ESET doesn't have a signature (very rare to be true). While testing ESET in the malwaretips hub, I once encountered a cryptor for which ESET didn't have a signature and it managed to encrypt all the files in the test PC without a notification from ESET.

I know all these are there but I've never seen the Behaviour Blocker and Anti-Ransomware shield in action. If there is a new ransomware that is not in the signatures, there is literally no warning from ESET and the ransomware easily manages to encrypt all the files. The advanced machine learning seems to be a welcome addition.😀

I have been using ESET IS for the last 5 years and have an active subscription till 2021. It's the lightest AV out there with stellar detection, excellent firewall and web filter along with a really light footprint. However ESET does miss out on certain features that other competitive AV's like BitDefender, Kaspersky, Trend Micro, Norton, Mcafee provide. ESET has zero dynamic protection since the HIPS in automatic mode is useless. Imo I think it would be a lot better if ESET can provide a good Behaviour Monitor instead of the HIPS(the BB ESET has now is in hibernation mode, it rarely works). Another very important feature could be the Protected Folders option where the user can decide which folders to protect against ransomware.