Jump to content

fabioquadros_

Members
  • Posts

    7
  • Joined

  • Last visited

Kudos

  1. Upvote
    fabioquadros_ gave kudos to SeriousHoax in More LiveGuard Concerns   
    Looks like bugs that need to fixed by ESET.
     
    But the problem is, ESET has become worse at reacting to user submission. I used to get replies for all my submission back in 2020 and ESET used to add signatures within a few hours, but later that had stopped. No reply and no signature added. Checked my email history and turns out the last time I submitted samples via email was in April 2021. I stopped out of frustration. I even had to share samples to you a couple of times via private message due to this behavior. Recently found another member from another forum who also had this issue with ESET not responding to his submissions. 
    Since ESET is a highly signature oriented product, user submissions should not be ignored. Three of your competitors Avast, Bitdefender, Kaspersky are reactive to user submission, specially the first two.
  2. Upvote
    fabioquadros_ gave kudos to itman in More LiveGuard Concerns   
    I am now 100% convinced that LiveGuard processing of suspicious unknown scripts is non-existent.
    This morning I found a web site that was showing code examples for two .vbs scripts that could be used maliciously. Note that the code was shown in clear text and therefore couldn't be directly executed from web site access. LiveGuard upload was triggered by the code in one of the scripts:
    Time;Hash;File;Size;Category;Reason;Sent to;User
    4/11/2022 9:16:36 AM;2AC6C154FA1000AE10D85D4892B79D13763DAB8A;https://gist.github.com/Alekseyyy/6e3569c5b3dfa5eeee60f9f48af58579.js?file=medium.2021.infosecw.vbscript_fun.reboot.vbs;30092;Script;Automatic;ESET LiveGuard;xxxxxxx
    Time;Component;Event;User
    4/11/2022 9:16:36 AM;ESET Kernel;File '6e3569c5b3dfa5eeee60f9f48af58579.js?file=medium.2021.infosecw.vbscript_fun.reboot.vbs' was sent to ESET Virus Lab for analysis.;SYSTEM
    This is "classic" LiveGrid processing behavior I have seen many times in the past.
    First, Eset detection is not "smart" enough to realize that the web page code was shown in clear text and can't be directly executed. Next, Eset's detection of this script code was by signature which I will get to later. The upload to the Eset clould was for notification that a web site was found with malicious code.
    Why do I know that this code was detected by signature? I copied the code and pasted it in Notepad. When I tried to save  the code as a .vbs file:
    Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
    4/11/2022 9:23:26 AM;Real-time file system protection;file;C:\Users\xxxxxx\Downloads\edtdtestfile\Test.vbs;VBS/Agent.DN trojan;cleaned by deleting;xxxxx;Event occurred on a new file created by the application: C:\Windows\System32\notepad.exe (5B80BBB07B1A84384E61FB3F9366CAD97904EBEA).;2482C486EB9F55C9DD98FEFD55B200B169A75DAA; 4/11/2022 9:23:23 AM
    As far as I am concerned, LiveGuard, as currently designed, will only protect you from unknown, to Eset, suspicious binaries. That is stand-alone .exe's and the like or, the same embedded in another file that can be identified by Eset as such. Note that the procedure Eset recommends for testing LiveGuard functionality is create an e-mail and attach the created test .exe to it. This is as bogus a test that I have seen in a while. Note that most if not all third party e-mail providers will immediately delete any .exe attachments upon receipt of the e-mail by the provider.
  3. Upvote
    fabioquadros_ gave kudos to itman in More LiveGuard Concerns   
    Assumed here is the LiveGuard did not complete its cloud scanning activities within the ESSP LiveGuard default scan time limit of 5 mins.. In this instance, the file will be unblocked after 5 mins. and no safe Event log entry will be generated.
    You can increase ESSP LiveGuard default scan time limit.
  4. Upvote
    fabioquadros_ gave kudos to peteyt in What is your experience with aggressive detection ?   
    This is the issue i have. I'm a fan of Eset but it seems other AVs are looking at extra features.
    For example some AVs have a protected folder feature that could protect user files if infected by ransomware e.g. certain documents that the user rated important and/or critical. Notice my use of the word "could" as nothing is every bulletproof but ESET's answer to this seems to be it could theoretically be bypassed so why bother. I mean to me an AV could theoretically be bypassed so why bother?
    To me even if something is not 100 percent guaranteed as @itmanmentioned in regards to the ransomware rollback features of Kaspersky (and what ever can be truly 100 percent), surely if they are generally reliable as in they work in most cases, then it worth it. I feel it's better to have that extra layer and extra options and customers will also favour the options.
    At the end of the day marketing also plays a crucial role in AV sales and if an AV is offering more features that users want and at a cheaper or even free price then they will go for that AV. As I mentioned in the feedback post I have to plan to leave Eset and hope this doesn't appear to be a threat as it isn't. As someone who tests Beta versions of Eset and helps where I can (although my knowledge is basic) I just want Eset to be the best it can and to grow. I sadly however do feel Eset is holding itself back, possibly scared how to implant some features to avoid complicating users who don't have any knowledge and would be afraid of an alert asking the user to make a decision.
  5. Upvote
    fabioquadros_ gave kudos to itman in What is your experience with aggressive detection ?   
    Kaspersky is one example and it has proven quite effective against 0-day ransomware. By coupling ransomware behavior monitoring with system snapshot taking, Kaspersky is capable of restoring all files encrypted by ransomware.
    Also, Kaspersky is not 100% bulletproof in this regard. I have seen a few ransomware that have bypassed its protections. However, they are a very rare occurrence.
    It should be additionally noted that it appears Kaspersky has "worked out the kinks" in regards to previous versions system performance impact issues in regards to its system snapshot processing. System snapshot also gives Kaspersky the capability to "rollback" system modifications done by malware. Of note and in reference to postings in the forum Malware section, Eset might detect malware upon execution. However it is powerless to remove system changes performed by the malware prior to discovery. Those changes have to be manually removed.
  6. Upvote
    fabioquadros_ gave kudos to AZ Tech in What is your experience with aggressive detection ?   
    Ignoring is the denial of the effectiveness of Web access protection, and what I have said does not say that, I consider eset the best option currently available in this particular point.
    What I'm saying is that eset uses a multi-layered Protection approach, and as an eset user, when I highlight weaknesses in one of these layers, I'm not saying that eset is completely ineffective. I'm not saying that at all.
    What I am saying is that one of these layers, specifically the Behavioral Detection, needs to be better, as is the case with certain competitors, so what is the problem with my words !!

    Even I already know that eset has a Deep Behavioral Inspection but In fact there are competitors who already have an Advanced Behavioral Detection System though it is not bulletproof but it is very powerful and very effective compared to what eset have , so why is the blame on me ? 
    I hope that eset will listen to me and take it seriously in terms of rebuilding the Advanced Behavioral Detection System as powerful and effective as the other competitors.
    There will be no evolution unless we face the weaknesses.
    There will be no evolution if we are all hypocrites and deny reality. 
    Competitors who have done great work in this field, If they took the approach of denying weaknesses and said that we already have good behavior detection systems and deny reality, they would not have reached what they have reached.
    In the end, I am just a user looking for the best for the product I use, I won't lose much if one of the vendors is unable to keep pace with the technology of its competitors. If this happens, I can simply move to an option that has technologies that matches the requirements, as for vendors, they are without listening to us as customers, they are the party the aggrieved
    I hope that you will appreciate my efforts in trying to help as much as I can by reporting problems and weaknesses that I find, I have no goal in doing so other than to help improve the product, so I hope eset will take that into account and reconsider what was presented today ,Thanks
  7. Upvote
    fabioquadros_ gave kudos to itman in What is your experience with aggressive detection ?   
    As far as Deep Behavior Inspection goes, there are two versions of it.
    The first is monitoring of suspicious behavior. I  have only seen it invoked on one occasion in recent history on my device. It will inject ebehmonl.dll into a process and monitor it for some time. I mean days here until it decides the process is safe.
    The second is predetermined monitoring for select processes such as cmd.exe which can be abused by malware. It will inject ebehmoni.dll into these processes.
    In any case, this type of behavioral monitoring can't be described as dynamic monitoring of all process execution at first run time such as exists in select other AV solutions.
  8. Upvote
    fabioquadros_ gave kudos to Marcos in Terrible, why not say nonexistent service in Brazil   
    We are very sorry to hear about your unpleasant experience. We have contacted our partner in Brazil and asked for more information about how your case was handled. Will keep you posted.
    Should you come across any issues, feel free to ask here and we, ESET moderators, and other experienced and knowledgeable users will be happy to help you.
  9. Upvote
    fabioquadros_ gave kudos to SeriousHoax in Avast Now Also Has Block-At-First-Site-Capability   
    The blog post is from 2016. So Avast has this for 4 years. BTW, this particular feature on Avast requires MOTW.
    Anyway, ESET should take inspiration from Kaspersky's Application Control.
  10. Upvote
    fabioquadros_ gave kudos to itman in Avast Now Also Has Block-At-First-Site-Capability   
    The fact is Eset has all the internal mechanisms in place to accomplish this. All they have to do is block the process until LiveGrid black list determination processing has completed. As to the false positive element, I say "to hell with that." Most home users would not be significantly impacted by such process blocking. 
    This could be also further refined by adding Trusted Publisher, signing, etc. criteria to Eset Reputation scanner. Failure on reputation coupled with suspected malicious activity should be enough to block until LiveGrid initial scanning is completed.
  11. Upvote
    fabioquadros_ gave kudos to itman in Avast Now Also Has Block-At-First-Site-Capability   
    Avast blog article here: https://blog.avast.com/cybercapture-protection-against-zero-second-attacks .
    Detail on configuration options here: https://support.avast.com/en-us/article/54/
    Of note is this feature exists even in Avast free version.
    Time Eset "get with the program" and offer same like capability for their home use products.
  12. Upvote
    fabioquadros_ gave kudos to peteyt in Your LiveGrid system needs tweaking   
    While I completely agree with your statement, nothing can be 100 percent, but does that mean we shouldn't put in things to try and stop it? By that logic couldn't we argue that why bother with protection if some kind of malware could theoretically be designed to bypass or disable an AV (yes I know my comparison is slightly different to the issue we are talking about and AVs have tech to stop these).
    I do think we will see a lot more people requesting a folder system for ransomware protection. As mentioned before I'd love to see a better system for advanced users for warning them about files with no to low reputation. I get that eset doesn't want to cause issues and confusion for average users but surely that shouldn't mean the more advanced users should go without. Just make it harder to find and enable these things and make it clear when enabling the risks.
  13. Upvote
    fabioquadros_ gave kudos to Nightowl in Release 13.2.15 before official announcement   
    You are just angry at something that you can't change , all companies do the same , they release an update and then they give the change notes after a while , or go meet Microsoft , they won't tell you what changed. or say hello to Steam
    I don't represent ESET , and I don't work for them , but a delay of a bit or few hours after being posted in their download page and after that to their forum , it doesn't mean anything bad , they have posted it they didn't hide them , It's just a matter of a little bit of time delaying the upgrade so you can read the notes and after than initiate your upgrade or delay it for next version.
  14. Upvote
    fabioquadros_ gave kudos to Nightowl in Release 13.2.15 before official announcement   
    Just wait till you see official notes before you upgrade , or refuse the upgrade if you don't know the changes.
  15. Upvote
    fabioquadros_ gave kudos to ajgamer in GTA V / Online Crash because of ESET Internet Security or EIS   
    That didn't work either.
    Thank you.
    Please if someone from ESET could help me with this issue?
    Edit:
    I uninstalled EIS again.
    I have just purchased 1 year subscription of KasperSky Internet Security 2020.
    I did nothing additional to do anything like exclusions or disable. No manual settings, just straight forward install and activated the license.
    Game is working fine, Loading everything perfectly. No Crash!
    That doesn't mean, I am stopping here. Even though I paid to KasperSky for 1 year already. I don't want to retain with them infact, I want to shift to ESET.
    Reason I bought KasperSky is because it's been around week and we have not come up to any progressive conclusion. I've given enough proof that ESET is causing the issue. I cannot keep my security at risk because ESET is not acknowledging it at all.
    If we can fix the concern, I will move back to EIS HAPPILY! (I trust ESET for a decade now).
    My License with ESET is pending to expire in 2021 (Late around November). Please also let me know how you can extend or pause that so that I don't loose my days because your software being the culprit is making me not using your services temporarily.
    Proof that GTA Online works fine with KasperSky (1 Year Subscription and not Trial).

     
     
  16. Upvote
    fabioquadros_ gave kudos to Marcos in Suggestions for ESET   
    Application Control is planned.
    A research was already made, currently there are no plans to back up files. We focus on protection since letting malware run has always negative consequences and 100% remedy is often not possible. Not to say that backing up any files in the event of modification has adverse effect on performance and that could render the machine unusable if big files are modified.
    ESET software is install-and-forget. End users use automatic mode in which they are not prompted for actions (firewall, HIPS, malware cleaning, etc.).
    Patch management is not currently planned. If there is one day, it will be probably in business products. Most likely it would not be a part of ESET NOD32 Antivirus.
    That is not planned. ESET uses a strong URL scanner which protects users from suspicious or malicious URLs.
    Not planned. There are other add-ons and 3rd party applications for that, we make antimalware software.
    Anti-keylogger is part of the secured browser used by Banking and payment protection.
    Not sure if this is planned but there's a chance we'll have it in the future.
    I have no clue what you mean. Both the peer and server would have to support it so SSL is best thing for securing connection.
    Behavior Blocker as well as HIPS and other malware are constantly being improved.
    ESET has always been able to clean malware, e.g. if infected by Virut or other file infecting virus. Cleaning is not possible if a virus rewrites vital data in files.
    Again, we make antimalware software. There are other vendors that make hypervizors, such as VMware, Oracle, etc.
  17. Upvote
    fabioquadros_ gave kudos to Marcos in ESET Home products and av-test.org   
    Both products are more-less same in terms of protection features. On the othet hand taking part in tests is quite costly so AV makers have to make decisions about spending the money effectively which is one of the reasons for that.
  18. Upvote
    fabioquadros_ gave kudos to itman in Steam game Medal of Honor being flagged as PUA   
    All I can say is you appear to be the first one to every get an Eset deep behavior detection. I for one have never seen anything showing a BH/........... detection.
  19. Upvote
    fabioquadros_ gave kudos to Nightowl in Steam game Medal of Honor being flagged as PUA   
    Hahahaha , ESET is smart , knows that EA Games are PUA
  20. Upvote
    fabioquadros_ gave kudos to itman in Web Site Magecart Attacks - Kudos to Eset Again!   
    First a recent reference article:
    Credit Card Skimmer Found on Nine Sites, Researchers Ignored
    https://www.bleepingcomputer.com/news/security/credit-card-skimmer-found-on-nine-sites-researchers-ignored/
    So I decided to test Eset on detection capability. Per the linked article, picked one of the infected sites - Bahimi swimwear shop - first infected in November, 2019, the skimmer is still there today.

    Attempted to order something here: https://bahimi.com/gbp/checkout/onepage/ .

    Eset immediately detected the card skimmer:


  21. Upvote
    fabioquadros_ gave kudos to Nightowl in ESET Memories   
    I used to love the simplicity of those interfaces in v3 for an example :
     

  22. Upvote
    fabioquadros_ gave kudos to Aryeh Goretsky in NOD32 Detect Stalkerware   
    Hello,

    Yes.  Most are going to be detected as spyware, but also detections of trojans or agents are possible as well.

    Regards,

    Aryeh Goretsky
     
  23. Upvote
    fabioquadros_ gave kudos to Marcos in ESET Memories   
    AMON is the former name of the real-time protection module. We still call it internally that way and also real-time protection driver in the latest v13 is called eamonm.sys.

  24. Upvote
    fabioquadros_ gave kudos to peteyt in ESET Memories   
    I gather amon is just a part of eset? Interesting to see how the GUI and GUIs in general have changed over the years
  25. Upvote
    fabioquadros_ gave kudos to Nightowl in ESET Memories   
    Oh this is very old! , I never had my hands on it , it would be awesome to have our hands on the installers again to make some fun with XP virtual machines , but I guess that is not possible
    But I miss those days , golden time.
    When you had to remove Norton because it's eating most of the 512MB of RAM and switching to ESET for it being light on the PC
    v2 Control Panel I found it :
     

×
×
  • Create New...