Jump to content


  • Posts

  • Joined

  • Last visited


  1. Upvote
    fabioquadros_ gave kudos to SeriousHoax in Controlled Folder feature   
    Yes, it is aggressive. It blocks any attempts to modify the contents of protected folders. It doesn't matter whether it's a trusted application or not. That's why it's not enabled by default. It's for advanced users only. But if implemented in ESET, user should be able to set it in ask/interactive mode so it would be more user friendly for advanced users.
    Yes, exactly. If they can provide such option then why can't ESET? I think these products don't have it enabled by default but users have the option to do so.
    I don't think ESET would do that. This seems like too much work for an antivirus. Unless ESET can do something similar to what Kaspersky does with System Watcher there's no way. Kaspersky has set an example in the industry with their System Watcher module. It's extremely good and I think it's the best behavior blocker of all. But of course this is not 100% bulletproof but very capable and Marcos already discussed they thought about it but weren't able to do so because of performance issue.
    I don't think anyone claims such feature is bulletproof. Here it depends on the capability of ESET HIPS. If it can block modifications for the protected folders then it should do the job. Besides ESET has other capabilities against Ransomwares and this protected folders option is gonna be only an additional option.
    ESET can experimentally add this feature on ESET beta. If it does what it's supposed to do and receive positive feedback from the beta testers then it would be added to the main product. I'll gladly become a beta tester.
  2. Upvote
    fabioquadros_ gave kudos to Marcos in Any News about the ML Engine?   
    The beta is available for users in the Insider program. The membership is offered to users active in our forum when they are interested in joining the program.
  3. Upvote
    fabioquadros_ gave kudos to shaodan1997 in Scheduled Scans   
    Description:  Merge the More tools menu into the Tools menu
    Detail:  The current Tools menu only includes three less commonly used modules and leaves a huge blank space.

    However, the most commonly used modules (e.g. Log files) are included in the More tools menu, which needs one more click to enter. 

    Merge the More tools menu into the Tools menu can make full use of the space and reduce unnecessary operations.
  4. Upvote
    fabioquadros_ gave kudos to alasmi8 in Scheduled Scans   
    Description: ESET Sandbox + ESET Auto SandBox
    Details ; I Want add ESET sandBox  + ESET auto SandBox like avast sandbox +  auto sandbox
    The avast! Sandbox is a special security feature which allows you to run potentially suspicious applications automatically in a completely isolated environment. Programs running within the sandbox have limited access to your files and system, so there is no risk to your computer or any of your other files. This feature is connected to the FileRep cloud feature which identifies new files for additional analysis. So now we are able to warn you even before we have had the opportunity to examine this malware in our Virus Lab.
  5. Upvote
    fabioquadros_ gave kudos to SeriousHoax in Scheduled Scans   
    Description: A Manage application section like Kaspersky or an Application network rules section like Kaspersky or maybe both.
    Details: Currently there is no way to know which programs I ran on my PC that was trusted by Eset or not. By having an Application manager it would make really easy give a detailed representation. Eset already kind of has this but that's for running processes only but not for all the products and also this window just shows information but I can't interact with it like it's possible in Kaspersky.

    And for Firewall, it's possible to add rules for specific programs of course but it would be better if there was list of all applications to show what is set to allowed by Eset and what not. This should be interactive too so if a user want to deny let's say "Cleaner" internet connection then the he/she would select Ccleaner from the list and deny it internet access instead of the current situation where user need to manually browser the program to block it in Firewall. The current implementation should always be there of course but my proposed interface would make everything much easier. Also a program can have multiple files that access to the internet. From this list it would be much easier to find that out. So, overall user experience would improve a lot.

    To have a closer look you may try installing Kaspersky to understand how this two mode works on their product. I don't want Eset to have the exact same to same that Kaspersky has but the basic idea should be the same.
    I love Eset because it's great product and super lite. But I want Eset to have these features. I'm sure it's not just me but everybody would appreciate it and it will make the product even better.

  6. Upvote
    fabioquadros_ gave kudos to itman in Ransomware   
    Agreed. But if Eset hueristics detects a Live Grid red status risky unknown process, it should throw a suspicious alert and let the user make the decision. Again this should be an advanced Live Grid option with the disclaimer that activating it could lead to a FP detection. Also, it is highly unlikely Live Grid is going to classify a Win base OS process as risky.
    Really, this isn't "rocket science."
  7. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    Ok that sounds reasonable. But ESET can surely implement the idea of protected folders. Let it be disabled by default. Advanced users who want that can enable that but at least provide it as an option.
  8. Upvote
    fabioquadros_ gave kudos to itman in Ransomware   
    This is the problem. I would gladly switch to Endpoint. However, I don't want to buy 5 licenses which it appears is Eset's purchase minimum for the product. Eset should have a single license purchase option with a higher cost which would be perfectly acceptable.
    Another suggestion is Eset offer an "advanced" Internet Security version which in effect would be a "re-bagged" Endpoint version.
  9. Upvote
    fabioquadros_ gave kudos to itman in Ransomware   
    Now we are getting "at the meat" of the issue.
    How about an ecmds initiated "aggressive" FP setting? This setting would do globally what you stated; loosen existing anti-FP detection. By keeping the setting out of the Eset GUI, it would prevent Eset "experimental" users from enabling it and subsequently complaining Eset is throwing alerts on some garbage they are trying to install.
    At least, Eset should do something in this area to prevent long time users like myself from moving on to security solutions that have such capability.
  10. Upvote
    fabioquadros_ gave kudos to itman in Ransomware   
    Since the above Eset's requested enhancements to Live Grid falls into the category of "wishful thinking," let's talk about a free solution built into Win 10 that has such capability. That is Windows Defender's Advanced Surface Reduction; i.e. ASR mitigations:
    Since we are on that topic, let's list all the ASR mitigations available:
  11. Upvote
    fabioquadros_ gave kudos to itman in Ransomware   
    Some additional comments on how Live Grid should be configured by Eset.
    1. The risky status alert option would be an "Advanced option" setting for the existing Live Grid setting in Eset's GUI. It would be disabled by default. Hence and God forbid, Eset gets "dinged" on an AV lab test because of it.
    2. It is assumed that Eset already has in place criteria for handling of known assumed safe apps such as OS apps in their respective directories, etc.. I will state that I have never seen any process set to "Red" status in viewing Live Grid's status screen. As such, I am assuming the "Red" status is reserved for unknown reputation apps performing questionable system modification activities.
    3. The alert would display additional descriptive information such as signing status, publisher, creation date, directory location, etc.
    As I see it, the most that could happen in blocking the process from running would be some app installation or some process .exe you purposely downloaded is blocked/borked. App installers can always be rerun.
    The above would allow one to submit the process to VirusTotal for additional verification or Hybrid-Analysis for a detailed sandbox analysis. Win 10 1903 users could additionally run the process in the  Windows sandbox.
    Unfortunately, these Live Grid operational modifications have been suggested by me and others in the past and have "fallen on deaf ears" as far as Eset is concerned. After all, Eset always knows best when it comes to security features.
  12. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    It can run on a standard user but won't be able to encrypt system files. It can encrypt your personal files though. I agree with you. A process that is unsigned and new to LiveGrid, trying to encrypt files, should be blocked immediately by ESET even though it may be a false positive(although the chances would be extremely thin for a FP). I would rather deal with a FP than having my important files encrypted. 
  13. Upvote
    fabioquadros_ gave kudos to peteyt in Ransomware   
    Does encryption run on a standard home user computer without them knowing.
    What I mean is I have windows pro but don't use any encryption software so surely if something started encrypting something there would be a cause for alarm. I've thankfully never came across ransomware but I thought for a general home computer the fact something is being encrypted would look suspicious in itself
  14. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    In general ESET is usually one of the first to come with signatures. So 3 days seems pretty old to me. Many other vendors already have a signature for it. Btw did the researchers/analysts find anything about this sample?
  15. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    if only ESET displayed this warning for each and every unsigned file that tries to encrypt files.
  16. Upvote
    fabioquadros_ gave kudos to peteyt in Ransomware   
    I'm new to this topic but just wanted to ask something and unsure if its been asked.
    Firstly - I have no issue with Eset - I know nothing can ever be 100 percent.  However in regards to ransomware would there not be a way to detect something is encrypting files which in turn could force an alert from Eset.
    I'm not talking about new unknown viruses, zero day etc but the act of encrypting itself. Basically could Eset not set it by default to alert users if it detects file encrypting and possibly even be set to pause the encryption until a user tells Eset to either allow or remove.
    Surely with that approach it wouldn't matter if it was a new virus unseen that eset didn't know as it would still see the encrypting part. Or are these viruses able to hide that they are encrypting things until it is too late? I don't have a lot of knowledge on these things so sorry if it is a lot more complex than that.
  17. Upvote
    fabioquadros_ gave kudos to itman in Ransomware   
    One final comment in regards to Live Grid's performance in this incident.
    Refer back in this thread to the posted Live Grid screen shot showing ransom.exe running. Note the red color. What does that mean? Per Eset online v12 help:
    Hum ........ It certainly appears Eset's front-end heuristic scanning did its job.
    So why can't Eset offer an option to be alerted to "risky" processes pre-execution? It most certainly appears to be the correct and logical action to take. For me, I can only conclude the following:
    1. Eset has such little faith in Live Grid's reputational analysis that it doesn't trust it for user alert purposes. In this case, get rid of the feature and just perform any submission activities in the background.
    2. Eset's avoidance of a false positive detection has reached the level that it is jeopardizing overall system security.
  18. Upvote
    fabioquadros_ gave kudos to itman in Ransomware   
    Most of the dedicated anti-ransomware solutions do the same. BTW - Checkpoint has an excellent anti-ransomware solution that costs around $15 USD w/yearly subscription.
    I believe Kaspersky also works the same way. In addition if its System Watcher feature is enabled, it will use a snapshot to restore any files encrypted prior to its ransomware detection mechanism kicking in.
    As far as Eset goes, your best solution is to create HIPS rules to monitor file modification activities against any of your User folders. This really shouldn't be too much of an inconvenience for the average user since those directories are not updated that frequently in normal daily use. For business environments, process exceptions would have to be created increasing the risk of ramsonware succeeding due to malware modification of those processes.
  19. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    With the only difference being SONAR can detect and stop ransomwares that are not detected by signatures whereas ESET cannot. ☹️
  20. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    Please let me know what the analysts came up with and also if possible why the anti ransomware didn't kick in for this particular sample. Thanks. 😀
  21. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    Absolutely not. I'm taking about this ransomware scenario which we're discussing. This is an exe file. ESET doesn't have a signature and so it's not detected by the real time scanner. When I executed the file it spawned a process that began encrypting files. My point is that when the process started encrypting the files why didn't the anti ransomware module kick in and alert me that if I want to continue the operation or block it. This is the simple question for which I'm trying to get a reliable response nothing more.
  22. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    Yeah that's why I don't like these features. I just gave them as examples since you asked about what block at first sight is. Moreover these make the AV heavy to use and I don't want ESET to become heavy like the other AV's. But I really want ESET to have a dedicated PROACTIVE Ransomware Module, not a REACTIVE one since all the complaints I receive regarding ESET only relates to ransomwares, nothing else.
  23. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    I know all these are there but I've never seen the Behaviour Blocker and Anti-Ransomware shield in action. If there is a new ransomware that is not in the signatures, there is literally no warning from ESET and the ransomware easily manages to encrypt all the files. The advanced machine learning seems to be a welcome addition.😀
  24. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    I have been using ESET IS for the last 5 years and have an active subscription till 2021. It's the lightest AV out there with stellar detection, excellent firewall and web filter along with a really light footprint. However ESET does miss out on certain features that other competitive AV's like BitDefender, Kaspersky, Trend Micro, Norton, Mcafee provide. ESET has zero dynamic protection since the HIPS in automatic mode is useless. Imo I think it would be a lot better if ESET can provide a good Behaviour Monitor instead of the HIPS(the BB ESET has now is in hibernation mode, it rarely works). Another very important feature could be the Protected Folders option where the user can decide which folders to protect against ransomware.
  25. Upvote
    fabioquadros_ gave kudos to wraith in Ransomware   
    Imho ESET should add some advanced features like itman suggested. Keep them switched off by default so that only advanced users can enable them. I agree with the LiveGrid implementation part. Allow all safe processes(green), monitor the activities of non-popular(yellow) and alert upon suspicious behaviour and block for unsafe processes(red). If that sounds too much, implement a protected folders feature like defender, trend micro, BitDefender, avast so that files in those folders can only be accessed by safe applications and will be prompted if accessed by unknown applications.
  • Create New...