Jump to content

SweX

Most Valued Members
 View Profile  See their activity

  • Posts

    2,266

  • Joined

  • Last visited

  • Days Won

    110

 Content Type 

Posts posted by SweX

    Windows exploitation in 2015

    in General Discussion

    Posted

    By: ESET Research

     

    Today we are happy to announce our annual report called Windows exploitation in 2015. Readers who tracked our previous reports Windows exploitation in 2013 and Windows exploitation in 2014 may notice that in each new version of the report we try to highlight new security features introduced in Windows, web browsers and EMET. Along with this information, both previous reports contain information about vulnerabilities that have been fixed in various important Windows components, the .NET Framework and Microsoft Office. Our latest report is no exception. 

     

    Our main goal in writing these reports is to notify our customers, as well as other users, about the importance of installing updates to fix various unpatched (0day) vulnerabilities. We also provided information about ESET’s detections of in-the-wild exploits of these vulnerabilities. Such exploits are used by attackers to implement notorious drive-by download attacks.

     

    Article at WLS: hxxp://www.welivesecurity.com/2016/01/26/windows-exploitation-in-2015/

     

    Direct link to PDF: hxxp://www.welivesecurity.com/wp-content/uploads/2016/01/Windows_Exploitation_in_2015.pdf

     

    :)

    ESET Smart Security and Anti-Malware

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by SweX

    Many do, so you can if you want to. But whether YOU need/want it or not is of course up to you to decide. I don't feel I need anything more running in real-time than ESET at the moment. If ESET would only be a real-time scanner to detect malware it would be another matter, but by using the products security features you can lock things up pretty tight. I go by the rule less is more, i.e I like to keep things simple, not only to keep the system resource usage to a minimum but also to minimize the risk for incompatibility problems between different apps. But as with everything in life - we all do things in our own way :D

     

    Though like most people that might not use MBAM in real-time, I of course have it installed for on-demand scans incase I would like to run one.

     

    And yes, ESET's products detects all kinds of malware (Malware = Malicious Software) and potentially unwanted/unsafe apps as user optional detection categories, and so does Malwarebytes.

    Malwarebytes aim from the start was to detect malware that most "traditional" AVs tend to miss, how it is with that today I can't say. But it is a great second opinion scanner in any case.

    AV-Comparatives: Summary-Report December 2015

    in General Discussion

    Posted · Edited by SweX

    "Annually we release a summary report that collates the results of the various tests. We then give awards and comment on product abilities.

     

    The Product of the Year award goes to the vendor whose software performed best overall in the main test series. Finally, a number of products which reached a very high overall standard are given the Top Rated award. The Summary Reports also include individual reviews of each of the programs tested by AV-Comparatives in the main test series. The reviews cover the program’s user interface and everyday tasks such as updating and scanning, to give readers an idea of what the software is like to use in real life, and how well-suited it is to both expert and non-expert users.

     

    Product of the Year: Kaspersky Lab
    Top Rated Products: Avast, AVIRA, Bitdefender, Emsisoft, eScan, and ESET."

     

    hxxp://www.av-comparatives.org/summary-report-december-2015/

     

    :)

    ESET Smart Security 9 memory leak

    in ESET Internet Security & ESET Smart Security Premium

    Posted

     

    I'm commonly seeing sustained memory usage between 350-450MB. Occasionally it almost reaches 1GB. Then I have no choice but to reboot to clear it.

    I'm running XPsp3 with 2GB RAM so I can't afford this nuisance.

     

    I'll be downgrading back to ESS8, till this problem gets sorted out.

    I have 8.0.319 in XP SP3 and using pre-release updates. You can check my posts in this thread and you'll see that I was kinda affected -> not affected -> affected -> and now I am not affected by the leak again. Been fine for the last 1 and ½ month. Ekrn.exe stays within it's normal (for v8 IMO) range between 120-130mb. I have never seen it consume e.g 150-200mb like Marcos suggests under any circumstances, except when there is a leak, and then it doesn't stop at 200 but slowly goes up up up.

     

    It doesn't matter how hard I try to make the leak reveal itself again, ekrn.exe's ram usage just stays normal no matter what.

    Haha I don't believe this, it is back again.  :D ekrn.exe use 180mb right now, but reached as high as 690mb yesterday.

     

    Internet protection module: 1242 (20160114)

    "Service Unavailable please come back later"

    in General Discussion

    Posted

    As I mentioned to TomFace, I have never seen that.

     

    Does it have anything to do with download speed? Mine really is not that fast.

     

    Just curious.

    No, I don't think so. But the forum as been acting normal for the past few weeks for me anyway. Not fast enough ? Okay, then I'll take your 60/6 connection and you can take my 8/1 connection and see if you like it any better :D

    how can I tell if livegrid is working?

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by SweX

    I failed the test even tho livegrid is enabled, I then clicked the eset link to look for instructions on how to fix and the link is invalid, points to a generic page on the eset site, oh dear. :(

     

    Can someone kindly please state on what I should do next?

    Clicking on the ESET logo in "vendors supporting this feature" takes me to eset.com. (would be better if it pointed to a ESET KB article about LiveGrid IMO) Or did you click on some other link ?

     

    If you are the same user from Wilders with a similar username then you use NOD32 right ? If so, do you use a 3'rd party firewall alongside NOD32 ? If so, maybe worth to try and temporarily disable the firewall (plus any other security features it may have) completely and run the test again to make sure all connections necessary are allowed and that no security features blocks anything. Plus any other security apps you may have installed, to troubleshoot this. I am not sure if LiveGrid needs any allow rule created in standalone firewalls to work properly. But I don't think it does :unsure:

     

    And you are sure LiveGrid is enabled ?

    hxxp://support.eset.com/kb5552/

    AMTSO - Security Features Check

    in General Discussion

    Posted

    Kudos for posting those links.

     

    It should be pointed out however that what these tests do is to verify the functionality of the noted security feature; not the effectiveness of same. Each of the participating security vendors has included within their signature database a signature corresponding the AMTSO test malware. Passing these tests do not guaranty that you can not be infected by some unknown 0-day malware.

    Yes, it's good you point this out as it may not be 100% clear for everyone. But I take for granted that people actually take time to read (after clicking on one of the links) a little bit about what the test/check is meant for.

     

    E.g

    "By clicking on the CloudCar Testfile link below, your system will attempt to download the CloudCar Testfile. This file is NOT malicious, but by an industry wide agreement this file is detected as being malicious when Cloud Lookups are enabled so that people may verify that their Anti-Malware product’s cloud detection capability is configured correctly."

    Scheduled Scans

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by SweX

    It would be nice to see Eset incorporate a Behavior Blocker into their products. If something slips through then the behavior blocker can help detect the malware when it executes. They could have the feature disabled by default if they are worried about it causing false positives when being tested by independent test organizations.

     

    hxxp://www.eset.com/int/about/technology/#advanced-memory-scanner

    "Advanced Memory Scanner complements Exploit Blocker, as it is also designed to strengthen protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation and/or encryption. This causes problems with unpacking and can pose a challenge for common anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of malicious processes and scans them once they decloaks in the memory. This allows for effective detection of even heavily obfuscated malware. Unlike Exploit Blocker, this is a post-execution method, which means that there is a risk that some malicious activity could have been performed already. However, it steps into the protection chain when everything else fails."

     

    I assume you had something like Emsisoft's Behavior Blocker in mind when you made this request. Just wanted to mention the purpose of AMS and what it does.

     

    hxxp://static3.esetstatic.com/fileadmin/Images/INT/Docs/Other/ESET-Technology-Overview.pdf

    Edit: This PDF literally explains the ins and outs of the software itself and what happens behind the scene on the back-end systems. Every customer/user that is interested in this kind of geek information (it is very informative) should take time and read through the whole PDF.

    Is NOD32 9.0 pretty stable now?

    in ESET NOD32 Antivirus

    Posted

     

    Well, an overlay will save your settings and it's a bit less painful. :P

    True. It's easy enough to export my settings, and import them into the new version,

     

     

    "If you upgrade v8 to v9, most of the settings should be retained. Exporting the configuration from v8 and importing it to v9 is not possible due to a new configuration system."

    https://forum.eset.com/topic/6310-importing-settings-from-eset-8-to-9/?p=34885

     

    So installing over the top (installing v9 over your current v8 installation) is your best bet here. Unless you want to install V9 from scratch by uninstalling V8 first.

     

    Just FYI :)

    AMTSO - Security Features Check

    in General Discussion

    Posted · Edited by SweX

    AMTSO ->  Anti-Malware Testing Standards Organization.

    Website: hxxp://www.amtso.org/

     

    "The AMTSO web site now hosts a number of easy to use tools to ensure that endpoint security products are configured to protect you from viruses, drive-by-downloads, potentially unwanted applications (PUA), archived malware and phishing and cloud attacks.

     

    Because the usage growth of tablets and smartphones, endpoint security nowadays embodies more than just a desktop solution. Besides the Security Features Check for Desktop Solutions, AMTSO hosts similar checks for Android based devices. In the future, the AMTSO Security Features Checks will be extended to cover more features and expanded to cover more Operating Systems."

     

    Note: After clicking on any of the links below remember to check "Vendors supporting this feature" by scrolling down and look for your vendors logo/name.

    (Since this is the ESET forum I can mention that ESET supports all of the tests below)

     

    Feature Settings Check for Desktop Solutions.

     

    1. Test if your protection against the manual download of malware (EICAR.COM) is enabled.

    hxxp://www.amtso.org/feature-settings-check-download-of-malware/

     

    2. Test if your protection against a drive-by download (EICAR.COM) is enabled.

    hxxp://www.amtso.org/feature-settings-check-drive-by-download/

     

    3. Test if your protection against the download of compressed malware is enabled.

    hxxp://www.amtso.org/feature-settings-check-download-of-compressed-malware/

     

    4. Test if your protection against the download of a Potentially Unwanted Application (PUA) is enabled.

    hxxp://www.amtso.org/feature-settings-check-potentially-unwanted-applications/

     

    5. Test if your protection against accessing a Phishing Page is enabled.

    hxxp://www.amtso.org/feature-settings-check-phishing-page/

     

    6. Test if your cloud protection is enabled.

    hxxp://www.amtso.org/feature-settings-check-cloud-lookups/

     

    Feature Settings Check for Android based Solutions.

     

    1. Test if your protection against the manual download of malware is enabled.

    hxxp://www.amtso.org/feature-settings-check-download-of-malware-for-android-based-solutions/

     

    2. Test if your protection against a drive-by download is enabled.

    hxxp://www.amtso.org/feature-settings-check-drive-by-download-for-android-based-solutions/

     

    3. Test if your protection against the download of a Potentially Unwanted Application (PUA) is enabled.

    hxxp://www.amtso.org/feature-settings-check-potentially-unwanted-applications-for-android-based-solutions/

     

    4. Test if your protection against accessing a Phishing Page is enabled.

    hxxp://www.amtso.org/feature-settings-check-phishing-page-for-android-based-solutions/

     

    I will try to remember to edit this post if/when more tests are published on the AMTSO website and add them to the list above.

    how can I tell if livegrid is working?

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by SweX

    One way is to use the test at the AMTSO website.

     

    On the link below click on "download the cloudcar testfile", if LiveGrid works correctly in your ESET product, then you should see a detection notification.

    hxxp://www.amtso.org/feature-settings-check-cloud-lookups/

     

    Note: This file is NOT malicious, but by an industry wide agreement this file is detected as being malicious when Cloud Lookups are enabled so that people may verify that their Anti-Malware product’s cloud detection capability is configured correctly.

    NOD Songs from Nigel

    in General Discussion

    Posted · Edited by SweX

    I have never needed to call ESET so I don't know if they use any - but does ESET use any "on hold" music that starts playing incase one would need to wait ? If not, then ESET has the perfect use for these songs...."many customers are calling right now, but your call is very important to us, so please stay on the line until one of our customer care representatives can assist you, and to make sure you don't get bored to death, we'll play a nice song for you..." :rolleyes:

    NOD Songs from Nigel

    in General Discussion

    Posted

    We had to remove the songs to protect Nigel from all the paparazzi...jk

     

    :D

     

    Just curios, but how much do you think that a first pressing, signed copy of the original CD would go for?

    Hmmm almost sounds like you own one ;)

     

    Is this one I found on YouTube one of the songs ?

     

    youtube.com/watch?v=9FvwCUIeL4Y

    "Nod32 theme song"

     

    I know I have heard one of these songs before but I am not sure if it was this one that is uploaded on YT or one of the other ones, if there is more than one song.

×
×
  • Create New...