One test that I usually run with antivirus software is to compile a .NET binary that simply goes into My Documents and starts placing file by file into a zip file, then going back and deleting every file it zipped up. This triggers many other antivirus programs' cryptoransomware behavior blocker.
When I try the same with ESET (the latest version), it silently allows the attack to run to completion. I have all of the advanced heuristics options enabled, and the antiransomware module as well as HIPS on either Automatic or Smart (it sounds like Smart might be more sensitive than Automatic?)
Is ESET's antiransomware module intended to block this kind of activity? I can provide a file sample if that helps, but really, it's just 10 lines of code that creates a ZIP file and places a designated set of documents into it.
https://pastebin.com/XRVrupP9