Jump to content

facingthesea

Members
  • Posts

    25
  • Joined

  • Last visited

Kudos

  1. Upvote
    facingthesea gave kudos to itman in ESET need realy an antiCryptor module   
    Actually, almost all the major AV solutions have some form of protected folders protection presently.
    Most employ "bait" files within the protected folders which act as "triggers" when encrypted to alert that abnormal encryption activities are taking place. At most, only a few files get encrypted before detection takes place. Some AV products like Kaspersky due to their system snapshot capability can actually restore the few files that end up encrypted. Note that this concept is not "bullet proof" and a dedicated APT actor employing a targeted attack can bypass it. However, it does take a bit of work to do so.
    My take is that Eset doesn't want to get involved with the protected folder approach due to the incessant user requests that will follow due to legit processes being blocked access to the protected folders. There also might a legal liability element here. If ransomware was successfully performed on a network employing protected folders, I would suspect the plaintiff's lawyers would have a better case for damages against the AV concern.  
×
×
  • Create New...