-
Posts
387 -
Joined
-
Last visited
-
Days Won
7
Kudos
-
NewbyUser gave kudos to Skier in How long does it take to get an update after release?
Yesterday I was unable to update to 14..2.23 via selecting 'Check for Updates' within the programme. I went to the website to download and install the latest version which didn't go at all smoothly.
Interesting that you've now pulled v14.2.23 but outwith this thread there's no information and no advice if you have already installed v14.2.23. For key security software this is simply not good enough.
-
NewbyUser gave kudos to SlashRose in Ekrn sent for analysis?
I also had a few times under the previous build.
-
NewbyUser gave kudos to itman in Eset Protection features
Ahh.......... Appears you are privy to what those ESS new protection features are. Please clue us in as to what these features are.
-
NewbyUser gave kudos to SeriousHoax in ESET need realy an antiCryptor module
Yes exactly. They are very sensitive about false positives and this is why they falling behind. Some other products are doing well in this regard while maintaining low false positives.
-
NewbyUser gave kudos to itman in Recommended website secure !
I will also add that this posting is out of scope for this forum. This forum is about Eset product questions and issues.
-
NewbyUser received kudos from LesRMed in Buy Licence officiel for nod32 website and act.33
Gotta love the Good Deeds Service touch lol.
-
NewbyUser received kudos from peteyt in Buy Licence officiel for nod32 website and act.33
Gotta love the Good Deeds Service touch lol.
-
NewbyUser received kudos from LesRMed in Website is clean now
Glad you got your site clean, if in fact you did as it is debatable. but, while I am not in way part of Eset, I don't see the PUA classification being removed, you literally advertise being able to hack other people's IG accounts which is actual malware by definition, and illegal in every country I'm aware of it's laws, so you should be happy with just being classified as a PUA. and call it a day. Password stealing trojan seems more appropriate to my view.
-
NewbyUser gave kudos to Marcos in Website is clean now
This forum is not intended for disputing blocks or detections. Since the malware has been removed, the website was unblocked but the applications will continue to be detected.
Having said that, we'll draw this topic to a close.
-
NewbyUser gave kudos to itman in Eset Updating Hung .............. Again
If the Eset update hang issue was related to this, it would have not resolved itself after a system reboot as I see it.
-
NewbyUser received kudos from peteyt in NSO and Pegasus back in the spotlight
I see them the same as the passwordrevealor guy, designing something to hack, but NSO gets a pass because they do it for "law enforcement and national security"
-
NewbyUser gave kudos to sanjay mehta in NSO and Pegasus back in the spotlight
the world is rocked by the horrifying news of how despotic authoritarian governments and their agencies have used the spyware pegasus made by NSO from israel to intrude the phones & privacy of journalists/opposition leaders/judges/activists etc.
from all accounts, it is now becoming clear that the two primary operating systems on phones, android & ios by google & apple have intentional backdoors disguised as security bugs to allow the security agencies to snoop into any smart phone worldwide.
my question is, as a responsible antivirus vendor, will eset ever be able to protect the users from such illegal intrusions ? is it ever possible, considering that the OS itself has been laid bare to such intrusions by incorporating "security bugs".
phones, especially the smart phones are are no longer secure, but the stunning silence of all AV vendors is even more cause for concern.
-
NewbyUser gave kudos to peteyt in NSO and Pegasus back in the spotlight
What I find funny is the people behind pegasus keep saying this person and this person etc. weren't being tracked by the software and the next thing they say they don't have access to customer data so can't see who/what their customers are spying on, which contradicts the previous statements
-
NewbyUser received kudos from peteyt in NSO and Pegasus back in the spotlight
Scary stuff
Revealed: leak uncovers global abuse of cyber-surveillance weapon | Surveillance | The Guardian
-
NewbyUser gave kudos to itman in Website is clean now
Since this is password cracking software, I found a good article covering subjects such as if its legal to sell and use such software: https://blog.elcomsoft.com/2020/10/everything-you-wanted-to-ask-about-cracking-passwords/ . Of note:
Next an excerpt from Password Revelator web site:
I do hope that regardless of the Eset classification of access to this web site, it will flag any download from it as a PUA.
-
NewbyUser gave kudos to SeriousHoax in ESET need realy an antiCryptor module
Still that's not good enough. Maybe we could ignore if it was one or maybe two. But 7 ransomware miss at the time of testing is a huge number. It shows again what the OP suggested that ESET's ransomware shield is very bad and almost not effective at all. ESET needs to improve.
-
NewbyUser received kudos from CEO888 in Scheduled Scans
Thanks, I thought of suggesting customization lol. But it would be somewhat complicated and obviously not something worth the overall effort and not worth making it a priority. And yes, it probably is designed that way for ease of use. I've read a number of reviews complaining about the "myriad of settings" available. Seems most people just want a "protect me" button lol.
-
NewbyUser gave kudos to itman in "pyrate", Behavior Blocker Bypass POC
Nothing.
To begin, most Python ransomware attacks are targeted ones. So unless your a corp., your chances of being targeted are about zip. Bundled Python runtime component attacks are very "noisy" and usually leave a lot of residual artifacts on the device. As such, they aren't suitable for RaaS concerns that are selling their ransomware to the hacker masses.
I don't have Python installed and have no intention to doing so. I am not a gamer that might be using software containing bundled Python runtime comments. Neither am I part of the scientific or research community that might be sharing Python software so bundled. What I am doing will unconditional block any python script from running legit or malicious.
-
NewbyUser gave kudos to itman in "pyrate", Behavior Blocker Bypass POC
It's been a slow forum posting weekend and it appears this thread has run its course. We have all had the opportunity to "rant and rave" about Eset Home version protection features we all wished we had and in reality, probably never will have. So it is time to expose this Python POC for what it is - fake ransonware. Err ..... what, you say? The POC encrypted files. Well so does a lot of legit encryption and other apps including user created ones. So lets get into this.
A few years back, the NextGen security software vendors were trying "to get traction" against the established AV vendors with their supposed superior behavior detection methods. Corresponding to this was the appearance a proliferation of ransomware "simulators" where one was encouraged to test their existing AV solution with. The most infamous of these was RanSim produced by KnowBe4: https://www.knowbe4.com/ransomware-simulator . I wrote a thread about the methodology used by this product and similar ones here: https://forum.eset.com/topic/10792-ransomware-simulators-a-detailed-analysis/ . Eset subsequently commented upon Ransim tactics in their own publish article on Eset ransomware protection:
https://cdn1.esetstatic.com/ESET/INT/Docs/Others/eset-vs-crypto-ransomware.PDF
So let's get into some details on the POC. First, note this from the POC's author posting about it at malwaretips.com:
Next is why no vendor on Virus Total detected the POC initially and I believe presently. That one is pretty straightforward. The ransomware portion of the POC never ran. The POC pauses program execution waiting for user input to continue. VT's automated sandbox analysis timed out waiting for input it does not respond to.
In summary, I am not 100% ruling out that techniques used in the POC could bypass existing Eset ransomware detection methods. However, a POC must be developed deploying real world ransomware deployment and execution methods with the most important being the program runs uninterrupted and encryption activities performed against all existing files in C:\Users\xxxx\Documents\*, etc. directories.
-
NewbyUser gave kudos to SeriousHoax in "pyrate", Behavior Blocker Bypass POC
All the ASR are available for Windows Defender too.
-
NewbyUser gave kudos to itman in HIPS Alert for Host process
At this point, you will have to tract down what service is causing this and find out if its legit.
-
NewbyUser gave kudos to Posolsvetla in Certificate Issues for Firefox 74.0 64bit
The issue is fixed in the Internet protection module version 1396; currently it is available on pre-release update servers.
-
NewbyUser gave kudos to Marcos in Filecoder Stop
I've found it submitted. Actually the problem is that on the website the ransomware note was inserted in a raw form without any html formatting (after <pre> and <code> tags) which triggered the detection.
-
NewbyUser gave kudos to mourad in vrius txt et qewe
think you a lot off.
I will try your solutions and afterwards we will discuss
-
NewbyUser gave kudos to Marcos in PiHole & ESET Smart Security
While Windows is not officially supported, perhaps it runs on Windows as well according to this statement:
It was originally designed to run on Raspberry Pis. So, unless you had a Raspberry Pi, or a computer running Linux, you were out of luck. However, it's now available for Docker. This means it can be installed on any device which will run Docker, such as Windows PCs or Macs.
Anyways, ignoring the fact that it's Pi-hole, the DNS requests might have originated from antispam. Do you use MS Outlook or any of the supported email clients that ESET can integrate with?