AnthonyQ

According to Marcos, it seems that ESET is going to update its behavior detection this year...

In ECS V7.0, when a threat sample has multiple detections, the detailed detection names cannot be displayed and the Detection field in the log will be empty.

https://www.pcrisk.com/removal-guides/28444-jawr-ransomware The answer is in the link you provided. No need to post it here.

In my opinion, as macOS already has its built-in firewall, to differentiate from it, I suggest ECS's firewall integrated with LiveGrid reputation information and allowing for specifying policies based on this information. When it comes to AV for macOS, the focus should be on detection. I am excited to see ML and LiveGuard being implemented in ESET for Mac. By the way, can ML (Augur) and LiveGuard process macOS samples such as .app and .pkg files?

V17 is now available thru pre-release channel.

Another feature I would like to ask for is ESET LiveGuard, exclusively for ESSP or Mac equivalent. Is it on the development roadmap?

When I need to perform a thorough scan of a file, the most convenient method is to scan it using the options available in the context menu. However, currently, I have to manually drag and drop the file onto the main GUI in order to initiate a scan. Additionally, it seems that the real-time scanner is unable to perform a deep scan. Is your team planning to implement Pico update and/or advanced machine learning in ESET Cyber Security? This can further help achieve feature parity between the Windows version and Mac version of ESET.

Seems to have been fixed, will continue to monitor. Btw, has the context menu scanning feature been permanently removed in ESET Cyber Security V7? I think it is a useful and necessary feature...

Files with Green Reputation is considered as Clean, which can be regarded as whitelisted. It's wrong. No. of user is merely one factor, or even not a factor when calculating the reputation score. The primary factor, as stated on ESET website, is heur rules in the cloud.

User numbers may influence reputation, but the primary factor is heuristic malware scanning conducted by LiveGrid. As Peter noted, items with Green bar in the Reputation field are whitelisted. I've previously submitted false positives to ESET, which now show a green reputation. Reputation—In most cases, ESET Internet Security and ESET LiveGrid® technology assign risk levels to objects (files, processes, registry keys, etc.) by using a series of heuristic rules that examine the characteristics of each object and then weigh their potential for malicious activity. Based on these heuristics, objects are assigned a risk level from 1 – Fine (green) to 9 – Risky (red). (https://help.eset.com/eis/16.2/en-US/idh_page_cloud.html)

It is not true. There are two columns on the LiveGrid reputation page - one column is for "Reputation," and the other is for "Number of Users." I believe you are referring to the second column. (https://help.eset.com/eis/16.2/en-US/idh_page_cloud.html)

Look at the first pic the OP shared. Before the detection was created, this malware sample had been whitelisted (indicated by the green color) in the LiveGrid.

From my own experience, ESET is less stable on Mac compared to PC...

Sadly, I can confirm that this issue was not fixed in recently released ESET Cyber Security Ver 7.4.1200.

Tbh, I haven't seen and tested this feature in action because Intel TDT was rarely triggered by the ransomware samples I tested. @adulwahab , would you be so kind as to share the hash of the sample that was detected by Intel TDT?

IMO, as a professional and well-known testing organization, AV-Comparative won’t take PUA as Malware.

Update: I later found that this issue can be temporarily solved by terminating com.eset.network process. However, after a few hours, the update problem will resurface again, which can also be solved by the above method.

I noticed an update issue with the ESET Cyber Security version 7.3.3700.0 on my Mac. After putting the MacBook to sleep (by closing the lid) for a while, I've noticed that the software fails to update. This is intriguing because when I ping update.eset.com, I get a response, which means there's no issue with my internet connection. I've tried updating it multiple times without success. However, a simple restart of my MacBook allows ESET to update as usual. This seems to be a recurring problem and I hope ESET team can take a look into this.

VHO might stand for Vishash Offline, which is a unique detection technique employed by Kaspersky. I believe there’s an official channel for ESET and Kaspersky to exchange IOCs, but sharing detection technology might be impossible.

Currently, most of my posted threats are detected as WinGo/CobaltStrike.Beacon.xx or Win32/CobaltStrike.Beacon.xx. But there are still many undetected CS backdoor trojans in the wild, e.g., https://www.virustotal.com/gui/file/e67a68056eb4299602cdeb9e52be77b6862d0f7a7ad21a651d520189963caab6; https://www.virustotal.com/gui/file/54fb06778a2ae9c92a2ee6cc2d0a36ed51d8ff85efbdfb05ba5e2dcc5d2c8c51; https://www.virustotal.com/gui/file/9254bb2f7b9ee19e6ca1110fd715dc3e8a9fb38e7a2ea43d43b0c5c1b9ff5f38; https://www.virustotal.com/gui/file/baee8be767db634c6d2d4de7de4739dce5b948dcd4dbfc5bd73dd3c9bf335467; https://www.virustotal.com/gui/file/ed34aa09630f7d4cf033e821322c6ccf9243757115c2587eb000e369d0e87d33. They are not particularly fresh but sadly both local scanner and LiveGrid cannot detect them.

Creating a smart detection for these backdoor threats (mainly Trojan downloader) might be hard but blocking them in the LiveGrid is not so difficult.

Another CobaltStrike sample undetected: https://www.virustotal.com/gui/file/897a1331bc108b666776e3ea371553e1db0ccba8f27164fddd6e146645f5d287

Still no detection... 🫠

Hi, I've noticed that many CobaltStrike backdoor samples seem to bypass ESET's detection. Below are VT links for some of the undetected samples: https://www.virustotal.com/gui/file/b3adf38a949bfa704da093f0a23aa8b50c59533c4a0166992264c1bc1c40a78c https://www.virustotal.com/gui/file/491d734b97fa86463e610820720d797e1515c6967bda1aded9ac04f2ef33833b https://www.virustotal.com/gui/file/db140710092bd084f35c5a0231d8a2a11132ff9ae110d44a61667e3c9120cdc5 https://www.virustotal.com/gui/file/654a9d346319642bfdcde85e7e5ddd64096f7b8fcd6c1a3c301aafdf9c9a8006 https://www.virustotal.com/gui/file/3e804a884b14b64a09be6bcf1c9640df766f6b51f45ce12714bea49f97e344b4 https://www.virustotal.com/gui/file/1c758859895cd24dccb9f17f8f82aedb4a4745d3fb57cad878d06ac62b843b93 https://www.virustotal.com/gui/file/981cc9cf25eaef28d3d612ab1fabb88b815c6fb384b335b89863196ee9ff2563 https://www.virustotal.com/gui/file/332e78f15424da53065cde5ea787466257ddf33e323012a99b3f00a5e7b4869c https://www.virustotal.com/gui/file/514994cca3303c06443d6cceeac914d3c93b74ab3925753536fd5c0665c7e889 Given the frequency of these misses, it's alarming. I hope ESET can consider enhancing signatures to address such threats more effectively. I intended to report these via your email channel, but my recent submissions on 8/8/2023, 8/9/2023, and 8/10/2023 received no feedback. Additionally, most samples remain undetected. The tracking numbers for those reports are [TRACK#64D227BD0366], [TRACK#64D23E4702BF], [TRACK#64D3804602F5], [TRACK#64D3815403C1], [TRACK#64D3937F00B7], [TRACK#64D4261401BA], [TRACK#64D4BE8C01E0], [TRACK#64D4C1B6036B] and [TRACK#64D4C46301B9]. Due to the lack of response, I felt it necessary to highlight these samples here. I hope they are addressed swiftly. Thank you.

The overall quality of MB samples is not so high. There are many clean samples on it. Occasionally there are some interesting and noteworthy samples on MB shared by some famous threat hunters and I hope ESET analysts can monitor those samples.