AnthonyQ

LiveGuard is planned.

What do you think by ESSP? Do you think features like firewall? Firewall is planned. It should be released at the end of Q2/2024.
 
Other Pro features not included in AV version are not planned in next half-next year.

avast
avag did it. so you had to bring an ultimate. is the future of win-users made of an ultimate, a premium, an advanced and an essential ? see. malwarebytes offers 2 variants, standard and plus (VPN included). see. it more easy to understand. marketing gag. hein. 

V17 is now available thru pre-release channel.

Pico update is not planned for ESET Cyber Security for macOS. Machine learning is planned.

ESET creates industry-leading signatures and is good at detecting known ransomware.
But I hope ESET can improve its behavioral blocker or introduce protected folder function to better deal with unknown ransomware.

Hello guys,
O.K. I understand what we talk about now.
The file has been signed by a recognized certificate so it had higher reputation.
The signing certificate had been revoked, so it had been removed from the list of recognized signing certificates.
Our teams are looking into it and checking the underlaying processes speed up recognition of such in the future.
@IvanL_5306 thank you for pointing on this, really helpful for us.
Peter

Look at the first pic the OP shared. Before the detection was created, this malware sample had been whitelisted (indicated by the green color) in the LiveGrid.

@AnthonyQ If this issue can be temporary solved by going to the system setting - network - filters and disable/enable the ESET Web&Email transparent proxy filter, you might be hitting the same buffer full (overflow?) issue as me. I see this issue even if the machine has not gone to sleep.
Hopefully fixed in upcoming release that should be coming any day now due to missing support for MacOS 14 (Sonoma) in 7.3.3700.
The issue was also present in 7.3.2100.0, but then support told me to downgrade to 6.11.xx or wait for the next version of 7.3.xx

From ESET Support:
"They (developers, my clarification) have reproduced the issue and confirmed that it has been classified as a bug.
The communication that goes through our network system extension causes the extension to fill the buffer and cause the issue.

Unfortunately there is currently no time frame for a fix, but keep an eye on updates as it will be fixed in a future update."
 

Having a very similar issue. Not happening to the few clients I have with V6 still installed only V7.3. Rebooting does not help in my case, I have had to uninstall/reinstall to get it fixed. but after a week or so the issue returns. I have already removed V7.3 from all the Macs having this issue. If another one shows up I will gather logs. Please post the fix

I noticed an update issue with the ESET Cyber Security version 7.3.3700.0 on my Mac. After putting the MacBook to sleep (by closing the lid) for a while, I've noticed that the software fails to update. This is intriguing because when I ping update.eset.com, I get a response, which means there's no issue with my internet connection.
I've tried updating it multiple times without success. However, a simple restart of my MacBook allows ESET to update as usual. This seems to be a recurring problem and I hope ESET team can take a look into this.

New firewall filtering mode:
LiveGrid-based (reputation-based mode): Unlike automatic mode, reputation based mode uses reputation information from the LiveGrid. The firewall automatically allows trusted applications to make outbound connections and notifies users when unknown applications attempt to connect to the Internet.

I just ran my own ad hoc test on how long it takes for Eset to create a signature for a Cobalt Strike beacon.
I found a Cobalt Strike sample that was uploaded to the malware sharing web site on 8/11. Verified on VT that Eset was not detecting the sample with a last analyzed time of 9 hours ago. I also noted that the sample had been previously uploaded to VT on 8/3.
Downloaded the sample and upon archive extraction, Eset real-time detected it;
So sometime in the last 9 hours, Eset created a signature for this Cobalt Strike beacon. Confirmed when I reanalyzed it at VT.
From this test, one can expect a Cobalt Strike signature detection at around 10 days after submission to VT.😱

Still no detection... 🫠

Totally agree.
As far as I know, many free cloud-based sandboxes, like Opentip by Kaspersky, Joesandbox and Threatbook (a Chinese online sandboxing platform), can simulate user interaction (moving mouse, and automatically click buttons) to reveal malicious behavior performed by a sample.
As a paid sandbox, ESET LiveGuard ought to be better than these free products.

If it's that easy to evade LiveGuard then I have to say that LiveGuard seems very basic and ineffective. There are emulators/sandbox out there that can simulate user clicks. There are also malware that tries to fool such sandbox's but countermeasure can be taken to detect such evasion techniques which would indicate that the file is malicious. You can read all about it and much more here:
https://evasions.checkpoint.com/techniques/human-like-behavior.html#check-mouse-movement:~:text=a sample emulation.-,2.2. Check via a request for user interaction,-Some malware samples
It doesn't make much sense to charge premium price for LiveGuard when it can't even do this. LiveGuard would give safe verdict to such samples and users may end up getting infected. Samples marked as safe by LiveGuard probably aren't sent to malware analysts, so till they get their hands on such samples, it's a lost cause. There's a huge room for improvements here for ESET.

ESET creates industry-leading signatures and is good at detecting known ransomware.
But I hope ESET can improve its behavioral blocker or introduce protected folder function to better deal with unknown ransomware.

ESET creates industry-leading signatures and is good at detecting known ransomware.
But I hope ESET can improve its behavioral blocker or introduce protected folder function to better deal with unknown ransomware.

I am on the new Win 11 Dev build from the 3rd March and all was well till today I simply enabled HDR to add Edge to the programs list under Graphics to use my GPU more in Edge and on reboot ESET wants to many things and already has quarantined some and I cannot restore them.
If I did not disable ESET I could not be here on this forum or even open Spotify as it want to delete its exe.
 
 

We have already improved detection of MBR malware by LiveGuard, currently for business products with lowered detection threshold due to clean files modifying MBR. If everything goes well, we could make further adjustments for home users in a few weeks' time.

As per the information on this page (https://support.eset.com/en/kb8336-intel-threat-detection-technology-tdt-supported-processors), it seems that some of the new models of Intel CPU, e.g., i7-13700KF, and i7-12700H, are not TDT supported. However, as advertised, Intel CPU Gen 10 and newer should support Threat Detection Technology.
Why the above new models cannot utilize TDT and will they be supported in the future?

Hello guys,
I may confirm that the distribution of v.16 started via the Auto-updates / uPCU  on Tuesday for users with pre-release updates set
Peter

Two Cobalt Strike Trojan samples were submitted via email but have not been detected so far.
https://www.virustotal.com/gui/file/0e580e784654cfe00a0ad3921fd75a423b34014faed18febdf9d94e9b8eda1f1
https://www.virustotal.com/gui/file/8b941812bf5902399bf45c7f1b59d471ed19e8cf1bb7dccec1779ca0e87c4e9a
The analysis of this kind of "time-sensitive" backdoor Trojan should be prioritized, as delayed analysis and detection might be of no use and value (C2 server might be offline).

New firewall filtering mode:
LiveGrid-based (reputation-based mode): Unlike automatic mode, reputation based mode uses reputation information from the LiveGrid. The firewall automatically allows trusted applications to make outbound connections and notifies users when unknown applications attempt to connect to the Internet.

ESET has added a detection "A Variant Of Generik.NGIZHAK" for it. Too late. Also I don't think this Generik detection is able to cover future variants of this malware.

Yeah, it needs to be analyzed manually.
 
I don't need replies as long as submitted samples get added to the database. Well, I have waited 2 weeks which is long enough. Too long I would say.