Dmitry228
-
Posts
14 -
Joined
-
Last visited
Kudos
-
Dmitry228 gave kudos to Marcos in ESET's keyboard shortcut protection against screen blockers
As far as I know, such LockScreens were popular years ago but they are not common nowadays at all. Moreover, users would have to know the key combination so it would not help typical home users much.
-
Dmitry228 gave kudos to Marcos in Locked task manager, registry editor and so on.
Ok, you're right. We'll add support for cleaning it via a module update soon.
I've tested it with eicar by replacing the default "explorer.exe" value and it was cleaned alright upon detection and cleaning of the eicar file.
-
Dmitry228 gave kudos to TheNikita in Locked task manager, registry editor and so on.
Confirmed, I also disabled the task manager through the registry editor, but ESET is silent and does not see anything
-
Dmitry228 gave kudos to TheNikita in Locked task manager, registry editor and so on.
Another thing I checked: when you change WinLogon (namely "Shell" and "Userinit") ESET also does not see anything and does not fix it.
-
Dmitry228 received kudos from TheNikita in Locked task manager, registry editor and so on.
I had the task manager disabled, but ESET did not find it and did not restore it
-
Dmitry228 gave kudos to TheNikita in Locked task manager, registry editor and so on.
Hello! I have a little question. Does ESET fix problems like locked task manager, disabled registry editor, changed WinLogon and so on? For example, Kaspersky Lab products have a special tool that fixes all this. The product from Dr.Web fixes it during a scan (if it finds it). Does ESET fix similar problems? Thank you in advance!
-
Dmitry228 gave kudos to AnthonyQ in Protection against MBR modification/destruction in ESET
Totally agree.
As far as I know, many free cloud-based sandboxes, like Opentip by Kaspersky, Joesandbox and Threatbook (a Chinese online sandboxing platform), can simulate user interaction (moving mouse, and automatically click buttons) to reveal malicious behavior performed by a sample.
As a paid sandbox, ESET LiveGuard ought to be better than these free products.
-
Dmitry228 gave kudos to TheNikita in Technology for rolling back malicious actions
Okay, thank you! Will this technology be added in the future?
-
Dmitry228 gave kudos to TheNikita in Technology for rolling back malicious actions
Hello! I am interested in one question: Does ESET have a technology to rollback malicious actions of a program (similar to the one in Kaspersky Lab products) whose behavior was deemed as malicious by the deep behavioral check? For example, moving the files created by such a program to quarantine, deleting registry entries associated with it and those created by it, etc. And if there is no such feature, will it be added in the future? Thank you in advance!
-
Dmitry228 gave kudos to AnthonyQ in ESET vs Ransomware
ESET creates industry-leading signatures and is good at detecting known ransomware.
But I hope ESET can improve its behavioral blocker or introduce protected folder function to better deal with unknown ransomware.
-
Dmitry228 gave kudos to SeriousHoax in Protection against MBR modification/destruction in ESET
If it's that easy to evade LiveGuard then I have to say that LiveGuard seems very basic and ineffective. There are emulators/sandbox out there that can simulate user clicks. There are also malware that tries to fool such sandbox's but countermeasure can be taken to detect such evasion techniques which would indicate that the file is malicious. You can read all about it and much more here:
https://evasions.checkpoint.com/techniques/human-like-behavior.html#check-mouse-movement:~:text=a sample emulation.-,2.2. Check via a request for user interaction,-Some malware samples
It doesn't make much sense to charge premium price for LiveGuard when it can't even do this. LiveGuard would give safe verdict to such samples and users may end up getting infected. Samples marked as safe by LiveGuard probably aren't sent to malware analysts, so till they get their hands on such samples, it's a lost cause. There's a huge room for improvements here for ESET.