Jump to content

BALTAGY

ESET Insiders
  • Content Count

    142
  • Joined

  • Last visited

  • Days Won

    6

BALTAGY last won the day on September 17

BALTAGY had the most liked content!

1 Follower

Profile Information

  • Gender
    Male
  • Location
    Please select

Recent Profile Visitors

2,273 profile views
  1. I know this KB, but for example "STOP (DJVU)" ransomware run from user appdata or user temp folder with file name like xxx.tmp.exe So if i can create a HIPS rule to protect all files from being edited from any exe in temp folder, that will help to protect the files I know i can get a few warnings from legitimate files in user appdata but i can keep the files safe
  2. I think HIPS can be used for more protection vs ransomware, also giving users a choice to create a rules they want like what i want to do is better
  3. Also why ESET not use a rule like this with a trusted exe files list to be used a protection like WD ?
  4. Well that's what i'm asking why HIPS don't allow me to make a rule for any exe in a location like appdata ? i will never know the ransomware name but if i can choose any exe in TEMP folder for example i can get a warning to accept or deny the changes
  5. Here's what i want to do in the pic's, i want ESET to detect any exe in appdata and any folder inside for example then prevent them from writing to any files in other drives
  6. I did choose the files since i want to protect other files in other drives
  7. I think this message is right since i must choose an app exe, i just tested and i can run an app from appdata and edit files in other drives
  8. This one means any exe in appdata in all users ? Edit got the same error I think you did understand us wrong, i want ESET to detect any exe in a location like appdata folder then prevent them from editing any files in other drives
  9. Using Users\XXXX\AppData\* or Users\XXXX\\AppData\* gives error "User rules file contains invalid data"
  10. Can you let me know how this rule can be created, i tried to use Users\XXXX\AppData\*.* but i got error since i must choose an app exe or all applications
  11. While choosing a folder with ESET it should add *.* by default Also if they added ability to choose a folder that contain some exe files to be used in HIPS like if i add temp folder and any exe will be created inside can't do any changes to files, that will be great to stop ransomware
  12. Also it will be great to have an option to add a folder that contain exe files For example i like to add all exe files in temp folder and prevent it from writing to files in other drives, i think it can be a good protection for Ransomware ?
  13. Tested it in E drive it's working when i add E:\*.* or choosing the file But using E:\ only don't work even ESET say it's blocked but it's not same on Desktop That was the problem, using ESET to choose a drive or folder don't add *.* and you will be asked or you will see in logs that it's auto blocked but it's not
  14. Hi, I tried to prevent any program from editing files on desktop as a test, so created HIPS rule to prevent any app to write or delete files on desktop location I get the warning and i choose block but still the file get renamed and i can edit it and save it even if i tell HIPS to auto block any changes Not sure if it's HIPS problem or something i did wrong ? i did test it in Vmware as a clean install Thanks
  15. Shouldn't ESET scan any running process ? also in startup shouldn't ESET scan any exe/process that run ?
×
×
  • Create New...