Decker2124
-
Posts
11 -
Joined
-
Last visited
Kudos
-
Decker2124 gave kudos to rotaru in ESET Home fails ransomware test
Every time when ESET is being criticized for one thing or another, laborious explanations are provided.
Never seen an acknowledgment......
-
Decker2124 gave kudos to Marcos in ESET Home fails ransomware test
Please read my replies above. Why weren't all AVs on the same start line, and why was ESET "tested" months before the other AVs? Also the behavior of the sample was not typical of standard ransomware; it encrypted files only in the current folder, whereas actual ransomware typically walks through folders and encrypts files.
Last but not least, has ESET ever failed to protect you from actual ransomware?
-
Decker2124 gave kudos to MarcFL in ESET Home fails ransomware test
I agree. Zero-Day Ransomware is statistically the #1 threat after Phishing which Eset handles well. Eset MUST improve malicious behavior detection.
-
Decker2124 gave kudos to QuickSilverST250 in ESET Home fails ransomware test
This i would say is a weakness from eset. There are no "rules" when it comes to threat actors. Adversaries will find any way to avoid detections. Bitdefender and Kaspersky detected this and avoided the problem. To say this is not "real world" is no reason for eset not to detect this. What wasn't real world a year ago is real world today. Ever changing landscape. To be fair, it would submit the sample and hopefully get rated as malicious and shortly after protecting other endpoints.
-
Decker2124 gave kudos to cofer123 in ESET Home fails ransomware test
Because they have tested ESET Internet Security, which doesn't have LiveGuard, but still has (or should have) behavior detection, which didn't work on this sample.
-
Decker2124 gave kudos to ichkriegediekriese in ESET Home fails ransomware test
If LifeGuard is the important feature here the elephant in the room is why it is not "on" by default? - I have sincere dounts that the PCSC turned it off manually.
-
Decker2124 gave kudos to Marcos in ESET Home fails ransomware test
Of course not, please read more about various ESET technologies that are employed: https://www.eset.com/int/about/technology/. Nowadays no AV depends on blocking hashes.
By the way, not sure if I overlooked it but I did not find the date and time when ESET was updated. With at least 2 other products it was clearly in October but with ESET we can only see that the file was created on May 29, ie. one day before the detection was added.
As I have already mentioned, this file encrypts files only in the current folder from which it was run. It does not walk through other folders like other actual ransomware which might account for why it was not detected by the Ransomware shield prior to adding the detection.
For instance, you can use traditional compressors and packers to craft a trivial ransomware which will move existing files into password protected archives most likely without being detected by any AV.
-
Decker2124 gave kudos to f4ust in ESET Home fails ransomware test
Now what you're saying is quite interesting for me. Does that mean ESET is detecting based on virus hashes?
It would be weird for an anti-virus to detect a virus from a hash, not to make detection deeper and see what it actually does.
-
Decker2124 gave kudos to AZ Tech in ESET Home fails ransomware test
Based on my previous experience and tests I conducted myself, I have found that ESET excels in signature detection and web protection.
However, in the area of behavior-based detection, it seems to lag behind other solutions, which is concerning.
I understand that the representatives in this forum, including ESET employees, may be limited in what they can acknowledge due to company policy.
Nevertheless, as a paying customer, it can be frustrating when the responses seem to sidestep valid concerns rather than address them directly.
I believe that if ESET were to focus on improving its behavior-based detection capabilities, rather than defending shortcomings, it would not only enhance the product but also strengthen trust with its customer base.
This shift in focus would benefit both the company and its users.
-
Decker2124 gave kudos to Marcos in ESET Home fails ransomware test
Regardless of this sample, it's a fact that there's nothing like 100% detection and protection with little FPs.
Making conclusions based on a sample that we don't have and cannot test to find out what exactly it does is impossible. I've searched for this file name but such file has not been submitted to LiveGrid which makes me deduce the user probably had the ESET LiveGrid feedback system turned off. As a result, not all detection/protection mechanisms in the ESET Ransomware shield would be employed. Unfortunately we don't have the SHA1/SHA256 of the file so we cannot analyze it and comment on it further unless we get the sample.
Last but not least, in a real-world scenario with ESET LiveGuard mentioned by itman, the sample would have been likely submitted for a cloud analysis upon download from the Internet and its execution would have been postponed until the result of the analysis was known.
-
Decker2124 gave kudos to Marcos in ESET Home fails ransomware test
I think I have found it, however, I had to pause protection in order to test it and avoid detection:
With protection enabled:
The detection was added on May 30 when it was blocked also in LiveGrid. The only explanation I can think of is that the user tested a different file or before the detection was added. So until we know its hash or get the sample, it's impossible to comment on it. I'd also point out that only files in the folder from which it was executed were encrypted, ie. it doesn't go through all folders like typical ransomware.