Ransomware Protection

[skroz 0]

Does the latest iteration of business class eset endpoint and business suite have real time ransomware protection, similar to your consumer product 'Ransomware Shield'?

Edited December 19, 2016 by skroz
spelling

[Marcos 5,070]

Endpoint v6 has ransomware protection improved compared to Endpoint v5, however, it's not as effective as Ransomware protection in home version 10. The reason is that Ransomware protection asks the user for an action if a suspicious behavior has been detected which is not something that would be desired in larger networks where the AV has to work autonomously without user's interaction. We'll see how it will evolve over time.

[iouliaflokali 0]

okey

[tmuster2k 22]

On 12/19/2016 at 0:52 PM, Marcos said:

Endpoint v6 has ransomware protection improved compared to Endpoint v5, however, it's not as effective as Ransomware protection in home version 10. The reason is that Ransomware protection asks the user for an action if a suspicious behavior has been detected which is not something that would be desired in larger networks where the AV has to work autonomously without user's interaction. We'll see how it will evolve over time.

Hey Marcos. What are the specifics of "Endpoint 6 has ransomware protection improved compared to Endpoint V5"?

[jimwillsher 65]

Not sure I agree with the comment "which is not something that would be desired in larger networks where the AV has to work autonomously without user's interaction "

I'd far rather have the best possible protection, even if it dd mean displaying a huge message on the user's computer, regardless of if I were managing 10 computers or 1000 (I've worked in both environments).

[Marcos 5,070]

6 hours ago, tmuster2k said:

Hey Marcos. What are the specifics of "Endpoint 6 has ransomware protection improved compared to Endpoint V5"?

Endpoint v6 can detect suspicious encryption-like behavior and trigger a memory scan to detect and clean possible malware. As of v10 EAV/EIS/ESSP (home versions), ransomware protection is more strict and a window with action selection is displayed when a suspicious behavior has been detected.

[MiKe-Dee 0]

I followed ESET's instructions on how to protect from ransomware in detail through Remote Administrator and also implemented the respective proposed policies through Windows Server. I recently discovered RanSim a program that performs ransomware attacks virtually in order to check how secure is your workstation. Unfortunately out of 10 threats, none was neutralized from Endpoint Security. I tried a couple of free ransomware antimalware software and almost 3 to 7 out of 10 were neutralized.

I am very worried of how this subject is being dealt, I am not interested in spending more money in order to deal only with ransomware at all my environment's workstations but I will if a comprehensive and global solution won't be implemented in Business licenses.

So, the question is: is something cooking for Endpoint Security or should I buy an antimalware software on top of my existing protection?

[Marcos 5,070]

Ransom doesn't perform ransomware attacks. As I wrote, ESET does not detect innocuous applications that do not do any harm as malware. As a part of ransomware protection and to prevent false positives, ESET also scans the application's code in memory. If it does not appear malicious and the application is not detected by a signature either, it won't be blocked. RanSim does not tell anything about how well a particular AV protects against Filecoders. As a result, programs that pass RanSim may be more prone to malicious file encryption than programs that fail the "tests".

Needless to say that RanSim shows malware authors what kind of techniques they should evade to get around particular behavior detections of particular protection software.