Jump to content

ESET wouldn't protect you against WannaCry before May12


novice
 Share

Recommended Posts

  • Administrators

ESET has protected unpatched systems from exploiting the CVE-2017-0144 vulnerability since approx. April 25. As for detection of malware samples, we reacted quickly to it and the detection was added in a morning update 15403 (in-memory detection) with file detection following in update 15404.

Link to comment
Share on other sites

That's fine, but wasn't v10 suppose to be better than v8 because a "antiransomware" dedicated module???

If detection has to be "manually" added, what's the benefit of v10???

Link to comment
Share on other sites

For starters, AV-Comparatives didn't test NOD32, it tested Internet Security.

Next, A-V Comparatives has since updated the report to state exactly what @Marcos posted; the exploit has been detected since 4/25/2017. See my posting here: https://forum.eset.com/topic/12007-fyi-av-comparatives-says-eset-internet-security-didnt-protect-against-wannacry/#comment-60322

Finally, MSE did fail the test.

Link to comment
Share on other sites

  • Administrators
3 hours ago, MSE said:

That's fine, but wasn't v10 suppose to be better than v8 because a "antiransomware" dedicated module???
If detection has to be "manually" added, what's the benefit of v10???

V10 is indeed much better. However, including antiransomware does not make it the first perfect solution that would detect 100% of threats and ransomware. If there was a security solution that would detect all threats while keeping the number of false positives very low, it would make no sense to updating security software on a regular basis.

Also see https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/.

 

Link to comment
Share on other sites

The WannaCry ransomware  was , most likely, unknown to all players on the market, yet some of them were able to detect it without "reacting quickly " and adding the required signature.

I fact this is the first "fail" test of the anti-ransomware module of v10.

Both versions, v8 an v10 required a signature update in order to protect against WannaCry  ransomware  .

Link to comment
Share on other sites

  • Administrators

Did you also read https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/? You would have found out that ESET was one of 3 products to have proactively protected against malware exploiting the EternalBlue vulnerability.

WannaCryptor files were gradually blacklisted in LiveGrid on May 12 so running a test with an older engine on an offline computer would not reflect real-world protection of users. Also the fact that we've been reported only 2 cases of files encrypted by WannaCryptor, one of which was from a user with an old Endpoint v5, says something.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...