novice 20 Posted May 18, 2017 Share Posted May 18, 2017 hxxp://weblog.av-comparatives.org/proactive-protection-wannacry-ransomware/ somehow disappointing. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted May 18, 2017 Administrators Share Posted May 18, 2017 ESET has protected unpatched systems from exploiting the CVE-2017-0144 vulnerability since approx. April 25. As for detection of malware samples, we reacted quickly to it and the detection was added in a morning update 15403 (in-memory detection) with file detection following in update 15404. Link to comment Share on other sites More sharing options...
novice 20 Posted May 18, 2017 Author Share Posted May 18, 2017 That's fine, but wasn't v10 suppose to be better than v8 because a "antiransomware" dedicated module??? If detection has to be "manually" added, what's the benefit of v10??? Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 18, 2017 Share Posted May 18, 2017 For starters, AV-Comparatives didn't test NOD32, it tested Internet Security. Next, A-V Comparatives has since updated the report to state exactly what @Marcos posted; the exploit has been detected since 4/25/2017. See my posting here: https://forum.eset.com/topic/12007-fyi-av-comparatives-says-eset-internet-security-didnt-protect-against-wannacry/#comment-60322 Finally, MSE did fail the test. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted May 18, 2017 Administrators Share Posted May 18, 2017 3 hours ago, MSE said: That's fine, but wasn't v10 suppose to be better than v8 because a "antiransomware" dedicated module??? If detection has to be "manually" added, what's the benefit of v10??? V10 is indeed much better. However, including antiransomware does not make it the first perfect solution that would detect 100% of threats and ransomware. If there was a security solution that would detect all threats while keeping the number of false positives very low, it would make no sense to updating security software on a regular basis. Also see https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/. Link to comment Share on other sites More sharing options...
novice 20 Posted May 18, 2017 Author Share Posted May 18, 2017 The WannaCry ransomware was , most likely, unknown to all players on the market, yet some of them were able to detect it without "reacting quickly " and adding the required signature. I fact this is the first "fail" test of the anti-ransomware module of v10. Both versions, v8 an v10 required a signature update in order to protect against WannaCry ransomware . Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted May 19, 2017 Administrators Share Posted May 19, 2017 Did you also read https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/? You would have found out that ESET was one of 3 products to have proactively protected against malware exploiting the EternalBlue vulnerability. WannaCryptor files were gradually blacklisted in LiveGrid on May 12 so running a test with an older engine on an offline computer would not reflect real-world protection of users. Also the fact that we've been reported only 2 cases of files encrypted by WannaCryptor, one of which was from a user with an old Endpoint v5, says something. Link to comment Share on other sites More sharing options...
Recommended Posts