novice 20 Posted May 29, 2017 Share Posted May 29, 2017 After reading this.... ....I have serious doubts in ESET being able to protect against ransomware. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted May 29, 2017 Administrators Share Posted May 29, 2017 1, Endpoint does not contain the antiransomware feature like v10 for home users does. 2, The Antiransomware feature is not a kind of thing that would magically protect against 100% of ransomware. It's similar to having no security solution that would detect 100% of threats. Therefore education of users matters. 3, When speaking about ransomware and encryption, it's also necessary to take into account that attackers often remote in via RDP, disable AV and then run ransomware manually. Therefore disabling or securing RDP is crucial. Link to comment Share on other sites More sharing options...
novice 20 Posted May 29, 2017 Author Share Posted May 29, 2017 This may be, but 200 PC's???? 1 hour ago, Marcos said: Endpoint does not contain the antiransomware feature like v10 for home users does That' s sad. Business owners have way more to loose in the event of an ransomware attack compared with a home user, so why implement an anti-ransomware module in home version and not in business version is hard to understand. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted May 29, 2017 Administrators Share Posted May 29, 2017 The answer is simple - home users don't have a problem to pick an option if antiransomware detects a suspicious behavior. In a corporate environment, the action must be taken automatically without causing false behavior detections if performed by legitimate applications. We plan to encorporate antiransomware protection to Endpoint v7. Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 30, 2017 Share Posted May 30, 2017 Pertaining to endpoint users, it is assumed that these organizations employ system administrators and IT security personal that perform client device security configurations. This article is a "best practices" recommendation for ransomware protection: https://support.eset.com/kb3433/ This article contains the specific anti-ransomware HIPS rules: http://support.eset.com/kb6119/ Link to comment Share on other sites More sharing options...
novice 20 Posted May 31, 2017 Author Share Posted May 31, 2017 12 hours ago, itman said: Pertaining to endpoint users, it is assumed that these organizations employ system administrators and IT security personal that perform client device security configurations. In other words , you are saying that the Endpoint version is less efficient than "home version", because there is somebody behind to manage it. Seems to me a twisted answer. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted May 31, 2017 Administrators Share Posted May 31, 2017 Home and Endpoint versions never been same in terms of functionalities. Developing antiransomware for corporate environment takes much more time and research than for home users. As I have mentioned, Endpoint must be able to decide about suspicious applications' behavior without user's interaction and reliably, ie. without causing false positives which is more likely to happen in larger networks. Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 31, 2017 Share Posted May 31, 2017 (edited) 10 hours ago, MSE said: In other words , you are saying that the Endpoint version is less efficient than "home version", because there is somebody behind to manage it. Belaboring, endpoint environments often use custom scripts including Powershell scripts. It is one of the primary reasons ransomware is so successful since script execution is allowed and the primary threat vector ransomware uses is malicious scripts. The direct monitoring of ransomware script execution done in the retail versions of Eset can cause major operational issues in a commercial environment. Therefore, system admins need to modify and then thoroughly test all security protections related to ransomware protection mechanisms before they are rolled out in mass to the endpoint client devices. In most cases, a number of existing HIPS rules along with other Eset modifications will have to be performed. Bottom line - in commercial environments, there is "no one rule applies to all" scenario as far as endpoint security solution configuration is concerned. Edited May 31, 2017 by itman Link to comment Share on other sites More sharing options...
Recommended Posts