I have serious doubts in ESET anti-ransomware module

[novice 20]

After reading this....

....I have serious doubts in ESET being able to protect against ransomware.

[Marcos 5,259]

1, Endpoint does not contain the antiransomware feature like v10 for home users does.

2, The Antiransomware feature is not a kind of thing that would magically protect against 100% of ransomware. It's similar to having no security solution that would detect 100% of threats. Therefore education of users matters.

3, When speaking about ransomware and encryption, it's also necessary to take into account that attackers often remote in via RDP, disable AV and then run ransomware manually. Therefore disabling or securing RDP is crucial.

[novice 20]

This may be, but 200 PC's????

1 hour ago, Marcos said:

Endpoint does not contain the antiransomware feature like v10 for home users does

That' s sad.

Business owners have way more to loose in the event of an ransomware attack compared with a home user, so why implement an anti-ransomware module in home version and not in business version is hard to understand.

[Marcos 5,259]

The answer is simple - home users don't have a problem to pick an option if antiransomware detects a suspicious behavior. In a corporate environment, the action must be taken automatically without causing false behavior detections if performed by legitimate applications.

We plan to encorporate antiransomware protection to Endpoint v7.

[itman 1,746]

Pertaining to endpoint users, it is assumed that these organizations employ system administrators and IT security personal that perform client device security configurations. 

This article is a "best practices" recommendation for ransomware protection: https://support.eset.com/kb3433/

This article contains the specific anti-ransomware HIPS rules: http://support.eset.com/kb6119/

[novice 20]

12 hours ago, itman said:

Pertaining to endpoint users, it is assumed that these organizations employ system administrators and IT security personal that perform client device security configurations. 

In other words , you are saying that the Endpoint version is less efficient than "home version", because there is somebody behind  to manage it.

Seems to me a twisted answer.

 

[Marcos 5,259]

Home and Endpoint versions never been same in terms of functionalities. Developing antiransomware for corporate environment takes much more time and research than for home users. As I have mentioned, Endpoint must be able to decide about suspicious applications' behavior without user's interaction and reliably, ie. without causing false positives which is more likely to happen in larger networks.

[itman 1,746]

10 hours ago, MSE said:

In other words , you are saying that the Endpoint version is less efficient than "home version", because there is somebody behind  to manage it.

Belaboring, endpoint environments often use custom scripts including Powershell scripts. It is one of the primary reasons ransomware is so successful since script execution is allowed and the primary threat vector ransomware uses is malicious scripts.

The direct monitoring of ransomware script execution done in the retail versions of Eset can cause major operational issues in a commercial environment. Therefore, system admins need to modify and then thoroughly test all security protections related to ransomware protection mechanisms before they are rolled out in mass to the endpoint client devices. In most cases, a number of existing HIPS rules along with other Eset modifications will have to be performed.

Bottom line - in commercial environments, there is "no one rule applies to all" scenario as far as endpoint security solution configuration is concerned.

 

Edited May 31, 2017 by itman