itman 1,659 Posted July 7, 2017 Share Posted July 7, 2017 In regards to this blog posting 'Everything you need to know about the latest variant of Petya,' great article. However, I have a problem with one section: What can I do to stay protected from this threat? You should also block the execution of EXE files within % AppData% and % Temp% Why doesn't the HIPS have a default "ask" rule for same? Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted July 10, 2017 ESET Moderators Share Posted July 10, 2017 Hello ITman, this would cause quite a lot of pop-up inquiries towards end users, what would bother them and not everyone is able to take the right decision in case of such inquiry. There are many applications, which are upgraded automatically and are downloading and running the update packages from temp. Regards, P.R. Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 10, 2017 Author Share Posted July 10, 2017 Hi Peter, My comments where rhetorical in nature since I am well aware of what you posted. Perhaps Eset should clarify in the blog posting what you posted. That is such recommended monitoring of stated directories will indeed cause alerts from valid process activity; especially during installation or updating activities. Or better yet as I have commented in another posting, Eset incorporate logic that allow like activity from valid system processes and fully vetted applications automatically and alert from all other processes. Link to comment Share on other sites More sharing options...
Recommended Posts