Reza Shamsudin 2 Posted July 22, 2017 Share Posted July 22, 2017 Sometimes, "whitelisting program" (for example Vodoo Shield) do a good job in blocking Viruses. The picture below was taken yesterday, while my Eset Internet Security was failed to detect the "Trojan" even in virustotal.com told EsetNod32 detected it. Link to comment Share on other sites More sharing options...
Reza Shamsudin 2 Posted July 22, 2017 Author Share Posted July 22, 2017 I have already done submit the "trojan" sample to Eset yesterday. Below the information said EsetNod32 detected it. But not with my Eset Internet Security. Link to comment Share on other sites More sharing options...
Reza Shamsudin 2 Posted July 22, 2017 Author Share Posted July 22, 2017 My Eset Internet Security Update version. Link to comment Share on other sites More sharing options...
Reza Shamsudin 2 Posted July 22, 2017 Author Share Posted July 22, 2017 On 7/20/2017 at 1:46 AM, Marcos said: So you would like to ask user to allow access for word.exe or excel.exe if he or she wants to open a document from a protected folder? I was talking about protection from ransomware that injects into legitimate processes so the path to the executable will be standard and the file will have good reputation even if the malware injected in it could do malicious actions, such as encryption. The main reason for "Folder Protection" suggestion was to protect our previous/old data that we don't use it frequently. If Eset won't put this functionality soon Avast, Bitdefender will having more customers other than Eset itself. Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 22, 2017 Share Posted July 22, 2017 (edited) A few comments about the issue of hd.sentinel.pro.4.x-patch.exe detection. The VT analysis shows that NOD32 detects it as a potentially unsafe application(PUA). As such, neither NOD32 or Smart Security would have detected this status until the .exe was actually executed. Did you actually try to execute it with Smart Security? If you did execute it and it was not detected, did you verify in the Eset GUI Antivirus Scanner settings that all the following settings are check marked? Enable detection of : potentially unwanted applications potentially unsafe applications suspicious applications Edited July 22, 2017 by itman Link to comment Share on other sites More sharing options...
Reza Shamsudin 2 Posted July 22, 2017 Author Share Posted July 22, 2017 12 minutes ago, itman said: A few comments about the issue of hd.sentinel.pro.4.x-patch.exe detection. The VT analysis shows that NOD32 detects it as a potentially unsafe application(PUA). As such, neither NOD32 or Smart Security would have detected this status until the .exe was actually executed. Did you actually try to execute it with Smart Security? If you did execute it and it was not detected, did you verify in the Eset GUI Antivirus Scanner settings that all the following settings are check marked? Enable detection of : potentially unwanted applications potentially unsafe applications suspicious applications Enable detection of : potentially unwanted applications potentially unsafe applications suspicious applications Done, of course above option was selected itman. I use my Eset Internet Security. Not Smart Security anymore. Link to comment Share on other sites More sharing options...
Reza Shamsudin 2 Posted July 22, 2017 Author Share Posted July 22, 2017 I did not execute it yet. Just scan it with the option above is ON. Anyway don't worry, Antivirus is still made by human being. It have some flaws too. I already submit the sample to Eset. Just waiting for the latest definition Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 22, 2017 Share Posted July 22, 2017 2 minutes ago, Reza Shamsudin said: I did not execute it yet. The way Eset works in regards to a PUA is to remove and quarantine the "offending" parts of installation and leave the rest proceed thereby allowing for the app to be used if possible. VoodooShield used the "hatchet approach" and just blocked the entire installation. Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 22, 2017 Share Posted July 22, 2017 (edited) On 7/22/2017 at 4:49 PM, Reza Shamsudin said: Just scan it with the option above is ON. This is for general information. The .exe in question can best be described as a "proprietary" installer. What developers do is pack all their installation files along with an extractor .exe into a single executable. When this file runs it in turn runs the extractor program which first unpacks all the files and then stores them in the proper directories on your system. Because all the source files are packed in a proprietary format, AV scanners on download cannot unpack those files to scan them via signature detection as they can do against files created by public domain archiving programs create like .zip, .rar, etc.. Therefore, AV scanners have to wait until the installer is run to scan the files as they are unpacked. Eset employs its heuristic scanner for this processing which sandboxes anything the installer is extracting preventing any installation and execution of those files until they have been signature scanned. What NOD32 detected on VT was one of .exe's within the application as a potentially unsafe application I believe. VoodooShield on the other hand does not use signatures but machine learned rules and the like. When a file is downloaded, it immediately executes it in its sandbox and makes a "good ,maybe OK, or bad" determination on the application overall. -EDIT- This determination is also conditioned by submitting the file to VirusTotal for a manual scan by all the AV product engines listed there. This is in all likelihood how the .exe file was determined to be malicious. Eset on the other hand and as previously noted can differentiate between the good and bad processes within the application and only allow the good processes to be installed. This in effect allows the user to use the application but exclude its undesirable features such as adware and the like. Edited July 24, 2017 by itman Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 23, 2017 Share Posted July 23, 2017 (edited) One other comment about this hd.sentinel.pro.4.x-patch.exe file you downloaded. Appears you wanted to download the portable version of HD Sentinel Pro? Portable versions are downloaded in a compressed file format e.g. .zip, .rar, etc. and the file "extracted" to a new folder in the download directory. The extracted folder contents contain all the files need to run the application without making any system area modifications. The file you downloaded was a .exe which was a clear indication that something was not right with your download. Edited July 23, 2017 by itman Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 23, 2017 Share Posted July 23, 2017 (edited) Downloading software "cracker's" BTW is always a bad idea as noted in this Microsoft write up: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool:Win32/Patch Also in the event you do get hacked by such a download, many security forums will refuse to help you in mitigation efforts. Edited July 23, 2017 by itman Link to comment Share on other sites More sharing options...
Reza Shamsudin 2 Posted August 5, 2017 Author Share Posted August 5, 2017 TQ Itman for the details & explanation. Yes it's a bad idea to download the cracked software. But it's for the testing purposed only. Some of the users out there, suggest all of the computer users to use the Hard Disk Sentinel (of course pirated one). So I try to download & checkup the pirated/cracked software is it safe or else. And yes the result already told me, it's unsafe. So this kind of result I need to tell the computer users, advising them DO NOT TRYING TO INSTALL the pirated/cracked software on their PC's. Link to comment Share on other sites More sharing options...
Recommended Posts