chrisj 2 Posted October 24, 2017 Share Posted October 24, 2017 With the Fall Creators Update 1709 Microsoft has included an enhanced version of their own Windows Defender product. This apparently has an option to turn on anti-ransomware protection using a feature called "controlled folder access". See this link: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard Is this a "must have" feature or does Eset Smart Security have its own mechanism to give this degree of enhanced protection? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,406 Posted October 24, 2017 Administrators Share Posted October 24, 2017 This seems to be a simple feature that enables only allowed applications to make modifications to selected folders. The same can be accomplished with a HIPS rule. My understanding is that the feature would not protect folders from ransomware that injects into or is run by allowed applications, such as VB scripts. Link to comment Share on other sites More sharing options...
itman 1,789 Posted October 24, 2017 Share Posted October 24, 2017 (edited) Appears the default setting is to deny any access to any controlled folder. [See below Edit] You can add allowed apps but of course if those were hijacked, you could get nailed. If this is true, it should detect any script engine access. As previously stated, you can easily do the same by creating a HIPS "ask" rule for My Documents, etc. to detect any write or delete access and the more apps you create "allow" rules for, the higher the likelihood of getting nailed by ransomware. For example, malware could deliver ransomware using the explorer.exe shell. Note: Win 10 1709 Controlled Folder access only works if Windows Defender is used as your AV. -EDIT- All ransomware has to do is inject one the below noted "safe" apps or run from its shell e.g. explorer.exe: Quote !ImportantBy default, Windows adds apps that it considers friendly to the allowed list - apps added automatically by Windows are not recorded in the list shown in the Windows Defender Security Center app or by using the associated PowerShell cmdlets. Ref.: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard#allow-specifc-apps-to-make-changes-to-controlled-folders Edited October 24, 2017 by itman Link to comment Share on other sites More sharing options...
chrisj 2 Posted October 24, 2017 Author Share Posted October 24, 2017 Thanks for the comments and advice. However, I expect any AV product that I choose to pay for to provide the best possible protection by default rather than expecting the user to have knowledge and understanding of how to create advance settings. If Microsoft is deeming some form of access control as important and Eset is not then I need to ask why? I have no wish to start using Defender and am happy to pay for Eset to help keep my family computers safe but I am looking for reassurance that it will do so by default without me or my wife having any specialist knowledge. I don't mind being asked questions when first installing or updating on an interactive basis but I don't expect to have to be proactive in order to feel secure. Link to comment Share on other sites More sharing options...
itman 1,789 Posted October 24, 2017 Share Posted October 24, 2017 13 minutes ago, chrisj said: If Microsoft is deeming some form of access control as important and Eset is not then I need to ask why? Windows Defender ransomware protection is abysmal as noted in AV Lab tests that specifically tested for ransomware protection effectiveness. This is why MS added the controlled folders protection; a typical Band-Aid security approach they are noted for. Eset has by default anti-ransomware protection as long as LiveGrid is enabled. It is most effective on Win 10 since Eset uses its built-in protections such as AMSI to monitor script execution. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,406 Posted October 24, 2017 Administrators Share Posted October 24, 2017 1 hour ago, chrisj said: If Microsoft is deeming some form of access control as important and Eset is not then I need to ask why? Because we don't want to give users a false sense of security by providing a solution that can be relatively easily circumvented and cause issues for some users at the same time. We use several advanced smart techniques to prevent new borne malware from running in the first place. Link to comment Share on other sites More sharing options...
itman 1,789 Posted October 24, 2017 Share Posted October 24, 2017 @chrisj see my above edited posting. Link to comment Share on other sites More sharing options...
chrisj 2 Posted October 24, 2017 Author Share Posted October 24, 2017 Many thanks for all the feedback. I don't pretend to understand all the technicalities other than to realise that most users will not delve in any detail into all the complexities of the subject. I started off this thread wanting some assurance that I was doing the right thing in sticking with ESET and not considering the "free" option and I am comfortable that I have achieved that. I fully recognise that no solution can ever give a 100% guarantee and the user must always take some responsibility as to what they do on their computers. It is, however, important that products that are considerably customizable, such as the various flavours of ESET, default to a high degree of security as many users will never venture beyond the default settings, let alone understand some of the configuration options offered. Link to comment Share on other sites More sharing options...
Recommended Posts