Jump to content

ESET and ransomware protection


novice
 Share

Recommended Posts

Time to time I check the forum and I am surprised to see people infected by ransomware , even though ESET has a dedicated "Antiransomware module"

The latest case:

 

Rans.jpg

Link to comment
Share on other sites

  • Administrators

I don't find it surprising if attackers manage to remote in via RDP and with admin rights disable protection or uninstall the AV. Speaking about the Ransomware shield, it's only a part of consumer products. As for Endpoint, v7 will be the first version that will have it included.

Link to comment
Share on other sites

@Marcos right now we enable eset livegrid so we are protected against ransomware, right? When v7 gets released, we have eset livegrid + ransomware shield to enable?

Link to comment
Share on other sites

42 minutes ago, sindbad said:

@Marcos right now we enable eset livegrid so we are protected against ransomware, right? When v7 gets released, we have eset livegrid + ransomware shield to enable?

Im not expert as marcos, but it should be sufficient for the current ransomware and future ransomware that have traits or behaviour that similar to existing ransomware if your rdp is not compromise, set uninstallation password to avoid endpoint av from being removed or disable.

Again no AV can ever protect 100% from such ransomware as hacker also human, and they can modified and test their software until it cannot be trace. And even antivirus have it own limitation especially when it came to known OS and Firmware vulnerability that already being patch via OS / Firmware update but user did not patch their system which lead it to be exploit by cyber criminal.

So patch your system keep your AV updated, and educate your user. And even if you practice all of this, you already secured up to 90%, to reach 100% protection is impossible.

Additional Note: I remember seeing somewhere in this forum on somebody ask on how the strengthen their protection with HIPS rules. If the mention step are related with you, you might want to applied it to your HIPS rules. 

Link to comment
Share on other sites

  • Administrators
4 hours ago, sindbad said:

@Marcos right now we enable eset livegrid so we are protected against ransomware, right? When v7 gets released, we have eset livegrid + ransomware shield to enable?

In order to improve protection, besides installing all critical and security patches harden RDP. If it's a network with more computers, consider using VPN, 2FA, etc. Also set a password to protect ESET's settings and enable detection of potentially unsafe applications to prevent possible attackers from running tools that install a driver and with administrator rights they can kill security software and subsequently run ransomware to encrypt files. Most importantly back up important files on a regular basis and keep the backup separate from machines.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...