ESET Dynamic Threat Defense question...

[schuetzdentalCB 8]

I found a Mail in my inbox with a docx Attachment which is obviously infected with Malware.

This is what Virustotal tells me:

https://www.virustotal.com/#/file/b1ac6a3d54113c316e71fe28f3e92891a620dd29868a7a0620155e3811c70514/detection

This is the ESET Dynamic Threat Defense result...

https://d.edtd.eset.com/details?hash=2F7C8C4FD471416F6FF45836C7F117D85A04AFF6&key=17976036267020717378&lang=de_DE&era_ver=7.0

Its one of thoses (This Document is protected Files which you have to click on to run some Macro Code or redirects you to a webpage)...

I thought ESET Dynamic TD is checking such manually uploaded files by person and not only by some software??

[Marcos 5,074]

Of course the system is fully automatic. It's not that there are engineers waiting for users to upload files via EDTD and analyze them then. In this case, the document doesn't contain any macro but merely contains a dead link to payload.

The fact that a document downloads an external content doesn't make it malicious. If it contained a malicious macro, it would be analyzed in the EDTD sandbox and you would most likely get a verdict that it's malicious.

[schuetzdentalCB 8]

hi,

Quote

The fact that a document downloads an external content doesn't make it malicious. If it contained a malicious macro, it would be analyzed in the EDTD sandbox and you would most likely get a verdict that it's malicious.

i see.

Quote

It's not that there are engineers waiting for users to upload files via EDTD and analyze them then

that's what i thought. 

thank you