Jump to content

ESET Dynamic Threat Defense question...


Recommended Posts

I found a Mail in my inbox with a docx Attachment which is obviously infected with Malware.

This is what Virustotal tells me:

https://www.virustotal.com/#/file/b1ac6a3d54113c316e71fe28f3e92891a620dd29868a7a0620155e3811c70514/detection

This is the ESET Dynamic Threat Defense result...

https://d.edtd.eset.com/details?hash=2F7C8C4FD471416F6FF45836C7F117D85A04AFF6&key=17976036267020717378&lang=de_DE&era_ver=7.0

Its one of thoses (This Document is protected Files which you have to click on to run some Macro Code or redirects you to a webpage)...

I thought ESET Dynamic TD is checking such manually uploaded files by person and not only by some software??

Link to comment
Share on other sites

  • Administrators

Of course the system is fully automatic. It's not that there are engineers waiting for users to upload files via EDTD and analyze them then. In this case, the document doesn't contain any macro but merely contains a dead link to payload.

The fact that a document downloads an external content doesn't make it malicious. If it contained a malicious macro, it would be analyzed in the EDTD sandbox and you would most likely get a verdict that it's malicious.

Link to comment
Share on other sites

hi,

Quote

The fact that a document downloads an external content doesn't make it malicious. If it contained a malicious macro, it would be analyzed in the EDTD sandbox and you would most likely get a verdict that it's malicious.

i see.

Quote

It's not that there are engineers waiting for users to upload files via EDTD and analyze them then

that's what i thought. :D

thank you :)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...