novice 20 Posted January 13, 2019 Posted January 13, 2019 ....a screenshot of ESET blocking a ransomware based on HIPS / behavior and NOT based on signature???? Just out of curiosity, never seen one.... Thanks!
Most Valued Members cyberhash 201 Posted January 13, 2019 Most Valued Members Posted January 13, 2019 (edited) Is it a full moon or something ??? You are like a dog with a bone ................ Nobody is stupid enough to run known ransomware just to provide you with a "Screenshot". That's just like drinking poison to see if its strong enough ☠️ Edited January 13, 2019 by cyberhash 1 Nevi and TomFace 2
Most Valued Members Nightowl 206 Posted January 13, 2019 Most Valued Members Posted January 13, 2019 (edited) It is possible to test it by yourself , all you need to do is create a Virtual Machine and install Windows XP or your desired operating system whether it was 10 or XP , install ESET , isolate it from the network (not connected to your physical PC) , Get a ransomware , infect your machine , see if ESET blocks it or not. I found this : https://www.knowbe4.com/ransomware-simulator Edited January 13, 2019 by Rami
Most Valued Members cyberhash 201 Posted January 13, 2019 Most Valued Members Posted January 13, 2019 VM or not ............ "Get a ransomware , infect your machine , see if ESET blocks it or not " Really good advice on a public forum 👎
Most Valued Members Nightowl 206 Posted January 13, 2019 Most Valued Members Posted January 13, 2019 (edited) 40 minutes ago, cyberhash said: VM or not ............ "Get a ransomware , infect your machine , see if ESET blocks it or not " Really good advice on a public forum 👎 Well if you don't know what you are doing , don't do it, and that's the way to test an antivirus , you get a testing environment which can be physical or virtual , and you do test things on it. You go with Virtual because it's easier to manage , or go back to snapshots and etc It's not crazy to get a ransomware on an empty machine , that ESET might block it or not , both ways you have nothing to lose because it's an empty machine made for testing, and not your personal computer or your job computer. Well it's not religion where you pray to be protected , it's different here , you can't know if your AV is working unless you put it under the test , which what novice wants, if you don't know how to manage a virtual machine or test your AntiVirus please keep your words to yourself because they are useless. The 'super' videos you see on YouTube or the testing videos that get posted by Marcos , they are all done in Virtual Machines , If you don't know how to test or manage a Virtual Machine , just don't do it , and don't annoy me with your pointless reply. It's explained/more detailed here on how to set up a virtual machine and test your AV , https://malwaretips.com/threads/how-to-set-up-vm-for-malware-testing-my-method.40159/ and here : https://blog.storagecraft.com/how-to-optimize-vm-malware-testing/ Again if you don't know what you are doing , Please don't do it , and do it on your own RISK , I am not responsible for anything. Testing machines should be ISOLATED from the HOST machine. Edited January 13, 2019 by Rami
novice 20 Posted January 13, 2019 Author Posted January 13, 2019 3 hours ago, cyberhash said: Nobody is stupid enough to run known ransomware If it is a "known" ransomware , will be detected by signature . What I asked is for a ransomware detected by HIPS / behavior / anti ransomware shield. So , cool down!!!
novice 20 Posted January 13, 2019 Author Posted January 13, 2019 1 hour ago, Rami said: Well if you don't know what you are doing It is not that he doesn't know what is he doing , but it seems like he doesn't even know what are you talking about... Running a live malware in a VM is a standard procedure with ZERO risks.
Most Valued Members cyberhash 201 Posted January 13, 2019 Most Valued Members Posted January 13, 2019 8 minutes ago, novice said: It is not that he doesn't know what is he doing , but it seems like he doesn't even know what are you talking about... Running a live malware in a VM is a standard procedure with ZERO risks. Easy solution ............. If its risk free and so easy then do it yourself and don't request it from other people on a forum.
novice 20 Posted January 13, 2019 Author Posted January 13, 2019 (edited) 15 minutes ago, cyberhash said: If its risk free and so easy then do it yourself and don't request it from other people on a forum. Did you, at least, read my post???? Told you I never seen ESET blocking a "never seen before" ransomware , based on HIPS /behavior or its anti-ransomware shield. Once a signature is created each and every antivirus will detect that ransomware ; the point is to see a signature-less detection based on the mechanisms mentioned above. Edited January 13, 2019 by novice
Most Valued Members cyberhash 201 Posted January 13, 2019 Most Valued Members Posted January 13, 2019 1 minute ago, novice said: Did you, at least, read my post???? Told you I never seen ESET blocking a "never seen before" ransomware , based on HIPS /behavior or its anti-ransomware shield. Once a signature is created each and every antivirus will detect that ransomware ; the point is to see a signature less detection based on the mechanisms mentioned above. I have read the past dozen threads you have started regarding HIPS. Which is why i made the comment about being like a "dog with a bone". You have been given plenty of explanations as to how HIPS works, but after a few days you post the same or similar thing again. Your average user here does not : A) Have sole access to only the HIPS modules/components that ESET uses in its products to be able to test and simulate what you are looking for. B) Actively go looking for "Never Seen Before" Ransomware to run and provide you with a screenshot. C) Buy something to switch it off or break it ........ Like buying a car and taking 3 wheels off to see if it still works There is NO option of only installing the "HIPS part of your ESET product when you run the installer". Plus the HIPS module is regularly updated too so it's also not a static part of the product. @Rami , the above also applies when using a VM or not . So if my "pointless reply annoys you" it's not me who does not understand things.
Administrators Marcos 5,468 Posted January 13, 2019 Administrators Posted January 13, 2019 This question has already been answered before and I also demonstrated HIPS based behavior-based detection of a brand new Filecoder not yet covered by standard detection, ie. not detected by real-time nor on-demand scanners. Ransomware shield, Advanced Memory Scanner and Exploit Blocker are behavior-triggered protection features. What's more, Behavior Monitor, another HIPS-based behavior-based protection feature, has been included in v12.1 beta with Augur, a local machine learning module, to follow this year. Behavior monitors is no magic at all. Otherwise you could leave the security software run not updated for ages and it would detected 100% malware without any false positive. Unfortunately, there's nothing like that in the real world. Any security software needs to be updated on a regular basis in order to cover new threats regardless of how good behavior blocker it has. Since everything has been said in this and in the previous topic with the demonstration video, we'll draw this topic to a close.
Recommended Posts