Jump to content
novice

Can anyone post...

Recommended Posts

....a screenshot of ESET blocking a ransomware based on HIPS / behavior and NOT based on signature????

Just out of curiosity, never seen one....

Thanks!

Share this post


Link to post
Share on other sites

Is it a full moon or something ???

You are like a dog with a bone ................ Nobody is stupid enough to run known ransomware just to provide you with a "Screenshot".

That's just like drinking poison to see if its strong enough ☠️

Edited by cyberhash
1

Share this post


Link to post
Share on other sites

It is possible to test it by yourself , all you need to do is create a Virtual Machine and install Windows XP or your desired operating system whether it was 10 or XP , install ESET , isolate it from the network (not connected to your physical PC) , Get a ransomware , infect your machine , see if ESET blocks it or not.

I found this : https://www.knowbe4.com/ransomware-simulator

Edited by Rami

Share this post


Link to post
Share on other sites

VM or not ............

"Get a ransomware , infect your machine , see if ESET blocks it or not "

Really good advice on a public forum 👎

Share this post


Link to post
Share on other sites
40 minutes ago, cyberhash said:

VM or not ............

"Get a ransomware , infect your machine , see if ESET blocks it or not "

Really good advice on a public forum 👎

Well if you don't know what you are doing , don't do it, and that's the way to test an antivirus , you get a testing environment which can be physical or virtual , and you do test things on it.

You go with Virtual because it's easier to manage , or go back to snapshots and etc

It's not crazy to get a ransomware on an empty machine , that ESET might block it or not , both ways you have nothing to lose because it's an empty machine made for testing, and not your personal computer or your job computer.

Well it's not religion where you pray to be protected , it's different here , you can't know if your AV is working unless you put it under the test , which what novice wants, if you don't know how to manage a virtual machine or test your AntiVirus please keep your words to yourself because they are useless.

The 'super' videos you see on YouTube or the testing videos that get posted by Marcos , they are all done in Virtual Machines , If you don't know how to test or manage a Virtual Machine , just don't do it , and don't annoy me with your pointless reply.

It's explained/more detailed here on how to set up a virtual machine and test your AV , https://malwaretips.com/threads/how-to-set-up-vm-for-malware-testing-my-method.40159/ and here : https://blog.storagecraft.com/how-to-optimize-vm-malware-testing/

Again if you don't know what you are doing , Please don't do it , and do it on your own RISK , I am not responsible for anything.

Testing machines should be ISOLATED from the HOST machine.

Edited by Rami

Share this post


Link to post
Share on other sites
3 hours ago, cyberhash said:

Nobody is stupid enough to run known ransomware

If it is a "known" ransomware , will be detected by signature . What I asked is for a ransomware detected by HIPS / behavior / anti ransomware shield.

So , cool down!!!

Share this post


Link to post
Share on other sites
1 hour ago, Rami said:

Well if you don't know what you are doing

It is not that he doesn't know what is he doing , but it seems like he doesn't even know what are you talking about...

Running a live malware in a VM is a standard procedure with ZERO risks.

Share this post


Link to post
Share on other sites
8 minutes ago, novice said:

It is not that he doesn't know what is he doing , but it seems like he doesn't even know what are you talking about...

Running a live malware in a VM is a standard procedure with ZERO risks.

Easy solution .............

If its risk free and so easy then do it yourself and don't request it from other people on a forum.

Share this post


Link to post
Share on other sites
15 minutes ago, cyberhash said:

If its risk free and so easy then do it yourself and don't request it from other people on a forum.

Did you, at least, read my post???? Told you I never seen ESET blocking a "never seen before" ransomware , based on HIPS /behavior  or its anti-ransomware shield.

Once a signature is created  each and every antivirus will detect that ransomware ; the point is to see a signature-less detection based on the mechanisms mentioned above.

 

Edited by novice

Share this post


Link to post
Share on other sites
1 minute ago, novice said:

Did you, at least, read my post???? Told you I never seen ESET blocking a "never seen before" ransomware , based on HIPS /behavior  or its anti-ransomware shield.

Once a signature is created  each and every antivirus will detect that ransomware ; the point is to see a signature less detection based on the mechanisms mentioned above.

 

I have read the past dozen threads you have started regarding HIPS. Which is why i made the comment about being like a "dog with a bone".
You have been given plenty of explanations as to how HIPS works, but after a few days you post the same or similar thing again.

Your average user here does not :

A) Have sole access to only the HIPS modules/components that ESET uses in its products to be able to test and simulate what you are looking for.

B) Actively go looking for "Never Seen Before" Ransomware to run and provide you with a screenshot.

C) Buy something to switch it off or break it ........ Like buying a car and taking 3 wheels off to see if it still works

There is NO option of only installing the "HIPS part of your ESET product when you run the installer". Plus the HIPS module is regularly updated too so it's also not a static part of the product.


@Rami , the above also applies when using a VM or not . So if my "pointless reply annoys you"  it's not me who does not understand things.

 

Share this post


Link to post
Share on other sites

This question has already been answered before and I also demonstrated HIPS based behavior-based detection of a brand new Filecoder not yet covered by standard detection, ie. not detected by real-time nor on-demand scanners. Ransomware shield, Advanced Memory Scanner and Exploit Blocker are behavior-triggered protection features.

What's more, Behavior Monitor, another HIPS-based behavior-based protection feature, has been included in v12.1 beta with Augur, a local machine learning module, to follow this year.

Behavior monitors is no magic at all. Otherwise you could leave the security software run not updated for ages and it would detected 100% malware without any false positive. Unfortunately, there's nothing like that in the real world. Any security software needs to be updated on a regular basis in order to cover new threats regardless of how good behavior blocker it has.

Since everything has been said in this and in the previous topic with the demonstration video, we'll draw this topic to a close.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×