Eset Uninstalled by itself

[Kensalem 0]

Sometime within the last 7 days, my Eset Smart Security was uninstalled.  I don't have any record in my event log.  The icons were still there but the install folder was empty, and the registry keys were still there.  I needed to use the Eset uninstaller to remove them for re-install.  Eset was up to date within the last 7 days of this post.

[Marcos 5,070]

ESET can never uninstall itself. Do you happen to know what version you had installed? Were you offered an upgrade to a newer program version when it happened?

[itman 1,659]

When it comes to malware, the statement "never say never" applies. At this point, I would say its theoretically possible.

Let's use an attempt to delete C:\Program Files\ESET\ESET Security directory. That is blocked because system privileges are required. So how do I gain system privileges? One such way is shown here using Win trusted processes: https://purplesec.us/privilege-escalation-attacks/ ; namely Win Sticky Keys and PsExec, or the pen test tool Process Injector.

My question is why Eset HIPS via a built in rule does not detect the attempted directory delete attempt?

Edited January 10, 2020 by itman

[Marcos 5,070]

Trolling and personal attacks are against this forum's rules. Please refrain from attacking the others and creating new accounts after banning your previous account.

Irrelevant posts have been hidden.

[itman 1,659]

Another possibility is a new variant of AVCrypt ransomware is lurking around:

Quote

It next sends a query to Windows Security Center in order to see if an antivirus program is registered. Via the Windows Management Instrumentation Command-line (WMIC) utility, it attempts to remove antivirus programs.

https://securethoughts.com/avcrypt-unleashed-virus-renders-pcs-open-attack/

It ran this command;

wmic product where name=”ESET Security” call uninstall /nointeractive | && (shutdown /a)

The uninstall failed somewhere in process but succeeded in deleting the Eset directory.

[nhetrick 0]

i installed ESET and a week later I was hacked. It cost me $200 to get the mess straightened out.  What good does it do to have this product if it's not going to protect you!!!  I'm cancelling ESET as it didn't do me any good!  So much for paying for a program that didn't do me any good!!

[Marcos 5,070]

3 hours ago, nhetrick said:

i installed ESET and a week later I was hacked. It cost me $200 to get the mess straightened out.  What good does it do to have this product if it's not going to protect you!!!  I'm cancelling ESET as it didn't do me any good!  So much for paying for a program that didn't do me any good!!

First of all, installing an antivirus without taking other measures, such as keeping the OS fully up to date and patched, avoiding opening suspicious email attachments, clicking suspicious links or keeping RDP enabled without restrictions is not enough. Moreover, no security solution can ever protect from 100% of threats.

Not sure what happened, if your files were encrypted by ransomware or what you actually paid for. Technical support is provided to our users for free. Also without any further logs, proof and information what actually happened it's unfair to blame ESET.

[itman 1,659]

9 hours ago, nhetrick said:

i installed ESET and a week later I was hacked.

When making a statement like this, please provide details on what occured. If for no reason other than to determine if there is an on going issue with existing Eset protection methods.

Today's AV products are designed to prevent malware from being downloaded and installed on devices. Pertaining to malware that may have existed prior to AV installation, AV detection is limited in what it can detect. For example, you may have had a backdoor installed or some other stealthy hidden malware that is difficult to detect via signature or behavior methods.

When it comes to today's malware, the axiom, "An ounce of prevention is worth a pound of cure" very much applies.

Edited January 19, 2020 by itman

[local 0]

31 minutes ago, itman said:

If for no reason other than to determine if there is an on going issue with existing Eset protection methods.

When was the last time when it has been determine that "is an on going issue with existing Eset protection methods" ???

Typically the user will take all blame from not doing this or that, most recently for " clicking suspicious links "

The whole internet experience is based on "clicking links" ; to determine that is "suspicious" is ESET's job.

[Marcos 5,070]

Stop ranting please and provide a proof that ESET failed instead. Even if that was true, there is nothing like 100% protection from threats in the real world. However, as it's been already said the issue the user encountered was not reported and investigated yet so at this point there any premature conclusions are inappropriate.

[itman 1,659]

35 minutes ago, local said:

The whole internet experience is based on "clicking links" ; to determine that is "suspicious" is ESET's job.

Which BTW, Eset does an excellent job in detecting as based on other security forums postings in this regard.

Such is not the case for Windows Defender for example which lacks web filtering capability.

[peteyt 393]

51 minutes ago, local said:

When was the last time when it has been determine that "is an on going issue with existing Eset protection methods" ???

Typically the user will take all blame from not doing this or that, most recently for " clicking suspicious links "

The whole internet experience is based on "clicking links" ; to determine that is "suspicious" is ESET's job.

If only it were that simple. I've seen some Youtuber tests where they basically disable things like web protection and then try to show they got infected - well yes if you disable key features there is a chance.

The problem is that nothing is ever 100 percent. Here in the UK the NHS was a big victim of  the WannaCry ransomware which used the ExternalBlue Exploit. They obviously have security programs (not eset, but won't name it just in case), but still got infected. I'm not sure how, but did hear someone may have opened an attachment. Problem also was a lot of their computers where using XP and out of date patches. 

What the problem above proves is that security is everyone's job and until people understand that things like this will keep happening. Sadly, at least for the average user, people tend to want to be able to just instal a security program and let it do everything for them. If they for example regularly go on a dodgy site and get infected - they will blame the AV but won't actually look at what they are doing and if there is any correlation. I've met a lot of people in the past who wouldn't instal any windows updates, and these also tend to be the same people who would then complain if they got hit by something they themselves failed to patch when a patch was readily available for them.

It's one of the reasons I'm half and half with two step authentication - it's great and can be a lifesaver but it's not a golden bullet - people want solution that will protect them but they don't do anything to protect themselves. Remember the weakest link in security is generally always the human.

[local 0]

35 minutes ago, itman said:

Such is not the case for Windows Defender for example which lacks web filtering capability

How is this relevant? In spite of not having "web filtering capability"  Windows Defender scored 99.3% on AV-Comparatives for July-Oct 2019 with 0% compromised   while ESET with "machine learning" , "HIPS", "anti-ransomware shield"  "web filtering" scored 98.4% with 1.6% compromised !!!!  That means from 1000 malware , 16 will reach your PC if protected by ESET.

When people are complaining about this ransomware not being detected , ESET uninstalled by itself, etc , always is the user fault.

However, the AV-test says a different story.

And this is not ranting is just putting together public info.

[Marcos 5,070]

Since this topic has turned into bashing and ranting instead from a constructive discussion, we'll draw it to a close.