Jump to content

Eset Internet Security Failed to deal with Ransomware !!


Recommended Posts

The software does nothing more than just have a list of "Signatures" through which it identifies malicious or suspicious files, otherwise it is useless..
What made me say this is my own experience with it, my laptop was offline for three days, only three days without receiving updates that made eset internet security useless, I opened a file from a removable disk that I didn't know was harmful and now all My files are encrypted by Ransomware !!

You at Eset are Experts when it comes to making excuses, and when someone tests your software, You accuse him of doing it incorrectly, or having disabled some features of the software.
Now what do you say about what happened to me?
I did not disable any of the software's features.
Just all that happened is that the software did not receive updates for three days !!
Isn't this a simulation of what would happen if I was exposed to a zero-day attack from one of these Ransomware ?

You have to do something real about detecting malware and ransomware through its behavior

Edited by Marcos
Redacted
Link to comment
Share on other sites

  • Administrators

ESET uses various multi-layered protection mechanisms to protect users from both new and old malware which are explained at https://www.eset.com/int/about/technology/

For any AV it is crucial that you keep it updated all the time. It is untrue that having a different antivirus would protect you from most of threats after a few days, weeks or months without update.

We are willing to investigate what happened, therefore we kindly ask you to provide logs collected with ESET Log Collector to start off.

Link to comment
Share on other sites

10 hours ago, Invisible man said:

I opened a file from a removable disk that I didn't know was harmful and now all My files are encrypted by Ransomware !!

A couple of questions.

1. I assume this removable disk was updated on a device other than your own device?

2. When the removable disk was connected to your device, Eset should have shown a popup window on the desktop requesting if you wanted to scan the drive. Did you scan the drive when Eset prompted you to do so?

 

Link to comment
Share on other sites

8 hours ago, Marcos said:

ESET uses various multi-layered protection mechanisms to protect users from both new and old malware which are explained at https://www.eset.com/int/about/technology/

For any AV it is crucial that you keep it updated all the time. It is untrue that having a different antivirus would protect you from most of threats after a few days, weeks or months without update.

We are willing to investigate what happened, therefore we kindly ask you to provide logs collected with ESET Log Collector to start off.

Well, here I will review what happened in detail, and I will send what was done through the logs collected process.
Initially, this is the same sample, but with Bitdefender
As it is evident in the attached six screen shots, Bitdefender has not received updates for days, "and this is so that the test is fair."
When scan the sample and because it is not in the "Signatures" database, Bitdefender finds that the sample is not a malicious file
But once the file was run, Bitdefender detects it from its own behavior
Not only that, the malware has already managed to encrypt some files, but Bitdefender has recovered them as part of the disinfection process.

Now, here is what happened on the side of Eset Internet Security:
Also as shown in the screenshots I used the same sample and it was also not detected when I scan because it is not in the Signatures database
But this time when running the sample was not detected and Eset Internet Security did not take any action about it !!
And to prove that it does nothing more than just detected malware in the Signatures database, I updated the database and only then was the malicious file detected.
Note that the files that were encrypted were not recovered as happened with Bitdefender


Please explain how the files collected through ESET Log Collector will be sent to you
Is it by mail or do I upload the file here in the replies?

1.PNG

2.PNG

3.PNG

4.PNG

5.PNG

6.PNG

eset_01.PNG

eset_02.PNG

eset_03.PNG

eset_05.PNG

eset_06.PNG

Link to comment
Share on other sites

Are you testing malware samples or was your device files permanently encrypted by ransomware? The fact that you are showing BitDefender protection mechanisms, indicates you are testing ransomware samples.

Link to comment
Share on other sites

42 minutes ago, itman said:

Are you testing malware samples or was your device files permanently encrypted by ransomware? The fact that you are showing BitDefender protection mechanisms, indicates you are testing ransomware samples.

Do you know what the difference is between you and Bitdefender or Kaspersky?
When your software is failed to counter the attack, you do nothing more than justify and try to invent weak excuses.
But Bitdefender and Kaspersky are working on developing their software so that real security software are able to protect their customers from any threat, whatever the circumstances.

Now do you have anything useful to say?
Does your question justify that failure?

Link to comment
Share on other sites

51 minutes ago, itman said:

Are you testing malware samples or was your device files permanently encrypted by ransomware? The fact that you are showing BitDefender protection mechanisms, indicates you are testing ransomware samples.

By the way, I have a question
What if that sample was on the device of an Eset Internet Security customer on that day that the database was updated
How would Eset Internet Security counter it?

Was your software going to ask the user whether it was testing malware samples ؟ 
or was it supposed to protect him?

Link to comment
Share on other sites

10 hours ago, Marcos said:

ESET uses various multi-layered protection mechanisms to protect users from both new and old malware which are explained at https://www.eset.com/int/about/technology/

For any AV it is crucial that you keep it updated all the time. It is untrue that having a different antivirus would protect you from most of threats after a few days, weeks or months without update.

We are willing to investigate what happened, therefore we kindly ask you to provide logs collected with ESET Log Collector to start off.

Now what you have to do is provide real answers
First, what is Behavioral Detection from Eset's point of view?
Is it only harmful files detected through Signatures database?
So why did your software fail to detect and respond to the ransomware?
If we said that if the program database was updated, the malicious file would have been detected and blocked !!
Well we can say that but that's not called Behavioral Detection
This is just a malicious file detected by its Signatures
This is what any cheap anti-virus can do !

eset.png

Link to comment
Share on other sites

Since you seem to be so keen on BitDefender's anti-ransomware behavior protection, note that it's not bullet-proof:

Quote

The pernicious Petya ransomware got past the behavior-based detection system and encrypted the virtual drive, rending the virtual test system unusable.

https://sea.pcmag.com/security/5981/bitdefender-antivirus-plus

Link to comment
Share on other sites

20 minutes ago, itman said:

Since you seem to be so keen on BitDefender's anti-ransomware behavior protection, note that it's not bullet-proof:

https://sea.pcmag.com/security/5981/bitdefender-antivirus-plus

I didn't mention Bitdefender or even Kaspersky bullet-proof !!
But at least they have a real behavior detection system, even if it is not bulletproof, but it exists, strong and effective

at least Eset Internet Security should reach their level of detecting malware behavior
I don't want you to create bulletproof software, but at least you have to get to their level and then you can criticize one of their mistakes.
I am here neither defending nor biasing one party over another party's expense I am here making it clear that you cannot say that you have a security system capable of detecting malicious behavior while it does nothing more than just detect malware through Signatures
Since Bitdefender is not strong enough to deal with bullets
So your mission should be easy to get to that level of behavior detection
Is that not true ?!

Link to comment
Share on other sites

36 minutes ago, itman said:

Since you seem to be so keen on BitDefender's anti-ransomware behavior protection, note that it's not bullet-proof:

https://sea.pcmag.com/security/5981/bitdefender-antivirus-plus

I hope that the day will come when  Eset Internet Security have a strong enough behavior detection system ,to read an article about one of the strong viruses that managed to pass through
Because it is not smart to write an article in which we are talking about a powerful virus that has managed to pass through a weak system that relies only on a signature database ... It will not be interesting

Link to comment
Share on other sites

51 minutes ago, itman said:

Since you seem to be so keen on BitDefender's anti-ransomware behavior protection, note that it's not bullet-proof:

https://sea.pcmag.com/security/5981/bitdefender-antivirus-plus

Since you cited an article, I would like to draw your attention to that article as well from the same source

https://me.pcmag.com/en/security-suites/1957/kaspersky-internet-security

"But I have a bewildering question, why Eset Internet Security's Behavior Detection System not been evaluated or tested in an article on the same source?
Is it possible that Eset Internet Security does not have a real behavior detection system in order to be tested and to show the test results in the article? !!"

Screenshot 2021-05-10 225700.png

Link to comment
Share on other sites

Since you just joined the forum 19 hours ago and you have been "camped" on this thread all day, it's fairly obvious you are trolling. So I will just ignore you as everyone else has to date.

Link to comment
Share on other sites

5 minutes ago, itman said:

Since you just joined the forum 19 hours ago and you have been "camped" on this thread all day, it's fairly obvious you are trolling. So I will just ignore you as everyone else has to date.

Believe me, if you had anything to say you wouldn't ignore me 
As I said earlier, you only have excuses, and it is natural that you do not have words to say 

Link to comment
Share on other sites

  • Administrators

Closing this topic due to trolling. The OP obviously also lyed, initially pretending to be a user who accidentally felt a victim of ransomare and then he turned out to deliberately perform amateurish tests by skewing the reality to bash ESET in favor of his favorite AVs 

Link to comment
Share on other sites

  • Marcos locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...