Jump to content

Web access protection Issue


Recommended Posts

Malicious / Dangerous sites, contains links to download malicious files (Ransomware - Spyware - Trojans), not detected by eset web access protection ! .

Yesterday we reported the following sites :

https://windowsroom.com/visuino/

https://genuineactivator.com/techsmith-snagit-crack-download-snagit-keys/

https://tntapk.com/rarmaradio-pro/

https://www.fullversionforever.com/rarmaradio-pro/

https://crackversions.com/tenorshare-ultdata-crack/

https://www.getpcsofts.net/clip-studio-paint-ex-crack-key-free-download/

https://www.crackwin.net/softmaker-flexipdf-crack/



and It has not been detected until now !!!

Link to comment
Share on other sites

  • Administrators

1, A correct way how to report samples or urls to ESET is via samples[at]eset.com as stated in https://support.eset.com/en/kb141. While submissions from the program are checked, more than 99% of them is just benign stuff which is not subject to detection (images, binary data files, encrypted files, music, etc.).

2, ESET reserves the right to decide if and how samples will be detected and urls blocked.

3, When testing, it's important to have detection of pot. unwanted and unsafe applications enabled; a lot of such websites are detected as scam.

4, It's not possible to download malicious files from the above websites; the download url was always blocked.

Link to comment
Share on other sites

19 minutes ago, Marcos said:

1, A correct way how to report samples or urls to ESET is via samples[at]eset.com as stated in https://support.eset.com/en/kb141. While submissions from the program are checked, more than 99% of them is just benign stuff which is not subject to detection (images, binary data files, encrypted files, music, etc.).

2, ESET reserves the right to decide if and how samples will be detected and urls blocked.

3, When testing, it's important to have detection of pot. unwanted and unsafe applications enabled; a lot of such websites are detected as scam.

4, It's not possible to download malicious files from the above websites; the download url was always blocked.

https://tntapk.com/rarmaradio-pro/

Screenshot 2021-09-23 100527.png

Screenshot 2021-09-23 100710.png

Screenshot 2021-09-23 101136.png

Link to comment
Share on other sites

Note: The download button on the site/s creates a new “redirect” link every time you click on it, maybe one of them was detected by eset today, but when you try again you will find an undetected link, But yesterday, when we reported these sites for the first time, none of these links were detected.

Link to comment
Share on other sites

18 minutes ago, Marcos said:

Were you able to find malware which was downloaded and undetected in the end?

image.png

At first my words are clear, I am not here to report a sample of malware that has not been detected, I am here to report malicious sites, if you are angry about this Well in the future we will not report any malicious site again!
Forgive me, you are a blind defense of your product, I feel from your words that I am attacking or abusing your product, I am here to help improve the product!!!!!

Also, excuse me, aren't you the one blocking users who report malware that your product couldn't block or detect like here?
https://forum.eset.com/topic/28386-eset-internet-security-failed-to-deal-with-ransomware/

Aren't you also the one who didn't respond when it was talked or reported about samples that your product was not able to detect?!!!
As it happened here:
https://forum.eset.com/topic/29053-eset-need-really-an-anticryptor-module/?_fromLogin=1

Excuse me, but your style is very bad, you are replying about something I didn't ask about in the first place, talk as much as the request or question, when we report a malicious site we primarily help you to improve the product, secondly I did not report an undetected sample, if it You have trouble understanding my words or my question, this is something you can't blame me for .

Link to comment
Share on other sites

  • Most Valued Members

You are mixing things together my friend , I don't work for ESET so I am not coming to defend or attack , that's my 2 cents only

The submission of websites or samples should be according to steps here https://support.eset.com/en/kb141?ref=esf

As in the Forum most probably no one is checking for submissions because the Team who receives those look at the sent samples through email or web form

The confusion here is that you've talked about Web Access Filter and Marcos talked about Real Time Protection / On Demand Protection , which what you meant is you want those websites blocked and which Marcos meant that those files downloaded from these places are detected by ESET

In the cases of the other posts where ESET failed to detect ransomware , some of these accidents happened because the attacker got hold of RDP Admin account and had disabled ESET inorder to ransom the machine , not by the fault of ESET not having signatures or not detecting it

Anyway there is no antivirus that can protect 100% , since malware developers can build or exploit 0-day which won't be detected by anyone , even by the Artifical Intelligence that the AVs companies use.

Link to comment
Share on other sites

  • Administrators

I'm not angry about you reporting it. Quite the contrary, we are happy if you report us possible malicious samples or urls.

I just wanted you to point in the right direction, ie. to report stuff directly to samples[at]eset.com according to the KB if you want the submission to receive better attention.

Also I wanted to point out that even if a particular website is not blocked (ie. it may be a completely legitimate one with just somebody posting links to cracks), the point is to detect possible threat in the end no matter how it is achieved, ie. by blocking access to the malicious website or by detecting the malware upon download or execution at latest.

Link to comment
Share on other sites

18 minutes ago, Nightowl said:

You are mixing things together my friend , I don't work for ESET so I am not coming to defend or attack , that's my 2 cents only

The submission of websites or samples should be according to steps here https://support.eset.com/en/kb141?ref=esf

As in the Forum most probably no one is checking for submissions because the Team who receives those look at the sent samples through email or web form

The confusion here is that you've talked about Web Access Filter and Marcos talked about Real Time Protection / On Demand Protection , which what you meant is you want those websites blocked and which Marcos meant that those files downloaded from these places are detected by ESET

In the cases of the other posts where ESET failed to detect ransomware , some of these accidents happened because the attacker got hold of RDP Admin account and had disabled ESET inorder to ransom the machine , not by the fault of ESET not having signatures or not detecting it

Anyway there is no antivirus that can protect 100% , since malware developers can build or exploit 0-day which won't be detected by anyone , even by the Artifical Intelligence that the AVs companies use.

 

16 minutes ago, Marcos said:

I'm not angry about you reporting it. Quite the contrary, we are happy if you report us possible malicious samples or urls.

I just wanted you to point in the right direction, ie. to report stuff directly to samples[at]eset.com according to the KB if you want the submission to receive better attention.

Also I wanted to point out that even if a particular website is not blocked (ie. it may be a completely legitimate one with just somebody posting links to cracks), the point is to detect possible threat in the end no matter how it is achieved, ie. by blocking access to the malicious website or by detecting the malware upon download or execution at latest.

Thanks a lot guys, first of all I am a user of eset I want to help improve the product as much as I can, my problem here is that I may have misunderstood Marcos intent because in the first place I am aware that the downloaded malware was detected by eset and this is what I explained through the pictures This made me surprised that Marcos would ask me about something I explained earlier, in addition to that when I reported the malicious sites yesterday I did it through  eset UI and what prompted me to post here is that the report was not responded to as quickly as I expected I have one last question, is reporting malicious programs or links through the user interface not an effective way?

Link to comment
Share on other sites

  • Most Valued Members
4 minutes ago, AZ Tech said:

 

Thanks a lot guys, first of all I am a user of eset I want to help improve the product as much as I can, my problem here is that I may have misunderstood Marcos intent because in the first place I am aware that the downloaded malware was detected by eset and this is what I explained through the pictures This made me surprised that Marcos would ask me about something I explained earlier, in addition to that when I reported the malicious sites yesterday I did it through  eset UI and what prompted me to post here is that the report was not responded to as quickly as I expected I have one last question, is reporting malicious programs or links through the user interface not an effective way?

Through the user interface should be the same as sending through the steps provided here : https://support.eset.com/en/kb141?ref=esf

Through the user interface could be better because it could have more information with the submission that is needed by the ESET Staff.

And I am sure ESET is happy to receive samples from people since it improves their detection rate / protection.

Edited by Nightowl
Link to comment
Share on other sites

  • 4 weeks later...
On 9/23/2021 at 9:50 AM, Marcos said:

1, A correct way how to report samples or urls to ESET is via samples[at]eset.com as stated in https://support.eset.com/en/kb141. While submissions from the program are checked, more than 99% of them is just benign stuff which is not subject to detection (images, binary data files, encrypted files, music, etc.).

Hi Marcos, I have reported about these two sites more than 10 times and there is no response from eset, I want a clear reason why you did not respond to the reports, by the way I reported these sites through the eset interface.

 

https://therealhax.com/flixgrab-2022-crack/

https://procrackserial.com/soft-organizer-pro-crack-keygen/

Link to comment
Share on other sites

  • ESET Insiders
On 9/23/2021 at 3:50 AM, Marcos said:

2, ESET reserves the right to decide if and how samples will be detected and urls blocked

 

11 minutes ago, AZ Tech said:

Hi Marcos, I have reported about these two sites more than 10 times and there is no response from eset, I want a clear reason why you did not respond to the reports, by the way I reported these sites through the eset interface.

 

https://therealhax.com/flixgrab-2022-crack/

https://procrackserial.com/soft-organizer-pro-crack-keygen/

 

Link to comment
Share on other sites

4 hours ago, NewbyUser said:

 

 

A funny and naive answer, It is not appropriate for a company responsible for protecting millions of people .

You have the right to choose the ingredients if you're making pizza, but when it comes to protecting people, you don't have the right to default.

Is the site suspicious and contains links to download malicious files?  The answer is yes

So eset does not have the slightest right to fail to protect its customers, because this is like my device being infected and you say we will not clean your device because we have the right to determine whether we will block these viruses or not!!!

You should have used your brain before answering !!

i reject this answer and demand that these suspicious sites be Blocked .

Link to comment
Share on other sites

  • Administrators

Let me sum it up:
1, ESET has the right to decide which websites to block.
2, We appreciate reporting suspicious websites to us (ideally via samples[at]eset.com)
3, Not every crack is necessarily malicious. That said, not every website with cracks is subject to block. Only websites leading to actual threats should be blocked.
4, In this case the alleged 'cracks' were actually malicious and contained several pieces of malware that was already detected by ESET. However, these cracks were downloaded through a redirect which was blocked, ie. for users to get infected they would need to disable web access protection, real-time protection and maybe even post-execution protection layers. I mean that not blocking the sites with 'crack' didn't pose a risk to users, yet that are subject to block (and they are blocked now).
 

Link to comment
Share on other sites

4 hours ago, Marcos said:

Let me sum it up:
1, ESET has the right to decide which websites to block.
2, We appreciate reporting suspicious websites to us (ideally via samples[at]eset.com)
3, Not every crack is necessarily malicious. That said, not every website with cracks is subject to block. Only websites leading to actual threats should be blocked.
4, In this case the alleged 'cracks' were actually malicious and contained several pieces of malware that was already detected by ESET. However, these cracks were downloaded through a redirect which was blocked, ie. for users to get infected they would need to disable web access protection, real-time protection and maybe even post-execution protection layers. I mean that not blocking the sites with 'crack' didn't pose a risk to users, yet that are subject to block (and they are blocked now).
 

Thank you, Marcos, I appreciate your cooperation, and I want to make it clear that I will not report sites just because they contain cracks, I only report sites when I am sure they lead to downloads of malicious files already.
But I have one last question, why were the reports not responded to when I reported the sites?

Link to comment
Share on other sites

  • ESET Insiders
3 hours ago, AZ Tech said:

Aber ich habe eine letzte Frage, warum wurden die Berichte nicht beantwortet, als ich die Websites gemeldet habe?

There is never an answer from Eset after such a message, in any case I and all those I know who use Eset have never received an answer to it. Would also be very desirable for me if you would get an answer from Eset!

Link to comment
Share on other sites

  • Most Valued Members
On 10/16/2021 at 6:33 PM, SlashRose said:

There is never an answer from Eset after such a message, in any case I and all those I know who use Eset have never received an answer to it. Would also be very desirable for me if you would get an answer from Eset!

Yeah I think if there was more communication it would stop people posting on here. For example a lot of people post their own sites on here after emailing them and having no answer. Often there is malware but if Eset replied it would prevent then having to come here and break forum rules.

I know this may be easier said than done as they probably receive a lot of emails 

Link to comment
Share on other sites

  • Administrators
6 hours ago, peteyt said:

For example a lot of people post their own sites on here after emailing them and having no answer.

While I'm not saying that a reply is always provided, we do our best to do so. An exception is typically submissions from those who regularly flood us with grey files and basically never submit actual malware or they submit malware which is already detected. I've gone through two pages of this Malware finding and cleaning subforum and didn't find any complaint that the user didn't receive a reply from samples[at]eset.com. Again, not saying that it can't happen but it's rather something that could happen seldom.

Link to comment
Share on other sites

  • Administrators
On 10/16/2021 at 3:51 PM, AZ Tech said:

Thank you, Marcos, I appreciate your cooperation, and I want to make it clear that I will not report sites just because they contain cracks, I only report sites when I am sure they lead to downloads of malicious files already.
But I have one last question, why were the reports not responded to when I reported the sites?

Please let me know if you find sites from which you can download "cracks" like this. On Friday we improved blocking, however, even without that it was basically impossible to download the "crack" / threat without being detected at least upon execution even with an older engine / definitions.

Link to comment
Share on other sites

  • ESET Insiders
1 hour ago, Marcos said:

Ich sage zwar nicht, dass immer eine Antwort gegeben wird, aber wir tun unser Bestes, um dies zu tun. Eine Ausnahme sind in der Regel Einreichungen von denen, die uns regelmäßig mit grauen Dateien überfluten und grundsätzlich nie tatsächliche Malware einreichen oder Malware einreichen, die bereits erkannt wurde. Ich habe zwei Seiten dieses Unterforums zum Finden und Bereinigen von Malware durchgesehen und keine Beschwerde darüber gefunden, dass der Benutzer keine Antwort von samples[at]eset.com erhalten hat. Nochmals, nicht zu sagen, dass es nicht passieren kann, aber es ist eher etwas, das selten passieren könnte.

Marcos I use Eset, then NOD since the v2, so for many years and I never swear to you a response after submitting contaminated websites that were not blocked by Eset!

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, Marcos said:

While I'm not saying that a reply is always provided, we do our best to do so. An exception is typically submissions from those who regularly flood us with grey files and basically never submit actual malware or they submit malware which is already detected. I've gone through two pages of this Malware finding and cleaning subforum and didn't find any complaint that the user didn't receive a reply from samples[at]eset.com. Again, not saying that it can't happen but it's rather something that could happen seldom.

It seems to be more actual website owners I've noticed complaining they've received no reply and technically it's against forum rules to post requests website related on here if I'm correct.

Like I said it's probably a lot of work to check what is blocked and inform them but if they don't receive a reply they normally end up coming on here

Link to comment
Share on other sites

  • Administrators
6 minutes ago, SlashRose said:

Marcos I use Eset, then NOD since the v2, so for many years and I never swear to you a response after submitting contaminated websites that were not blocked by Eset!

Please provide me with your email address. We didn't find any sent from your forum email address hxxxxxxxxxt.mxxxxs@ixxxl.de so you probably used a different one.

Link to comment
Share on other sites

10 hours ago, Marcos said:

Please let me know if you find sites from which you can download "cracks" like this.

There is one : https://pcfullcrack.org/zoner-photo-studio-x-crack-key-download/

I appreciate your efforts in confronting these sites, actually eset is very good at that compared to many other AVs .
In fact, what bothers me is the slow or lack of response to reports via eset UI.

I reported a new variant of  " Win32/Spy.Agent.PRG trojan"  through (samples[at]eset.com) and the response was faster even though it was about 24 hours, but that was faster than responding to reports via the UI .

Finally , I have a question related to LiveGuard, when I ran the aforementioned sample even though it was new and undetected from the eset database, the LiveGuard feature didn't work as I expected, even though eset did detect the malicious file after running it with the Advanced Memory Scanner, This means that the malicious file was not sent via LiveGuard, so what's wrong here?

Screenshot 2021-10-18 203819.png

Link to comment
Share on other sites

5 minutes ago, AZ Tech said:

Note: The sub-links are changed approximately every 24 to 48 hours, according to my experience with these sites, so I report them even if eset blocks the sub-links because when you try to click more than once, you will find a link that is not blocked, so the entire site must be blocked and therefore all links are banned sub .

Link to comment
Share on other sites

32 minutes ago, AZ Tech said:

Finally , I have a question related to LiveGuard, when I ran the aforementioned sample even though it was new and undetected from the eset database, the LiveGuard feature didn't work as I expected, even though eset did detect the malicious file after running it with the Advanced Memory Scanner, This means that the malicious file was not sent via LiveGuard, so what's wrong here?

Some malware are sandbox aware. If they detect a sandbox environment, the malware won't execute. Suspect this is the case with this one.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...