anjayani 1 Posted May 24 Share Posted May 24 hello, why dont eset dna detection block stop/djvu ransomware variant, because we know this ransomware oftenly creating new varian with different encrypted file extention. and how dna detection work actually thanks, Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,244 Posted May 24 Administrators Share Posted May 24 Unfortunately it's not clear what you mean. Do you have an undetected sample of Filecoder.STOP ? If so, please supply it to me or samples[at]eset,com in an archive encrypted with the password "infected". Quote Link to comment Share on other sites More sharing options...
anjayani 1 Posted May 24 Author Share Posted May 24 we have 3 times in a row january,feb,march encrypted by this ransom with defferent extention, all installed eset endpoint security with secheduled update only once a day. i know this setting will give the endpoint slightly late to update. but we need to. in my opinion ,eventough the endpoint is late several version of update,eset dna detection should be able to prevent the threat that they already know including the new varian. is that correct? i just want to know, thats it thankyou Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,244 Posted May 24 Administrators Share Posted May 24 As far as I remember Filecoder.STOP always ran on a machine not protected by ESET and encrypted files in remote shares with write permissions for the logged in user. Please provide logs collected with ESET Log Collector from the machine. Quote Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 297 Posted June 4 Most Valued Members Share Posted June 4 On 5/24/2022 at 8:29 AM, anjayani said: we have 3 times in a row january,feb,march encrypted by this ransom with defferent extention, all installed eset endpoint security with secheduled update only once a day. i know this setting will give the endpoint slightly late to update. but we need to. in my opinion ,eventough the endpoint is late several version of update,eset dna detection should be able to prevent the threat that they already know including the new varian. is that correct? i just want to know, thats it thankyou If you have been encrypted 3 times you really should look at how you got infected in the first place. An antivirus can help but you really need to look at your habits and those of your employers if your part of a company, try to educate your staff and put in procedures e.g. backups LesRMed and TheStill 2 Quote Link to comment Share on other sites More sharing options...
rotaru 3 Posted June 5 Share Posted June 5 12 hours ago, peteyt said: If you have been encrypted 3 times you really should look at how you got infected in the first place True, but to be infected 3 times in 3 consecutive months, while you are protected by ESET is discouraging..... Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,244 Posted June 5 Administrators Share Posted June 5 Again, Filecoder.STOP has been typically seen on machines encrypting files in remote shares on which ESET was not running or where the attacker was able to kill ESET due to unpatched OS and the settings not protected by a password, or by not having detection of potentially unsafe applications enabled. Quote Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 297 Posted June 5 Most Valued Members Share Posted June 5 11 hours ago, rotaru said: True, but to be infected 3 times in 3 consecutive months, while you are protected by ESET is discouraging..... Problem is without any information it is hard to really know the issue. As Marcos has also mentioned, are they up to date with patches etc. Do they have the latest version of eset. Quote Link to comment Share on other sites More sharing options...
TheStill 19 Posted June 6 Share Posted June 6 22 hours ago, rotaru said: True, but to be infected 3 times in 3 consecutive months, while you are protected by ESET is discouraging..... Having an antivirus doesn't provide you with 100% protection. You still need to practice good cyber hygiene and even then it is all about lowering the odds. It sounds like you may benefit most from a simple cyber hygiene course. If you are a company it may be interesting to run a few fake scenarios on your employees to see what happens. You may find it is as simple as someone disabling the antivirus because it was blocking a website they were trying to access. Quote Link to comment Share on other sites More sharing options...
rotaru 3 Posted June 6 Share Posted June 6 13 hours ago, TheStill said: You may find it is as simple as someone disabling the antivirus I never seen so far in an business environment , users to have the permission to disable the antivirus. 100% this was not the case. On the other hand , ESET is known for low level of protection against ransomware, especially "never seen before" Quote Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 297 Posted June 7 Most Valued Members Share Posted June 7 20 hours ago, rotaru said: I never seen so far in an business environment , users to have the permission to disable the antivirus. 100% this was not the case. On the other hand , ESET is known for low level of protection against ransomware, especially "never seen before" The problem is that a lot of people post about issues but never give enough information. Without more information it's hard to tell what happened to the user. For example are they on the latest version of Eset. Sounds a simple question but I've seen people posting about issues and they are using a version that's from years ago. Do they have Remote access enabled etc. TheStill 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.