AnthonyQ 48 Posted April 28, 2023 Share Posted April 28, 2023 3 hours ago, SeriousHoax said: If it's that easy to evade LiveGuard then I have to say that LiveGuard seems very basic and ineffective. There are emulators/sandbox out there that can simulate user clicks. There are also malware that tries to fool such sandbox's but countermeasure can be taken to detect such evasion techniques which would indicate that the file is malicious. You can read all about it and much more here: https://evasions.checkpoint.com/techniques/human-like-behavior.html#check-mouse-movement:~:text=a sample emulation.-,2.2. Check via a request for user interaction,-Some malware samples It doesn't make much sense to charge premium price for LiveGuard when it can't even do this. LiveGuard would give safe verdict to such samples and users may end up getting infected. Samples marked as safe by LiveGuard probably aren't sent to malware analysts, so till they get their hands on such samples, it's a lost cause. There's a huge room for improvements here for ESET. Totally agree. As far as I know, many free cloud-based sandboxes, like Opentip by Kaspersky, Joesandbox and Threatbook (a Chinese online sandboxing platform), can simulate user interaction (moving mouse, and automatically click buttons) to reveal malicious behavior performed by a sample. As a paid sandbox, ESET LiveGuard ought to be better than these free products. Dmitry228 1 Link to comment Share on other sites More sharing options...
Recommended Posts