Jump to content

PC Security Channel claims Ransomware Shield Doesn't work - Asks for Eset Comment


Recommended Posts

15 minutes ago, itman said:

Finally, I will point out that there is an AMTSO certfied AV lab, MRG Effitas, that includes 0-day ransomware samples in its ransomware certification testing;

https://www.mrg-effitas.com/wp-content/uploads/2024/03/MRG_Effitas_360_Q4_2023.pdf

Unfortunately, they only test commercial AV products. However, Eset Endpoint Security was tested which includes the same default ransomware protection as does EIS and ESSP.

And the report indicates that Eset detected 100% of the ransom samples and simulations and was graded Level 1 Certifid: All threats detected on first exposure or via behaviour protection.

Link to comment
Share on other sites

11 hours ago, itman said:

The problem with ASR use is they can only be applied via PowerShell or Group Policy

Have you ever heard about ConfigureDefeneder???

https://github.com/AndyFul/ConfigureDefender

With a click of the mouse you can set Defender from Default to High to Interactive to Max. 

All ASR rules are also there , at a click of the mouse.

 

Link to comment
Share on other sites

10 hours ago, MarcFL said:

And the report indicates that Eset detected 100% of the ransom samples

So did Microsoft

Untitled.thumb.jpg.bac44c7d175b87e4758a7a16ac06ee16.jpg

Link to comment
Share on other sites

  • Most Valued Members
Posted (edited)
2 hours ago, rotaru said:

So did Microsoft

Untitled.thumb.jpg.bac44c7d175b87e4758a7a16ac06ee16.jpg

There is nothing and no one perfect, everything has a flaw as humankind do have also flaws and these software are made by human so it would be like the human , not perfect

It is in the end matter of opinion just like food , you might like a specific meal , but not every place does it how you like

I find myself to like 4 security solutions which are different from eachother , Sophos Hitman , Fortinet stuff , ESET , Kaspersky and I still use ESET as the realtime scanner and I still like the other solutions that I mentioned.

Nobody prevents you to try or use another solution , what you are doing is pointless to be honest and won't change anything in real life or scenarios.

And in the other hand , Microsoft defender cloud would have larger database because it's included inside the Windows , so everyone have Windows 10, 11 , have a defender connected to their cloud so they can get data from it , for malware and stuff like that , and can have a faster response to malware because of larger user base, but still easily defeated and disabled by malware developers and yet they are still sometimes late to detect malware even if you send it manually to them

Edited by Nightowl
Link to comment
Share on other sites

5 hours ago, rotaru said:

So did Microsoft

Appears you missed this in the report. Comparing default MD installed in Win 10/11 to MD ATP protection-wise is a "apples vs. oranges" comparision.

Eset_MD.thumb.png.7f910d249e217fc4b25a644bfe347287.png

Link to comment
Share on other sites

5 hours ago, rotaru said:

Have you ever heard about ConfigureDefeneder???

i am aware of it. The question is if the average consumer PC is and if so, would he actual use it?

Link to comment
Share on other sites

3 hours ago, Nightowl said:

but still easily defeated and disabled by malware developers

A point "our friend" refuses to acknowledge. Sticking your head in the "bypass sand" does not make the problem go away.

Link to comment
Share on other sites

6 hours ago, rotaru said:

So did Microsoft

If you're trying to convince yourself that Windows Defender is as good as Eset or other retail antivirus products, then just go use the free MD...

Link to comment
Share on other sites

1 hour ago, itman said:

if the average consumer PC is

I consider myself "above average", yet I have difficulties to navigate through ESET over 150 settings combinations.

This is the main reason why I buy 3-4 ESET every year (Christmas time , $9-14 NOD32) only to let them expire.

It is the most cumbersome AV I tried so far. Now I use Trend Micro, simple, elegant.

Look in PC Mag review for NOD32:

 

Untitled.jpg.c95519b6c958059583e8593fac3bf37a.jpg

Link to comment
Share on other sites

Posted (edited)

I'm an IT System Admin, so I appreciate all the settings and don't find them confusing.  The vast majority of users do not change the default settings.  Yet, the most common basic Eset settings are easy to understand.

IMO this trend represents a "dumbing down" of society, as options and settings are eliminated or concealed behind a facade of one-click operations, with big buttons, short menus and a "one size fits all" mentality, both in Windows and in a vast array of other applications by many other companies. Some say this is due to Gen Z, who they claim are easily confused and distracted with short attention spans.

Edited by MarcFL
Link to comment
Share on other sites

  • Administrators

I too prefer more granular settings to having just a few options without the ability to tailor the configuration to my liking. Imagine having just one setting to pause overall protection without the ability to pause real-time protection, web protection, etc. separately or without the option to define exclusions. The mag was complaining about complex Device Control settings. If that's a real issue, we are open for constructive feedback from the mag, you or whoever finds the settings complex and difficult to set up on how to make it easier while keeping all current functionalities and options customizable.

Link to comment
Share on other sites

3 minutes ago, MarcFL said:

The vast majority of users do not change the default settings.

OK, this is a "Consumer product" why have 100 settings if "The vast majority of users do not change the default settings."????

 

Look at Avira, Kaspersky, Trend Micro .... all designed with the "consumer" in mind, having few logical settings.

Anyway, enough discussion.....

Link to comment
Share on other sites

So screw everyone else who do want to customize the settings?  Re-read my "dumbing down" paragraph...

Link to comment
Share on other sites

2 minutes ago, Marcos said:

Imagine having just one setting to pause overall protection without the ability to pause real-time protection, web protection, etc. separately

The guy from the internet just did that to test the ransomware module and you said noooooo....

Now is a good thing????

Link to comment
Share on other sites

  • Administrators
1 minute ago, rotaru said:

Now is a good thing????

Where did I say that pausing real-time protection is recommended? However, there are times when the user may want to it, e.g. when restoring a false positive from quarantine and creating an exception or submitting it to ESET for analysis.

Link to comment
Share on other sites

3 minutes ago, Marcos said:

when restoring a false positive from quarantine and creating an exception

When restores a false positive from quarantine the user shouldn't have to pause any shields....

Just a right click on the file, choose "restore" and an exception should be created automatically.......

In my opinion (the last one) ESET is way overengineered and refuses to adapt to the consumer market.

Sophistication is not a good thing: on your car , which has several computers, you have a single light "Check engine soon" which turns ON or OFF accordingly.

Link to comment
Share on other sites

  • Administrators

We already had an option to toggle simple user GUI mode in v3 if I remember correctly and it wasn't accepted by the majority of users.

Link to comment
Share on other sites

51 minutes ago, rotaru said:

Now I use Trend Micro, simple, elegant.

The main issue with Trend is false positives. In AV lab tests, it has the most false positives of any product tested. If you can live with this fine.

Link to comment
Share on other sites

In my experience with multiple commercial products, I find ESET one of the most reliable and easy to use product (I don't mean its prefect at all) but I do think HIPS setting of the product it's a little bit confusing! For example, it's not clear what Smart/Auto filtering modes do differently!
Or having a webpage for some manual rule to protect against ransomware! Shouldn't this be part of the options in product?
https://support.eset.com/en/kb6119-configure-hips-rules-for-eset-business-products-to-protect-against-ransomware
https://support.eset.com/en/kb6132-configure-firewall-rules-for-eset-endpoint-security-to-protect-against-ransomware

Even in these 2 webpages, there isn't a lot of explanation why you should set these rules.

Link to comment
Share on other sites

2 minutes ago, MHRSFI said:

Or having a webpage for some manual rule to protect against ransomware! Shouldn't this be part of the options in product?

I agree. The rules should be included by default in a disabled state. Then an option provided to activate them.

Link to comment
Share on other sites

Getting back on ransomware prevention topic, I already posted previously that the primary source of ransomware is phishing. I have always adhered to the trusism, "an ounce of prevention is worth a pound of cure." So below is how MD ATP performed against MRG Phishing tests. BTW - MD ATP was not certified for phishing protection.

MD_1.thumb.png.48ec808a911c19a61e5f1b6f00b5b4a2.png

MD_2.thumb.png.5845231947ca101a5a7654e57e65a2c3.png

Link to comment
Share on other sites

Posted (edited)

Want to add my appreciation for the configurability of ESET as well, one of the reasons why I prefer this AV to other AV providers. Don't see how it could become a problem for "normal" users either since it's all tucked into the "Advanced Setup" part of the software as well.

Edited by matte
Link to comment
Share on other sites

4 hours ago, MHRSFI said:

Actual, those rules just don't help mitigate ransomware attacks. They also prevent other malware attacks from abusing Win "living-off-the land" trusted binaries.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...