Ransomware infection again

[Marcos 5,267]

We would need advanced logs mentioned earlier in this thread that would include data from the time of creation of the file until it runs undetected. I can't seem to run the Phobos file undetected:

[itman 1,746]

5 minutes ago, Marcos said:

I can't seem to run the Phobos file undetected:

Same here. Hence my question to the OP if he somehow inadvertently blocked Eset real-time scanning of it. If he did so, the file would've executed unimpeded.

You could test likewise and see if the Ransomware Shield stops the encryption.

[itman 1,746]

To date. I have never seen a forum posting in regards to a Ransomware Shield detection as noted below;

Quote

ESET Ransomware Shield

ESET Ransomware Shield monitors and evaluates executed applications using behavioral heuristics It is designed to detect and block behavior that resembles ransomware The technology is activated by default If ESET Ransomware Shield is triggered by a suspicious action, then the user will be prompted to approve/deny a blocking action.

Furthermore, the dialog window allows the user to submit the suspicious application for analysis – or exclude it from future detection.

https://www.eset.com/fileadmin/ESET/INT/Docs/Others/eset-vs-crypto-ransomware.PDF

Edited June 20 by itman

[QuickSilverST250 0]

Hi, when doing testing there are no exclusions made for testing. We will be doing new test with latest samples so if anything, interesting happens i will let you guys know.