Administrators Marcos 5,461 Posted June 19 Administrators Posted June 19 We would need advanced logs mentioned earlier in this thread that would include data from the time of creation of the file until it runs undetected. I can't seem to run the Phobos file undetected:
itman 1,806 Posted June 19 Posted June 19 5 minutes ago, Marcos said: I can't seem to run the Phobos file undetected: Same here. Hence my question to the OP if he somehow inadvertently blocked Eset real-time scanning of it. If he did so, the file would've executed unimpeded. You could test likewise and see if the Ransomware Shield stops the encryption.
itman 1,806 Posted June 20 Posted June 20 (edited) To date. I have never seen a forum posting in regards to a Ransomware Shield detection as noted below; Quote ESET Ransomware Shield ESET Ransomware Shield monitors and evaluates executed applications using behavioral heuristics It is designed to detect and block behavior that resembles ransomware The technology is activated by default If ESET Ransomware Shield is triggered by a suspicious action, then the user will be prompted to approve/deny a blocking action. Furthermore, the dialog window allows the user to submit the suspicious application for analysis – or exclude it from future detection. https://www.eset.com/fileadmin/ESET/INT/Docs/Others/eset-vs-crypto-ransomware.PDF Edited June 20 by itman
QuickSilverST250 7 Posted July 9 Author Posted July 9 Hi, when doing testing there are no exclusions made for testing. We will be doing new test with latest samples so if anything, interesting happens i will let you guys know.
Recommended Posts