Configure ESET as default-deny (bye ransomware!)

F

ForgottenSeer 72227

Hallelujah I got it to work!

So I double checked everything with Powershell when it comes to WD and everything was back to normal. I then decided to create the rule again and see what happens. No issues! I created the second rule again and the same issue popped up, I was like what the heck, that rule was fine last time. After closer inspection it seems like the last option switched from "specific processes" to "all applications." I found this strange as I was 100% certain that I selected specific applications, but then it dawned on me. Since I was doing this on my laptop, I guess I must have in inadvertently switched the option with the touch pad, as I was clicking through the options. There doesn't seem to be an explanation for the issues, other than that.:emoji_flushed:

Thanks for the help, I'm glad I got it working again!
 
  • Like
Reactions: simmerskool, Gandalf_The_Grey, oldschool and 1 other person
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
Raiden said:
Hallelujah I got it to work!

So I double checked everything with Powershell when it comes to WD and everything was back to normal. I then decided to create the rule again and see what happens. No issues! I created the second rule again and the same issue popped up, I was like what the heck, that rule was fine last time. After closer inspection it seems like the last option switched from "specific processes" to "all applications." I found this strange as I was 100% certain that I selected specific applications, but then it dawned on me. Since I was doing this on my laptop, I guess I must have in inadvertently switched the option with the touch pad, as I was clicking through the options. There doesn't seem to be an explanation for the issues, other than that.:emoji_flushed:

Thanks for the help, I'm glad I got it working again!
Click to expand...
Glad you got it working!!
 
  • Like
Reactions: simmerskool, Gandalf_The_Grey, oldschool and 1 other person
L0ckJaw

L0ckJaw

Level 19
Verified
Content Creator
Well-known
Feb 17, 2018
870
Implemented the rules and if someone is interested i added the xml file in English.

gofile.io

Gofile - Free Unlimited File Sharing and Storage

Gofile is a free, secure file sharing and storage platform. With unlimited bandwidth and storage, you can easily store and share files of any type without any limits. Our advanced features, such as CDN support and password protection, make Gofile the ideal choice for individuals and businesses...
gofile.io
 
  • Like
  • Thanks
Reactions: RoboMan, harlan4096, Andrew3000 and 1 other person
Windows_Security

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Robbie said:
Good morning mortals! I hereby share with you some amazing HIPS rules for ESET that will work as default-deny to prevent infections such as ransomware. You can check the source here.
Click to expand...

This mortal can do the same with the free and build-in Windows Defender Attack Surface Reduction and Exploit Protection ;) The nice thing about WD is that hese features even work when you are using a third-party anti-virus. So totally free and build-in Windows Security.
 
Last edited:
  • Like
Reactions: simmerskool, blackice, harlan4096 and 1 other person
marcopaone

marcopaone

Level 7
Verified
Well-known
Jul 15, 2016
321
L0ckJaw said:
Implemented the rules and if someone is interested i added the xml file in English.

gofile.io

Gofile - Free Unlimited File Sharing and Storage

Gofile is a free, secure file sharing and storage platform. With unlimited bandwidth and storage, you can easily store and share files of any type without any limits. Our advanced features, such as CDN support and password protection, make Gofile the ideal choice for individuals and businesses...
gofile.io
Click to expand...
If I use these settings for hips it will erase mine setting for all eset module :( :(
 
  • Like
Reactions: oldschool
RoboMan

RoboMan

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,483
Windows_Security said:
This mortal can do the same with the free and build-in Windows Defender Attack Surface Reduction and Exploit Protection ;) The nice thing about WD is that hese features even work when you are using a third-party anti-virus. So totally free and build-in Windows Security.
Click to expand...
That's great but this is an ESET thread :)
 
  • Like
Reactions: marcopaone, oldschool and blackice
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
bazza23 said:
@Robbie - Are you still using ESET? Do you recommend any changes for the latest update to ESET? Thanks in advance. I always use your rules :)
Click to expand...
From what I’ve seen the HIPS module still works the same as far as custom rules go. I imported my old rules from v12 and they all seem to work.
 
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
Umbra said:
Dudes, if you go full paranoid default-deny, add most of the LOLbins present on windows, you have around an hundred. :)
Click to expand...
That’s when I know I’ve reached my limit on paranoia, I don’t have any time for that! I used MSE for years and never caught a nasty. Whether I’m vanilla in my behavior or lucky, going overboard doesn’t seem worth it.
 
  • Like
Reactions: Protomartyr and harlan4096
F

ForgottenSeer 823865

Serious Default-Deny is for people with very static system (means few apps installed and almost never add any) and corporate mindset.
if a user doesn't fit in these 2 categories, he will be better of with classic blacklisting solutions and learn how to have good and safe practices.
Malware aren't Dr Strange, opening a portal directly in your system, they all have the same entry points which can be covered by a bit of brain.
 
  • Like
Reactions: novocaine, Protomartyr, davisd and 2 others

Similar threads

Victor M
    • +Reputation
    • Like
    • Hundred Points
  • Suggestion
Setup Idea Default Deny Windows Firewall setup How To
Replies
7
Views
3,254
PC Setup Ideas
Victor M
Victor M
C
    • Like
    • +Reputation
App Review ESET Internet Security 2023
Replies
14
Views
4,285
Written Reviews - Security and Privacy
Zartarra
Zartarra
M
    • Like
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Replies
0
Views
420
Microsoft Defender
Microsoft Threat Intelligence
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top