Configure ESET as default-deny (bye ransomware!)

F

ForgottenSeer 72227

Hallelujah I got it to work!

So I double checked everything with Powershell when it comes to WD and everything was back to normal. I then decided to create the rule again and see what happens. No issues! I created the second rule again and the same issue popped up, I was like what the heck, that rule was fine last time. After closer inspection it seems like the last option switched from "specific processes" to "all applications." I found this strange as I was 100% certain that I selected specific applications, but then it dawned on me. Since I was doing this on my laptop, I guess I must have in inadvertently switched the option with the touch pad, as I was clicking through the options. There doesn't seem to be an explanation for the issues, other than that.:emoji_flushed:

Thanks for the help, I'm glad I got it working again!
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Hallelujah I got it to work!

So I double checked everything with Powershell when it comes to WD and everything was back to normal. I then decided to create the rule again and see what happens. No issues! I created the second rule again and the same issue popped up, I was like what the heck, that rule was fine last time. After closer inspection it seems like the last option switched from "specific processes" to "all applications." I found this strange as I was 100% certain that I selected specific applications, but then it dawned on me. Since I was doing this on my laptop, I guess I must have in inadvertently switched the option with the touch pad, as I was clicking through the options. There doesn't seem to be an explanation for the issues, other than that.:emoji_flushed:

Thanks for the help, I'm glad I got it working again!
Glad you got it working!!
 

L0ckJaw

Level 19
Verified
Content Creator
Well-known
Feb 17, 2018
870
Implemented the rules and if someone is interested i added the xml file in English.

 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Good morning mortals! I hereby share with you some amazing HIPS rules for ESET that will work as default-deny to prevent infections such as ransomware. You can check the source here.

This mortal can do the same with the free and build-in Windows Defender Attack Surface Reduction and Exploit Protection ;) The nice thing about WD is that hese features even work when you are using a third-party anti-virus. So totally free and build-in Windows Security.
 
Last edited:

marcopaone

Level 7
Verified
Well-known
Jul 15, 2016
321
Implemented the rules and if someone is interested i added the xml file in English.

If I use these settings for hips it will erase mine setting for all eset module :( :(
 
  • Like
Reactions: oldschool

RoboMan

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
This mortal can do the same with the free and build-in Windows Defender Attack Surface Reduction and Exploit Protection ;) The nice thing about WD is that hese features even work when you are using a third-party anti-virus. So totally free and build-in Windows Security.
That's great but this is an ESET thread :)
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
@Robbie - Are you still using ESET? Do you recommend any changes for the latest update to ESET? Thanks in advance. I always use your rules :)
From what I’ve seen the HIPS module still works the same as far as custom rules go. I imported my old rules from v12 and they all seem to work.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Dudes, if you go full paranoid default-deny, add most of the LOLbins present on windows, you have around an hundred. :)
That’s when I know I’ve reached my limit on paranoia, I don’t have any time for that! I used MSE for years and never caught a nasty. Whether I’m vanilla in my behavior or lucky, going overboard doesn’t seem worth it.
 
F

ForgottenSeer 823865

Serious Default-Deny is for people with very static system (means few apps installed and almost never add any) and corporate mindset.
if a user doesn't fit in these 2 categories, he will be better of with classic blacklisting solutions and learn how to have good and safe practices.
Malware aren't Dr Strange, opening a portal directly in your system, they all have the same entry points which can be covered by a bit of brain.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top