Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Enhanced Real-World Test 2020 – Consumer
Message
<blockquote data-quote="MacDefender" data-source="post: 918016" data-attributes="member: 83059"><p>Yeah custom HIPS rules are a really neat feature but in my opinion it's best for enterprise hardening of services that get deployed across an enterprise environment. It's akin to writing your own AppArmor/SELinux sandboxing rules for pretty much every possible attack vector and since the "Smart" setting in ESET preprograms almost nothing (except for maybe a few isolated ransomware vectors they can't write signatures for), IMO this is an unreasonable demand of home users. [USER=78686]@SeriousHoax[/USER] has a good example of how to implement CFA / protected folders using the HIPS which will give you some ideas of how to use it, but I still think even with that example, maintaining all the exceptions to that is a ton of work, and frankly something I expect the AV company to be doing for me.</p><p></p><p></p><p>BTW, in terms of bypassing ESET, my experience this summer has been that it takes me about 1-2 hours to construct a bypass of just about every AV software I've personally tested, as long as you start with the assumption that the user will download and execute your payload. (I'm saying that to express how easy it is to bypass a specific AV, not that I'm qualified to be a malware writer). I struggle to find a way to scientifically assess which AV does better, because most often you'll find that one technique works against 4 AVs but a 5th one catches it, and if you tweak the exploit for the 5th AV to miss it, the other AV's start catching it. It's hard to turn that into a ranking of who I think does the best. While I find home-brew malware simulation to be a really interesting technique that teaches us a lot about how each AV's protection works, I don't know if that's what I'd use to rank AVs overall.</p></blockquote><p></p>
[QUOTE="MacDefender, post: 918016, member: 83059"] Yeah custom HIPS rules are a really neat feature but in my opinion it's best for enterprise hardening of services that get deployed across an enterprise environment. It's akin to writing your own AppArmor/SELinux sandboxing rules for pretty much every possible attack vector and since the "Smart" setting in ESET preprograms almost nothing (except for maybe a few isolated ransomware vectors they can't write signatures for), IMO this is an unreasonable demand of home users. [USER=78686]@SeriousHoax[/USER] has a good example of how to implement CFA / protected folders using the HIPS which will give you some ideas of how to use it, but I still think even with that example, maintaining all the exceptions to that is a ton of work, and frankly something I expect the AV company to be doing for me. BTW, in terms of bypassing ESET, my experience this summer has been that it takes me about 1-2 hours to construct a bypass of just about every AV software I've personally tested, as long as you start with the assumption that the user will download and execute your payload. (I'm saying that to express how easy it is to bypass a specific AV, not that I'm qualified to be a malware writer). I struggle to find a way to scientifically assess which AV does better, because most often you'll find that one technique works against 4 AVs but a 5th one catches it, and if you tweak the exploit for the 5th AV to miss it, the other AV's start catching it. It's hard to turn that into a ranking of who I think does the best. While I find home-brew malware simulation to be a really interesting technique that teaches us a lot about how each AV's protection works, I don't know if that's what I'd use to rank AVs overall. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
