Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
ESET
Eset 13.0.22.0 Final
Message
<blockquote data-quote="MacDefender" data-source="post: 844111" data-attributes="member: 83059"><p>I will try that next. I wrote another relocate-and-add-to-startup variant and Emsi and F-Secure both block it. So far those two are tied in my testing. Norton actually isn't doing a great job at behavior blocking. SONAR sometimes flags these binaries when delivered via a web browser (simply as low reputation under Aggressive) and deleting user documents triggers it, but the other sketchy behavior like downloading+executing a secondary payload or moving itself to a randomly generated temp file name and then registering as startup item is less likely to trigger Norton.</p><p></p><p></p><p>EDIT: Honestly I'm okay with ESET's response. They have their reasons of not making a general behavior blocker. Just customers need to understand that despite their advertising about "deep behavior" blocking and HIPS being automatic, in reality those components don't really react to zero days quite the same way that other BB's do.</p></blockquote><p></p>
[QUOTE="MacDefender, post: 844111, member: 83059"] I will try that next. I wrote another relocate-and-add-to-startup variant and Emsi and F-Secure both block it. So far those two are tied in my testing. Norton actually isn't doing a great job at behavior blocking. SONAR sometimes flags these binaries when delivered via a web browser (simply as low reputation under Aggressive) and deleting user documents triggers it, but the other sketchy behavior like downloading+executing a secondary payload or moving itself to a randomly generated temp file name and then registering as startup item is less likely to trigger Norton. EDIT: Honestly I'm okay with ESET's response. They have their reasons of not making a general behavior blocker. Just customers need to understand that despite their advertising about "deep behavior" blocking and HIPS being automatic, in reality those components don't really react to zero days quite the same way that other BB's do. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
