Updates ESET 14.0.x released

SeriousHoax

Level 36
Verified
Mar 16, 2019
2,584
Changelog:

Version 14.0.21.0​

  • Added: WMI Scanner
  • Added: System Registry Scanner
  • Improved: Product change feature (without OS restart)
  • Improved: Highest product on license offered
  • Improved: BPP "Secure all browsers" - enables user to run any browser in hardened mode by default
  • Improved: Under the hood optimizations
 

Durden

Level 3
Dec 21, 2013
132
Anyone knows what they mean by improving the HIPS ; is it improvements out of the box/premade rules, or did they increase it’s “tweaking potential “ :
“Similarly, ESET is continually working to improve behavioral detection, with a focus on extending protection across system components that are typically abused by malware. To this end, the Host-Based Intrusion Prevention System, which utilizes advanced behavioral analysis to protect your system from malware and unwanted activity, has also been bolstered with further detection methods. This includes improved detection of ransomware and other malware using suspicious encryption and decryption API calls.”
 

Soulbound

Moderator
Verified
Staff member
Jan 14, 2015
1,775
Anyone knows what they mean by improving the HIPS ; is it improvements out of the box/premade rules, or did they increase it’s “tweaking potential “ :
“Similarly, ESET is continually working to improve behavioral detection, with a focus on extending protection across system components that are typically abused by malware. To this end, the Host-Based Intrusion Prevention System, which utilizes advanced behavioral analysis to protect your system from malware and unwanted activity, has also been bolstered with further detection methods. This includes improved detection of ransomware and other malware using suspicious encryption and decryption API calls.”
as far as i know they didnt add any visible rules and because i run my own rules and smart mode, i cannot confirm since i already imported my settings.
 

amirr

Level 15
Jan 26, 2020
725
Changelog:

Version 14.0.21.0​

  • Added: WMI Scanner
  • Added: System Registry Scanner
  • Improved: Product change feature (without OS restart)
  • Improved: Highest product on license offered
  • Improved: BPP "Secure all browsers" - enables user to run any browser in hardened mode by default
  • Improved: Under the hood optimizations
Did they also fix this??!
 
Last edited:

Archentrope

Level 1
Oct 10, 2020
17
A crucial upgrade was made in the Advanced Machine Learning module, which now has better detection while retaining a tiny footprint. The improvements in the data selection and algorithm components will lead to increased detection of threats, including those transmitted via email. Synchronous Advanced Machine Learning in the Cloud, which runs more heavyweight detection models on cloud platforms, also brings considerable improvements for the detection of new malware.

Similarly, ESET is continually working to improve behavioral detection, with a focus on extending protection across system components that are typically abused by malware. To this end, the Host-Based Intrusion Prevention System, which utilizes advanced behavioral analysis to protect your system from malware and unwanted activity, has also been bolstered with further detection methods. This includes improved detection of ransomware and other malware using suspicious encryption and decryption API calls.

The update also provides users with new protection in the form of the Windows Management Instrumentation (WMI) and System Registry Scanner, which are capable of detecting malicious uses of the WMI and the system registry.

via What’s new in the latest version of ESET’s home Windows offering?
 

Soulbound

Moderator
Verified
Staff member
Jan 14, 2015
1,775
my impression or the ui has a "bug"?

scanning in process, notice where the animation is placed
egui_znl2MV8LSc.png
 

SeriousHoax

Level 36
Verified
Mar 16, 2019
2,584
And no WMI provider crash seen in the Reliability Monitor? Thank you.
I wasn't aware of this. I see there are WMI crash on reliability monitor but this only happens if you scan WMI. ESET don't scan it by default so nothing serious also it's not creating any problem in the system. WMI is consistent. I'll see if there's anything on the ESET forum related to this. Otherwise I'll report it there that crash still happens with the latest version.
 

SeriousHoax

Level 36
Verified
Mar 16, 2019
2,584
View attachment 251600

I think it's the first time that I see ML/Augur in action, and in a PUP.

And it detects twice: I open the scan log and it showed up the usual detection for uTorrent as PUP and the other detection ML/Augur for the same uTorrent.
I've seen this particular one before, but I've also seen other ML/Augur detection a couple of times for genuine malware. Later they created separate signatures for those samples.
BTW, try not to use uTorrent, Qbitorrent is better.
 

Dhruv2193

Level 9
Verified
Nov 7, 2016
432
I wonder how long it will take the big AV companies to latch on that many are using the good free Defender & drop their prices?
I don't think this will happen in a major way as others will also have something which will make the companies prefer x solution over WD. For individuals, it maybe a different ball game altogether, though. But Home/individual market is not the main focus of Security app companies.
 

MacDefender

Level 14
Verified
Oct 13, 2019
688
(Pinging @McMcbrad)

So I just grabbed ESET IS 14 and tested it against my trivial MSIL battery (encrypting My Documents\test recursively), using RIPlace techniques, going through the front door, etc. Other than one sample that ESET wrote a signature for due to an earlier test (which was bypassed by renaming some functions and compiling in a new project), 14 isn't detecting any of these samples at runtime either. I tried increasing the scope to all of My Documents, same results.

On the bright side, as I expected, ESET fantastically detected two of my most recent Emotet samples that have 2/69 VT detection.

Maybe they significantly improved the anti-exploit engine but I'm not seeing any general behavior blocker improvements (these kinds of samples are easily flagged by Kaspersky and F-Secure and others).

I'm more trying to learn specifically what was changed in 14.x. This is a highly artificial behavior blocker test so I'm happy to change it to more reflect "real" malware, though it would help to know what needs to change to get ESET's behavior blocker to care.
 
Top