ESET 14.0.x released

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Changelog:

Version 14.0.21.0​

  • Added: WMI Scanner
  • Added: System Registry Scanner
  • Improved: Product change feature (without OS restart)
  • Improved: Highest product on license offered
  • Improved: BPP "Secure all browsers" - enables user to run any browser in hardened mode by default
  • Improved: Under the hood optimizations
 

Durden

Level 3
Verified
Well-known
Dec 21, 2013
132
Anyone knows what they mean by improving the HIPS ; is it improvements out of the box/premade rules, or did they increase it’s “tweaking potential “ :
“Similarly, ESET is continually working to improve behavioral detection, with a focus on extending protection across system components that are typically abused by malware. To this end, the Host-Based Intrusion Prevention System, which utilizes advanced behavioral analysis to protect your system from malware and unwanted activity, has also been bolstered with further detection methods. This includes improved detection of ransomware and other malware using suspicious encryption and decryption API calls.”
 

Soulbound

Moderator
Verified
Staff Member
Well-known
Jan 14, 2015
1,761
Anyone knows what they mean by improving the HIPS ; is it improvements out of the box/premade rules, or did they increase it’s “tweaking potential “ :
“Similarly, ESET is continually working to improve behavioral detection, with a focus on extending protection across system components that are typically abused by malware. To this end, the Host-Based Intrusion Prevention System, which utilizes advanced behavioral analysis to protect your system from malware and unwanted activity, has also been bolstered with further detection methods. This includes improved detection of ransomware and other malware using suspicious encryption and decryption API calls.”
as far as i know they didnt add any visible rules and because i run my own rules and smart mode, i cannot confirm since i already imported my settings.
 

amirr

Level 27
Verified
Top Poster
Well-known
Jan 26, 2020
1,628
Changelog:

Version 14.0.21.0​

  • Added: WMI Scanner
  • Added: System Registry Scanner
  • Improved: Product change feature (without OS restart)
  • Improved: Highest product on license offered
  • Improved: BPP "Secure all browsers" - enables user to run any browser in hardened mode by default
  • Improved: Under the hood optimizations
Did they also fix this??!
 
Last edited:

Archentrope

Level 1
Oct 10, 2020
20
A crucial upgrade was made in the Advanced Machine Learning module, which now has better detection while retaining a tiny footprint. The improvements in the data selection and algorithm components will lead to increased detection of threats, including those transmitted via email. Synchronous Advanced Machine Learning in the Cloud, which runs more heavyweight detection models on cloud platforms, also brings considerable improvements for the detection of new malware.

Similarly, ESET is continually working to improve behavioral detection, with a focus on extending protection across system components that are typically abused by malware. To this end, the Host-Based Intrusion Prevention System, which utilizes advanced behavioral analysis to protect your system from malware and unwanted activity, has also been bolstered with further detection methods. This includes improved detection of ransomware and other malware using suspicious encryption and decryption API calls.

The update also provides users with new protection in the form of the Windows Management Instrumentation (WMI) and System Registry Scanner, which are capable of detecting malicious uses of the WMI and the system registry.

via What’s new in the latest version of ESET’s home Windows offering?
 

Soulbound

Moderator
Verified
Staff Member
Well-known
Jan 14, 2015
1,761
my impression or the ui has a "bug"?

scanning in process, notice where the animation is placed
egui_znl2MV8LSc.png
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
And no WMI provider crash seen in the Reliability Monitor? Thank you.
I wasn't aware of this. I see there are WMI crash on reliability monitor but this only happens if you scan WMI. ESET don't scan it by default so nothing serious also it's not creating any problem in the system. WMI is consistent. I'll see if there's anything on the ESET forum related to this. Otherwise I'll report it there that crash still happens with the latest version.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
View attachment 251600

I think it's the first time that I see ML/Augur in action, and in a PUP.

And it detects twice: I open the scan log and it showed up the usual detection for uTorrent as PUP and the other detection ML/Augur for the same uTorrent.
I've seen this particular one before, but I've also seen other ML/Augur detection a couple of times for genuine malware. Later they created separate signatures for those samples.
BTW, try not to use uTorrent, Qbitorrent is better.
 

Dhruv2193

Level 10
Verified
Well-known
Nov 7, 2016
468
I wonder how long it will take the big AV companies to latch on that many are using the good free Defender & drop their prices?
I don't think this will happen in a major way as others will also have something which will make the companies prefer x solution over WD. For individuals, it maybe a different ball game altogether, though. But Home/individual market is not the main focus of Security app companies.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
(Pinging @McMcbrad)

So I just grabbed ESET IS 14 and tested it against my trivial MSIL battery (encrypting My Documents\test recursively), using RIPlace techniques, going through the front door, etc. Other than one sample that ESET wrote a signature for due to an earlier test (which was bypassed by renaming some functions and compiling in a new project), 14 isn't detecting any of these samples at runtime either. I tried increasing the scope to all of My Documents, same results.

On the bright side, as I expected, ESET fantastically detected two of my most recent Emotet samples that have 2/69 VT detection.

Maybe they significantly improved the anti-exploit engine but I'm not seeing any general behavior blocker improvements (these kinds of samples are easily flagged by Kaspersky and F-Secure and others).

I'm more trying to learn specifically what was changed in 14.x. This is a highly artificial behavior blocker test so I'm happy to change it to more reflect "real" malware, though it would help to know what needs to change to get ESET's behavior blocker to care.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top