SearchLight

Level 9
Verified
I think I will just add OSA to supplement my Eset IS, and I should be covered for most eventualities . Agree?
 

Raiden

Level 13
Verified
Content Creator
I think I will just add OSA to supplement my Eset IS, and I should be covered for most eventualities . Agree?
OSA works well along side Eset, assuming you aren't taking full advantage of the HIPS within Eset. Technically with the HIPS you don't need it, but if you have HIPS set to smart with no other rules, you can use OSA without any issues.

I've read through this thread and agree with what others have said. Eset is a very capable program and I really wouldn't worry too much about this particular test, or any other test for that matter. Tests are fun and all, but keep in mind that the real world is very different. Every test should be taken with a grain of salt anyways. You have to keep in mind that there's no such thing as a perfect product. No product can protect you 100%, every product will fail at some point. Just because you may see a product get 100% on a particular test, doesn't mean it will always be like that. All it means is that it got 100% with that particular sample set.The only true way to be 100% protected from ransomware is to backup, backup and backup.

Sometimes it's easy to get caught up in the hype in regards to tests and start feeling like you need to change or start adding more protection, but in reality that's far from the truth. Honestly ask yourself, has Eset caused you any issues that warrants you to switch?, have you gotten infected at all while using Eest?, when was the last time you actually ran into malware? and (very important here) how are your computing habits? Chances are that if you answered no, not in a long time, follow good habits, you are more than fine. Your habits are just as important as the security software you are using. Keep following good security 101 and combine that with Eset and I am sure you will be more than fine. Again nothing is ever perfect, but an excellent program like Eset and good security hygiene will be more than enough.:)(y)
 

SearchLight

Level 9
Verified
OSA works well along side Eset, assuming you aren't taking full advantage of the HIPS within Eset. Technically with the HIPS you don't need it, but if you have HIPS set to smart with no other rules, you can use OSA without any issues.

I've read through this thread and agree with what others have said. Eset is a very capable program and I really wouldn't worry too much about this particular test, or any other test for that matter. Tests are fun and all, but keep in mind that the real world is very different. Every test should be taken with a grain of salt anyways. You have to keep in mind that there's no such thing as a perfect product. No product can protect you 100%, every product will fail at some point. Just because you may see a product get 100% on a particular test, doesn't mean it will always be like that. All it means is that it got 100% with that particular sample set.The only true way to be 100% protected from ransomware is to backup, backup and backup.

Sometimes it's easy to get caught up in the hype in regards to tests and start feeling like you need to change or start adding more protection, but in reality that's far from the truth. Honestly ask yourself, has Eset caused you any issues that warrants you to switch?, have you gotten infected at all while using Eest?, when was the last time you actually ran into malware? and (very important here) how are your computing habits? Chances are that if you answered no, not in a long time, follow good habits, you are more than fine. Your habits are just as important as the security software you are using. Keep following good security 101 and combine that with Eset and I am sure you will be more than fine. Again nothing is ever perfect, but an excellent program like Eset and good security hygiene will be more than enough.:)(y)
Very well said!

I used Roboman's config file for EIS but what rules would you suggest for HIPS to tighten things up in lieu of using OSA?
 
  • Like
Reactions: Nestor and Raiden

Raiden

Level 13
Verified
Content Creator
Very well said!

I used Roboman's config file for EIS but what rules would you suggest for HIPS to tighten things up in lieu of using OSA?
I am not very well versed in HIPS, when I was using Eset I was to lazy to configure it, so I just ran HIPS in smart mode and ran OSA along side it. That being said, Eset does have a knowledge base article on some rules you can create to further help with ransomware if needed.

Configure HIPS rules for ESET business products to protect against ransomware

Aside from those I haven't really created anymore. I know there are others that are more versed with Eset and HIPS so hopefully they will chime in. (y)
 

Kuttz

Level 12
Verified
Never heard of KnowBe4 RanSim. When I scanned the SimulatorSetup.exe downloaded from KnowBe4 site using VirusTotal 14 engines flagged it as malware ? My Eset itself flagged it as PUP ? How safe is it to run ?
 
  • Like
Reactions: upnorth

Dave Russo

Level 8
Verified
Very well said!

I used Roboman's config file for EIS but what rules would you suggest for HIPS to tighten things up in lieu of using OSA?
You could use Voodoshield along side ,I do, they show no sign of conflict,you don'"t have to adjust Hips,and its a great defense against Randsomware.gl,I also use Roboman"s configuration
 
  • Like
Reactions: Nestor and bribon77

SearchLight

Level 9
Verified
you can do a test now with the new configuration to see what results it gives you.(y)
Did a test with Ransim and the simulator just hung. The green progress bar stayed on 1/4 progression for almost ten minutes so I stopped it. I guess the new rules did the trick silently.

Should I adjust HIPS to Interactive or leave it as Roboman has it, which I believe is Smart Rules?
 

shmu26

Level 83
Verified
Trusted
Content Creator
Appreciate the responses. Thanks.

Going back to my OP, then is the consensus here that RanSim accomplishes nothing, and is bogus because it does not reflect what happens in the real world?

If that be so, then what is the purpose of creating, and using this simulator to test software? To create Scareware?

To that end, one could almost argue that the EICAR test virus is the same because it is not doing anything malicious.

I feel that slowly this topic is migrating into the infamous marketing tactics that vendors might employ to sell their security products that will protect and defend your PC from every known threat including Zero day.

It is great to be an informed consumer because of the many informative postings here on the MT website.
I just took a look at the link that was given before
and I saw that it is from itman, who is a known expert in malware behavior. You can read his many posts over on Wilderssecurity.
In short, he says that the RanSim simulator does not exhibit malicious behavior, so there is really no reason an AV should detect it on basis of its behavior.
I am not an ESET user, but I know that itman is a very accurate source of information regarding the software that he knows. ESET definitely falls in that category.
 

Latest Threads