ESET Internet Security 2019 v12.1.31.0 and Ransomware via RanSim

SearchLight

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
626
I think I will just add OSA to supplement my Eset IS, and I should be covered for most eventualities . Agree?
 
F

ForgottenSeer 72227

SearchLight said:
I think I will just add OSA to supplement my Eset IS, and I should be covered for most eventualities . Agree?
Click to expand...
OSA works well along side Eset, assuming you aren't taking full advantage of the HIPS within Eset. Technically with the HIPS you don't need it, but if you have HIPS set to smart with no other rules, you can use OSA without any issues.

I've read through this thread and agree with what others have said. Eset is a very capable program and I really wouldn't worry too much about this particular test, or any other test for that matter. Tests are fun and all, but keep in mind that the real world is very different. Every test should be taken with a grain of salt anyways. You have to keep in mind that there's no such thing as a perfect product. No product can protect you 100%, every product will fail at some point. Just because you may see a product get 100% on a particular test, doesn't mean it will always be like that. All it means is that it got 100% with that particular sample set.The only true way to be 100% protected from ransomware is to backup, backup and backup.

Sometimes it's easy to get caught up in the hype in regards to tests and start feeling like you need to change or start adding more protection, but in reality that's far from the truth. Honestly ask yourself, has Eset caused you any issues that warrants you to switch?, have you gotten infected at all while using Eest?, when was the last time you actually ran into malware? and (very important here) how are your computing habits? Chances are that if you answered no, not in a long time, follow good habits, you are more than fine. Your habits are just as important as the security software you are using. Keep following good security 101 and combine that with Eset and I am sure you will be more than fine. Again nothing is ever perfect, but an excellent program like Eset and good security hygiene will be more than enough.:)(y)
 
  • Like
  • Applause
Reactions: Nestor, bob974, uduoix and 4 others
SearchLight

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
626
Raiden said:
OSA works well along side Eset, assuming you aren't taking full advantage of the HIPS within Eset. Technically with the HIPS you don't need it, but if you have HIPS set to smart with no other rules, you can use OSA without any issues.

I've read through this thread and agree with what others have said. Eset is a very capable program and I really wouldn't worry too much about this particular test, or any other test for that matter. Tests are fun and all, but keep in mind that the real world is very different. Every test should be taken with a grain of salt anyways. You have to keep in mind that there's no such thing as a perfect product. No product can protect you 100%, every product will fail at some point. Just because you may see a product get 100% on a particular test, doesn't mean it will always be like that. All it means is that it got 100% with that particular sample set.The only true way to be 100% protected from ransomware is to backup, backup and backup.

Sometimes it's easy to get caught up in the hype in regards to tests and start feeling like you need to change or start adding more protection, but in reality that's far from the truth. Honestly ask yourself, has Eset caused you any issues that warrants you to switch?, have you gotten infected at all while using Eest?, when was the last time you actually ran into malware? and (very important here) how are your computing habits? Chances are that if you answered no, not in a long time, follow good habits, you are more than fine. Your habits are just as important as the security software you are using. Keep following good security 101 and combine that with Eset and I am sure you will be more than fine. Again nothing is ever perfect, but an excellent program like Eset and good security hygiene will be more than enough.:)(y)
Click to expand...
Very well said!

I used Roboman's config file for EIS but what rules would you suggest for HIPS to tighten things up in lieu of using OSA?
 
  • Like
Reactions: Nestor and ForgottenSeer 72227
F

ForgottenSeer 72227

SearchLight said:
Very well said!

I used Roboman's config file for EIS but what rules would you suggest for HIPS to tighten things up in lieu of using OSA?
Click to expand...

I am not very well versed in HIPS, when I was using Eset I was to lazy to configure it, so I just ran HIPS in smart mode and ran OSA along side it. That being said, Eset does have a knowledge base article on some rules you can create to further help with ransomware if needed.

Configure HIPS rules for ESET business products to protect against ransomware

Aside from those I haven't really created anymore. I know there are others that are more versed with Eset and HIPS so hopefully they will chime in. (y)
 
  • Like
Reactions: Nestor, bob974, harlan4096 and 2 others
Kuttz

Kuttz

Level 13
Verified
Top Poster
Well-known
May 9, 2015
630
Never heard of KnowBe4 RanSim. When I scanned the SimulatorSetup.exe downloaded from KnowBe4 site using VirusTotal 14 engines flagged it as malware ? My Eset itself flagged it as PUP ? How safe is it to run ?
 
  • Like
Reactions: upnorth
Kuttz

Kuttz

Level 13
Verified
Top Poster
Well-known
May 9, 2015
630
mlnevese said:
@Kuttz It's safe. It creates and encrypts it's own files in a folder inside Documents. As far as I'm concerned ESET is correct in not flagging any of its tests as malicious as it's just altering its own files.
Click to expand...

NOD32 + OSArmor :giggle:
 

Attachments

  • Knowbe4.JPG
    Knowbe4.JPG
    296.4 KB · Views: 425
  • Like
Reactions: mlnevese, bribon77 and harlan4096
Dave Russo

Dave Russo

Level 22
Verified
Top Poster
Well-known
May 26, 2014
1,158
SearchLight said:
Very well said!

I used Roboman's config file for EIS but what rules would you suggest for HIPS to tighten things up in lieu of using OSA?
Click to expand...
You could use Voodoshield along side ,I do, they show no sign of conflict,you don'"t have to adjust Hips,and its a great defense against Randsomware.gl,I also use Roboman"s configuration
 
  • Like
Reactions: Nestor and bribon77
SearchLight

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
626
bribon77 said:
you can do a test now with the new configuration to see what results it gives you.(y)
Click to expand...

Did a test with Ransim and the simulator just hung. The green progress bar stayed on 1/4 progression for almost ten minutes so I stopped it. I guess the new rules did the trick silently.

Should I adjust HIPS to Interactive or leave it as Roboman has it, which I believe is Smart Rules?
 
  • Like
Reactions: Dave Russo, bob974 and bribon77
bribon77

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
SearchLight said:
Did a test with Ransim and the simulator just hung. The green progress bar stayed on 1/4 progression for almost ten minutes so I stopped it. I guess the new rules did the trick silently.

Should I adjust HIPS to Interactive or leave it as Roboman has it, which I believe is Smart Rules?
Click to expand...
I'd leave him like @RoboMan said. The interactive mode is very strong but annoying.
 
  • Like
Reactions: mlnevese, stefanos and bob974
RoboMan

RoboMan

Level 36
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,502
SearchLight said:
Did a test with Ransim and the simulator just hung. The green progress bar stayed on 1/4 progression for almost ten minutes so I stopped it. I guess the new rules did the trick silently.

Should I adjust HIPS to Interactive or leave it as Roboman has it, which I believe is Smart Rules?
Click to expand...
I will make a thread about this
 
  • Like
Reactions: Dave Russo, SearchLight, harlan4096 and 1 other person
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
SearchLight said:
Appreciate the responses. Thanks.

Going back to my OP, then is the consensus here that RanSim accomplishes nothing, and is bogus because it does not reflect what happens in the real world?

If that be so, then what is the purpose of creating, and using this simulator to test software? To create Scareware?

To that end, one could almost argue that the EICAR test virus is the same because it is not doing anything malicious.

I feel that slowly this topic is migrating into the infamous marketing tactics that vendors might employ to sell their security products that will protect and defend your PC from every known threat including Zero day.

It is great to be an informed consumer because of the many informative postings here on the MT website.
Click to expand...
I just took a look at the link that was given before
forum.eset.com

Ransomware Simulators - A Detailed Analysis

The topic of ransomware simulators keep popping up in the forums; most notably the RanSim product by https://www.knowbe4.com/ransomware-simulator . I would have thought by now Eset would have published an official response to like software. Since they haven't, I will. If Eset approves of my analy...
forum.eset.com forum.eset.com
and I saw that it is from itman, who is a known expert in malware behavior. You can read his many posts over on Wilderssecurity.
In short, he says that the RanSim simulator does not exhibit malicious behavior, so there is really no reason an AV should detect it on basis of its behavior.
I am not an ESET user, but I know that itman is a very accurate source of information regarding the software that he knows. ESET definitely falls in that category.
 
  • Like
Reactions: Divine_Barakah, mlnevese and SearchLight

Similar threads

Adrian Ścibor
    • Like
    • +Reputation
In the wild ransomware threats on the rise – May 2024 test summary
Replies
16
Views
2,058
Security Statistics and Reports
Adrian Ścibor
Adrian Ścibor
B
Solved Microsoft Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Replies
20
Views
1,216
Windows Malware Removal Help & Support
icotonev
icotonev
Brownie2019
    • Thanks
On Sale! ESET Internet Security (1 Year / 1 PC) Latest Version €17,90
Replies
0
Views
440
Discounts and Deals
Brownie2019
Brownie2019

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top