ESET Internet Security 2019 v12.1.31.0 and Ransomware via RanSim

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
I think I will just add OSA to supplement my Eset IS, and I should be covered for most eventualities . Agree?
 
F

ForgottenSeer 72227

I think I will just add OSA to supplement my Eset IS, and I should be covered for most eventualities . Agree?
OSA works well along side Eset, assuming you aren't taking full advantage of the HIPS within Eset. Technically with the HIPS you don't need it, but if you have HIPS set to smart with no other rules, you can use OSA without any issues.

I've read through this thread and agree with what others have said. Eset is a very capable program and I really wouldn't worry too much about this particular test, or any other test for that matter. Tests are fun and all, but keep in mind that the real world is very different. Every test should be taken with a grain of salt anyways. You have to keep in mind that there's no such thing as a perfect product. No product can protect you 100%, every product will fail at some point. Just because you may see a product get 100% on a particular test, doesn't mean it will always be like that. All it means is that it got 100% with that particular sample set.The only true way to be 100% protected from ransomware is to backup, backup and backup.

Sometimes it's easy to get caught up in the hype in regards to tests and start feeling like you need to change or start adding more protection, but in reality that's far from the truth. Honestly ask yourself, has Eset caused you any issues that warrants you to switch?, have you gotten infected at all while using Eest?, when was the last time you actually ran into malware? and (very important here) how are your computing habits? Chances are that if you answered no, not in a long time, follow good habits, you are more than fine. Your habits are just as important as the security software you are using. Keep following good security 101 and combine that with Eset and I am sure you will be more than fine. Again nothing is ever perfect, but an excellent program like Eset and good security hygiene will be more than enough.:)(y)
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
OSA works well along side Eset, assuming you aren't taking full advantage of the HIPS within Eset. Technically with the HIPS you don't need it, but if you have HIPS set to smart with no other rules, you can use OSA without any issues.

I've read through this thread and agree with what others have said. Eset is a very capable program and I really wouldn't worry too much about this particular test, or any other test for that matter. Tests are fun and all, but keep in mind that the real world is very different. Every test should be taken with a grain of salt anyways. You have to keep in mind that there's no such thing as a perfect product. No product can protect you 100%, every product will fail at some point. Just because you may see a product get 100% on a particular test, doesn't mean it will always be like that. All it means is that it got 100% with that particular sample set.The only true way to be 100% protected from ransomware is to backup, backup and backup.

Sometimes it's easy to get caught up in the hype in regards to tests and start feeling like you need to change or start adding more protection, but in reality that's far from the truth. Honestly ask yourself, has Eset caused you any issues that warrants you to switch?, have you gotten infected at all while using Eest?, when was the last time you actually ran into malware? and (very important here) how are your computing habits? Chances are that if you answered no, not in a long time, follow good habits, you are more than fine. Your habits are just as important as the security software you are using. Keep following good security 101 and combine that with Eset and I am sure you will be more than fine. Again nothing is ever perfect, but an excellent program like Eset and good security hygiene will be more than enough.:)(y)
Very well said!

I used Roboman's config file for EIS but what rules would you suggest for HIPS to tighten things up in lieu of using OSA?
 
F

ForgottenSeer 72227

Very well said!

I used Roboman's config file for EIS but what rules would you suggest for HIPS to tighten things up in lieu of using OSA?

I am not very well versed in HIPS, when I was using Eset I was to lazy to configure it, so I just ran HIPS in smart mode and ran OSA along side it. That being said, Eset does have a knowledge base article on some rules you can create to further help with ransomware if needed.

Configure HIPS rules for ESET business products to protect against ransomware

Aside from those I haven't really created anymore. I know there are others that are more versed with Eset and HIPS so hopefully they will chime in. (y)
 

Kuttz

Level 13
Verified
Top Poster
Well-known
May 9, 2015
625
Never heard of KnowBe4 RanSim. When I scanned the SimulatorSetup.exe downloaded from KnowBe4 site using VirusTotal 14 engines flagged it as malware ? My Eset itself flagged it as PUP ? How safe is it to run ?
 
  • Like
Reactions: upnorth

Kuttz

Level 13
Verified
Top Poster
Well-known
May 9, 2015
625
@Kuttz It's safe. It creates and encrypts it's own files in a folder inside Documents. As far as I'm concerned ESET is correct in not flagging any of its tests as malicious as it's just altering its own files.

NOD32 + OSArmor :giggle:
 

Attachments

  • Knowbe4.JPG
    Knowbe4.JPG
    296.4 KB · Views: 389

Dave Russo

Level 21
Verified
Top Poster
Well-known
May 26, 2014
1,042
Very well said!

I used Roboman's config file for EIS but what rules would you suggest for HIPS to tighten things up in lieu of using OSA?
You could use Voodoshield along side ,I do, they show no sign of conflict,you don'"t have to adjust Hips,and its a great defense against Randsomware.gl,I also use Roboman"s configuration
 
  • Like
Reactions: Nestor and bribon77

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
you can do a test now with the new configuration to see what results it gives you.(y)

Did a test with Ransim and the simulator just hung. The green progress bar stayed on 1/4 progression for almost ten minutes so I stopped it. I guess the new rules did the trick silently.

Should I adjust HIPS to Interactive or leave it as Roboman has it, which I believe is Smart Rules?
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Did a test with Ransim and the simulator just hung. The green progress bar stayed on 1/4 progression for almost ten minutes so I stopped it. I guess the new rules did the trick silently.

Should I adjust HIPS to Interactive or leave it as Roboman has it, which I believe is Smart Rules?
I'd leave him like @RoboMan said. The interactive mode is very strong but annoying.
 

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Did a test with Ransim and the simulator just hung. The green progress bar stayed on 1/4 progression for almost ten minutes so I stopped it. I guess the new rules did the trick silently.

Should I adjust HIPS to Interactive or leave it as Roboman has it, which I believe is Smart Rules?
I will make a thread about this
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Appreciate the responses. Thanks.

Going back to my OP, then is the consensus here that RanSim accomplishes nothing, and is bogus because it does not reflect what happens in the real world?

If that be so, then what is the purpose of creating, and using this simulator to test software? To create Scareware?

To that end, one could almost argue that the EICAR test virus is the same because it is not doing anything malicious.

I feel that slowly this topic is migrating into the infamous marketing tactics that vendors might employ to sell their security products that will protect and defend your PC from every known threat including Zero day.

It is great to be an informed consumer because of the many informative postings here on the MT website.
I just took a look at the link that was given before
and I saw that it is from itman, who is a known expert in malware behavior. You can read his many posts over on Wilderssecurity.
In short, he says that the RanSim simulator does not exhibit malicious behavior, so there is really no reason an AV should detect it on basis of its behavior.
I am not an ESET user, but I know that itman is a very accurate source of information regarding the software that he knows. ESET definitely falls in that category.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top