Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Malware Hub
Testing Reports & Statistics
ESET IS - April 2021 Report
Message
<blockquote data-quote="MacDefender" data-source="post: 937446" data-attributes="member: 83059"><p>It's nice to see ESET tested again! A lot of the same but some surprises too. As always, their signatures are excellent and the bulk of their protection. The only "dynamic" hits so far are due to signature detections in network-downloaded payloads or files (or file equivalents) that they staged being detected by signatures at runtime.</p><p></p><p>BazarLoader is a very interesting test case for two reasons:</p><ol> <li data-xf-list-type="ol">It's a reminder that even though ESET has had good track record with being one of the first to adding signatures and excellent mainstream AV testing results (borderline perfect track record), that doesn't mean it's 100% foolproof. This looks like EXE malware with a fairly high VT detection ratio getting through and infecting the system.</li> <li data-xf-list-type="ol">It's once again a reminder that ESET is lacking in both its automatic HIPS configuration as well as a dynamic behavior blocker. Looking at the Huorong dynamic hit, the process is setting RunOnce and AutoRun registry keys, shelling out to cmd.exe, and is unsigned. I would be willing to bet that most behavior blockers would flip out about this happening, but ESET lets it right through without taking any action. Setting AutoRuns isn't even something that you need a dynamic injected behavior blocker to monitor -- this is something that I'd argue is the job of a HIPS system to flag.</li> </ol><p></p><p>I really think if someone were to combine ESET's signatures with one of many decent behavior blockers, it would be a very strong product that rivals the best of the best.</p></blockquote><p></p>
[QUOTE="MacDefender, post: 937446, member: 83059"] It's nice to see ESET tested again! A lot of the same but some surprises too. As always, their signatures are excellent and the bulk of their protection. The only "dynamic" hits so far are due to signature detections in network-downloaded payloads or files (or file equivalents) that they staged being detected by signatures at runtime. BazarLoader is a very interesting test case for two reasons: [LIST=1] [*]It's a reminder that even though ESET has had good track record with being one of the first to adding signatures and excellent mainstream AV testing results (borderline perfect track record), that doesn't mean it's 100% foolproof. This looks like EXE malware with a fairly high VT detection ratio getting through and infecting the system. [*]It's once again a reminder that ESET is lacking in both its automatic HIPS configuration as well as a dynamic behavior blocker. Looking at the Huorong dynamic hit, the process is setting RunOnce and AutoRun registry keys, shelling out to cmd.exe, and is unsigned. I would be willing to bet that most behavior blockers would flip out about this happening, but ESET lets it right through without taking any action. Setting AutoRuns isn't even something that you need a dynamic injected behavior blocker to monitor -- this is something that I'd argue is the job of a HIPS system to flag. [/LIST] I really think if someone were to combine ESET's signatures with one of many decent behavior blockers, it would be a very strong product that rivals the best of the best. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
