Source
https://www.youtube.com/watch?v=S0S_6qv8_KE
Video created by
Shadowra

Shadowra

Level 8
Sep 2, 2021
376
Hello and welcome to the ESET test!
ESET is an antivirus company located in Bratislava, Slovakia.
Leader in security (partnership with Google Play, Chrome etc), ESET is very well known in the world of security and very appreciated by gamers because it is very light.

In this test, we have imported rules created by the community to strengthen the HIPS, which has always been a weakness.

Overall, ESET did very well!
It caught up well with the malware in the pack thanks to HIPS!
Just one piece of malware hurt it, ESET blocked its actions well, but it manages to get into the MBR. Impossible to start the machine.

Apart from this mistake, ESET is still recommendable and one of the best antivirus products!

RAM Usage : Light
Phishing Test : 2/4 (2 missed, 1 dead)
Malware URL test : 9/9 (All detected, 1 dead)
Fake crack : 1/1 (detected)
Malware Pack : Remaining 156 out of 985 files

Result :
- ESET : 4
- Hitman Pro : 1
- NPE : 2 (Norton indicates 604 because a malware created random files on the desktop)
- KVRT : 1
- Comodo : 0

The MBR has unfortunately been modified, a 3D cube appears after reboot!

ESET rules : @RoboMan
Request by : @RoboMan and @SFox

All undetected malware has been send a @Marcos from ESET Team !

 

SFox

Level 7
Verified
Well-known
Jun 11, 2019
328
On the one hand, the antivirus showed itself not bad, we can say that only 1 malicious program was able to harm the system, and in total there were almost 1000 such programs in the test. 1 in 1000 is not bad.
But with such tight settings, the antivirus should not have let this malware pass. Moreover, this is not even the Internet Security - this is a whole Premium, in which there is LiveGuard! Besides, if I'm not mistaken, ESET has some kind of protection against changes to the master boot record. Or is there no such function? In any case, if the case turns out as in the test, then the average user is unlikely to be able to restore the boot record on his own. And this is very bad. For an ordinary John. He will have to pay for the services of a computer specialist.
What will Marcos say?
 

RoboMan

Level 33
Verified
Top poster
Content Creator
Well-known
Jun 24, 2016
2,264
Thank you @Shadowra for your video!!

Overall, we've seen ESET HIPS in serious action, warning us about most of the malware you executed.

Just an observation, I saw you imported my configuration file "June_2021", which is the outdated configuration file. This one only includes ransomware protection, but nothing else. Several days in the past, I updated my thread, including rules for:
  • Registry Protection
  • Hosts File Protection
I really believe my November_2021 file offers a stronger, more solid protection! Anyways, I hope you can re-test it in the future with this one.

This file can be found in my thread: Q&A - Configure ESET Antivirus for Maximum Security (by RoboMan)

Or directly in: UPLOAD.EE - ESET_NOD32_November_2021.xml - Download

All in all, aforementioned, this was a really good result.
 

SFox

Level 7
Verified
Well-known
Jun 11, 2019
328
I really believe my November_2021 file offers a stronger, more solid protection! Anyways, I hope you can re-test it in the future with this one.
I also noticed that in the configuration file that was imported, there were no rules for protecting against ransomware and other rules for protecting the registry. But the test has already been carried out, and Shadowra will not be re-tested.
 

SFox

Level 7
Verified
Well-known
Jun 11, 2019
328
One more point. One of the users with whom we discussed this test on another forum noted that the settings do not enable file blocking in LiveGuard until the result of cloud analysis (proactive protection). Could this affect the launch of malware that damaged the system? Big question :)
 

Shadowra

Level 8
Sep 2, 2021
376
One more point. One of the users with whom we discussed this test on another forum noted that the settings do not enable file blocking in LiveGuard until the result of cloud analysis (proactive protection). Could this affect the launch of malware that damaged the system? Big question :)

The Roboman settings disable LiveGuard, but I re-enabled it behind ;)

On which forum is this talking about my video?
 

SFox

Level 7
Verified
Well-known
Jun 11, 2019
328

Shadowra

Level 8
Sep 2, 2021
376
We are discussing on the Russian forum (ESET NOD32 Internet Security - Комментарии и отзывы - Страница 3). It's not about whether LiveGuard was turned on, but about its settings, there is a screenshot in the discussion on the Russian forum.

I was able to read a little bit by copying and pasting in DeepL, I even saw that a member did not like Eset :D

As you say, the probability of a malware destroying the MBR is very low, especially since in my tests, I always push the antivirus to its maximum :) (using different scenarios: Virus, Worm, Trojan, RAT, MBRLock etc )

On the other hand, I hope that Eset will improve the protection at startup. The malware is still well detected by the antivirus...

VT detection :
 

SeriousHoax

Level 39
Verified
Top poster
Well-known
Mar 16, 2019
2,897
I was able to read a little bit by copying and pasting in DeepL, I even saw that a member did not like Eset :D

As you say, the probability of a malware destroying the MBR is very low, especially since in my tests, I always push the antivirus to its maximum :) (using different scenarios: Virus, Worm, Trojan, RAT, MBRLock etc )

On the other hand, I hope that Eset will improve the protection at startup. The malware is still well detected by the antivirus...

VT detection :
WoW so some products like Avira and Kaspersky even have very accurate signature for it, "DiskWriter" while ESET isn't even detecting it.
First submission on VT, "2021-11-05". That's almost 20 days now. They should've known about it by now. I wonder what's the origin of this sample. Because ESET often doesn't perform well against malware with Chinese origin. Lack of honeypot, lack of users in that area or something else could be the reason. Since ESET is highly signature oriented, if ESET hasn't seen similar sample before then the chance of it having signature/heuristics to detect that is low.
 

Andrew3000

Level 9
Verified
Malware Tester
Well-known
Feb 8, 2016
415
WoW so some products like Avira and Kaspersky even have very accurate signature for it, "DiskWriter" while ESET isn't even detecting it.
First submission on VT, "2021-11-05". That's almost 20 days now. They should've known about it by now. I wonder what's the origin of this sample. Because ESET often doesn't perform well against malware with Chinese origin. Lack of honeypot, lack of users in that area or something else could be the reason. Since ESET is highly signature oriented, if ESET hasn't seen similar sample before then the chance of it having signature/heuristics to detect that is low.
Eset has been tracking the sample in their cloud for 2 weeks.
I sent it to EDTD (Eset Dynamic threat defense) sandbox available for business products and the report gives the sample as clean :O

dsds.jpeg
 
Last edited:
Top