App Review ESET Smart Security 2022 (Custom Roboman's Settings)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Andrew3000 said:
Eset has been tracking the sample in their cloud for 2 weeks.
I sent it to EDTD (Eset Dynamic threat defense) sandbox available for business products and the report gives the sample as clean :O
Click to expand...
Looks like EDTD is pretty dumb šŸ˜• A pro ESET user already told me a couple of weeks ago that it's subpar. I guess Kaspersky's sandbox available on Opentip and Avast's Cyber Capture are better.
But at least an ESET analyst should've checked it by now. Strange!
 
  • Like
Reactions: Venustus, Nevi, oldschool and 2 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Got a response from Marcos on the ESET forum.
We've added detection - MSIL/BadJoke.AAW trojan. It's a benign scaring application.
Click to expand...
So looks like it doesn't actually write to MBR. It's rather a program to scare users into thinking that it happened.
I can confirm that the detection is added even though VT is not showing it yet,
1.png
 
  • Like
  • +Reputation
  • Applause
Reactions: Venustus, Gandalf_The_Grey, roger_m and 4 others
Andrew3000

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
537
  • Like
  • +Reputation
Reactions: Venustus, Gandalf_The_Grey, Nevi and 3 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Andrew3000 said:
This is another 2y old malware that ESET pick as clean (Also in sandbox)

4663715548c70eec7e9cbf272171493d47a75d2652e38cca870412ea9e749fe9 | Triage

Check this report malware sample 4663715548c70eec7e9cbf272171493d47a75d2652e38cca870412ea9e749fe9, with a score of 1 out of 10.
tria.ge tria.ge

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

View attachment 262433
Click to expand...
I heard ESET uses Microsoft's Azure AI servers for EDTD, not their own.
The earlier sample also wasn't detected by Microsoft Defender. The initial cloud scan found some malicious behavior in it, but it wasn't the final determination. Then I uploaded that to Microsoft and a few hours later Microsoft started detecting via cloud and my submission showed the Final determination status as malicious.
The malware that you shared here now is also not detected by Microsoft Defender at the moment and I think as a result also not by ESET Dynamic Threat Defense.
There was another fairly new sample that was tested by someone that wasn't detected by any of the popular AVs on Virustotal except Microsoft Defender. That sample was then detected by ESET's LiveGuard on ESET Smart Security.
So now everything points to what I heard. This ESET Dynamic Threat Defense aka LiveGuard is not ESET's own technology. It's Microsoft's Azure AI sandbox, or whatever that is called. If Microsoft's cloud don't detect something, then ESET's EDTD/LiveGuard won't.
(Correct me if I'm wrong).
Edit: Microsoft won't do any more analysis of it. They did it before and confirms that this is not malicious :unsure:
1.png
 
Last edited:
  • Like
  • Wow
Reactions: tipo, RansomwareRemediation, Evjl's Rain and 7 others
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,485
Andrew3000 said:
Hatching Triage | Malware sandboxing report by Hatching Triage
View attachment 262432
Click to expand...
Interesting, I just re did this whole test with the samples @Shadowra provided me, and I noticed no persistance after reboot. Actually, after reboot, no active process, no autorun or registry entry. There's a possibility ESET HIPS blocked several components of the attack, but not all of them.

I will publish here my test later today, and will do a specific analysis on this file for tomorrow.
 
  • Like
Reactions: Nevi, Guilhermesene, roger_m and 3 others
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,485
RoboMan said:
Interesting, I just re did this whole test with the samples @Shadowra provided me, and I noticed no persistance after reboot. Actually, after reboot, no active process, no autorun or registry entry. There's a possibility ESET HIPS blocked several components of the attack, but not all of them.

I will publish here my test later today, and will do a specific analysis on this file for tomorrow.
Click to expand...
Here's my ESET test with the same files @Shadowra used :)

The main difference is the configuration, this video used my latest configuration file (with registry and hosts protection).

 
  • Like
  • Thanks
  • +Reputation
Reactions: tipo, Nevi, Zorro and 5 others
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
RoboMan said:
Here's my ESET test with the same files @Shadowra used :)

The main difference is the configuration, this video used my latest configuration file (with registry and hosts protection).

Click to expand...


Thanks for the updated video :)

Too bad the malware that was writing to the MBR was detected by Eset Database, I would have liked to see if HIPS would have blocked the attack (the file that was putting colors in your video is not writing to the MBR)
 
  • Like
Reactions: tipo, Nevi, Zorro and 4 others
Razza

Razza

Level 4
Verified
Well-known
Aug 12, 2014
165
I do like Eset have used it in the past a few times, one thing I don't like about it years after other AV's have added behaviour blocker Eset doesn't have one it's too signature dependent.

I know it got Hips on the default settings of automatic mode I don't think it block or detects anything not seen ever flag anything.
 
  • Like
Reactions: tipo, RansomwareRemediation, Nevi and 1 other person
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
SeriousHoax said:
I heard ESET uses Microsoft's Azure AI servers for EDTD, not their own.
The earlier sample also wasn't detected by Microsoft Defender. The initial cloud scan found some malicious behavior in it, but it wasn't the final determination. Then I uploaded that to Microsoft and a few hours later Microsoft started detecting via cloud and my submission showed the Final determination status as malicious.
The malware that you shared here now is also not detected by Microsoft Defender at the moment and I think as a result also not by ESET Dynamic Threat Defense.
There was another fairly new sample that was tested by someone that wasn't detected by any of the popular AVs on Virustotal except Microsoft Defender. That sample was then detected by ESET's LiveGuard on ESET Smart Security.
So now everything points to what I heard. This ESET Dynamic Threat Defense aka LiveGuard is not ESET's own technology. It's Microsoft's Azure AI sandbox, or whatever that is called. If Microsoft's cloud don't detect something, then ESET's EDTD/LiveGuard won't.
(Correct me if I'm wrong).
Edit: Microsoft won't do any more analysis of it. They did it before and confirms that this is not malicious :unsure:
View attachment 262440
Click to expand...

Are you sure about that? I think ESET just use the Azure server (the infrastructure), it doesnt mean that it is using Microsoft Defender technology, they are not the same thing.

If I am not wrong all ESET technology is proprietary and "in-house", maybe @Marcos can clarify it for us.
 
  • Like
Reactions: tipo, RansomwareRemediation, Nevi and 6 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Nightwalker said:
Are you sure about that? I think ESET just use the Azure server (the infrastructure), it doesnt mean that it is using Microsoft Defender technology, they are not the same thing.

If I am not wrong all ESET technology is proprietary and "in-house", maybe @Marcos can clarify it for us.
Click to expand...
I'm not sure as I said that's what I heard. But also, when an ESET forum member wrote this in a comment, Marcos didn't correct him.
He also said that it's costly, that's why they included it in the ESET Smart Security Premium products. EDTD also requires an extra subscription for their Endpoint products. If everything was their own, then it shouldn't cost anything/much extra, specially in the ESET Home products for basic analysis. Avast literally has CyberCapture in their free products, Kaspersky has the Opentip service free for public use, Avira also submits unknown files to their cloud and gives a verdict which is available even in the free versions, etc. So for ESET this shouldn't cost too much extra to implement in all of their products.
Analysis wise, Microsoft's cloud and EDTD/LiveGuard's results are matching in many cases.
But anyway, as I said I'm not sure but some things points towards that. I would also like to know if this info is wrong.
If the info is wrong, then ESET is just being cheap and trying to earn some extra cash by trying to move users to Smart Security Premium subscription.
BTW, isn't Voodoshield AI uses or at least used to use Microsoft Azure AI or something like that? The cost is alright I guess since @danb is able to afford it. ESET is much bigger financially.
Hopefully Marcos can clarify all the confusion.
 
  • Like
Reactions: Nevi, Guilhermesene, Nightwalker and 1 other person
Zorro

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
408
SeriousHoax said:
Got a response from Marcos on the ESET forum.

So looks like it doesn't actually write to MBR. It's rather a program to scare users into thinking that it happened.
I can confirm that the detection is added even though VT is not showing it yet,
View attachment 262431
Click to expand...
Where can you watch your dialogue? I looked for Eset on the forum, but did not find it.
 
  • Like
Reactions: Nevi and Gandalf_The_Grey
Zorro

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
408
SeriousHoax said:
It was in private message, that's why you couldn't find.
Click to expand...
Good. It is not clear if this program really changes the master boot record and prevents the system from booting, then this is not a "joke" already, but a serious problem for a home user (especially if he does not have a bootable USB flash drive), and if this colored cube itself through some time disappears, then it can be called a "joke". Therefore, I wanted to read the entire dialogue in order to understand whether it is really a joke for virus analysts to change the master boot record by a malicious program :)
 
  • Like
Reactions: Nevi, Gandalf_The_Grey and SeriousHoax
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
SFox said:
Good. It is not clear if this program really changes the master boot record and prevents the system from booting, then this is not a "joke" already, but a serious problem for a home user (especially if he does not have a bootable USB flash drive), and if this colored cube itself through some time disappears, then it can be called a "joke". Therefore, I wanted to read the entire dialogue in order to understand whether it is really a joke for virus analysts to change the master boot record by a malicious program :)
Click to expand...
You're right. But what I shared is the only reply I got. So I don't know anything else.
 
  • Like
Reactions: Nevi, Zorro, Guilhermesene and 1 other person
C

czesetfan

Level 4
Dec 3, 2021
184
SFox said:
On the one hand, the antivirus showed itself not bad, we can say that only 1 malicious program was able to harm the system, and in total there were almost 1000 such programs in the test. 1 in 1000 is not bad.
But with such tight settings, the antivirus should not have let this malware pass. Moreover, this is not even the Internet Security - this is a whole Premium, in which there is LiveGuard! Besides, if I'm not mistaken, ESET has some kind of protection against changes to the master boot record. Or is there no such function? In any case, if the case turns out as in the test, then the average user is unlikely to be able to restore the boot record on his own. And this is very bad. For an ordinary John. He will have to pay for the services of a computer specialist.
What will Marcos say?
Click to expand...
I noticed the "inactivity" of LiveGuard. According to the manual Proactive protection | ESET Dynamic Threat Defense | ESET Online Help, this feature only responds to these four suspicious file locations:

Proactive protection detects only files from the following sources:

ā€¢Files downloaded using a supported web browser
ā€¢Downloaded from a mail client
ā€¢Files extracted from an unencrypted or encrypted archive using one of the supported archive utilities
ā€¢Executed and opened files located on a removable device

Do I understand correctly that it doesn't respond to files that are already on the hard drive?
 
  • Like
Reactions: Andrew3000
Andrew3000

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
537
czesetfan said:
I noticed the "inactivity" of LiveGuard. According to the manual Proactive protection | ESET Dynamic Threat Defense | ESET Online Help, this feature only responds to these four suspicious file locations:

Proactive protection detects only files from the following sources:

ā€¢Files downloaded using a supported web browser
ā€¢Downloaded from a mail client
ā€¢Files extracted from an unencrypted or encrypted archive using one of the supported archive utilities
ā€¢Executed and opened files located on a removable device

Do I understand correctly that it doesn't respond to files that are already on the hard drive?
Click to expand...
I can tell you what I have seen with ESET Endpoint Security and EDTD enabled, (ESET Dynamic Threat Defense) the sandbox for business users.
It often happened that during game updates on steam, files (especially .exe/dll even if already known to the cloud) were uploaded to the sandbox.
But even in this case they were ā€œdownloadedā€ and were not previously present on the PC.
So it is likely that the files already on the computer are not being loaded into the sandbox.
Exactly how it works, I don't know how to explain it.
 
  • Like
Reactions: SeriousHoax and Nevi

Similar threads

Shadowra
    • Like
    • +Reputation
    • Applause
App Review Eset Smart Security 2024
Replies
26
Views
2,914
Video Reviews - Security and Privacy
superleeds27
S
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review ESET Smart Security Premium 2024
Replies
20
Views
3,864
Video Reviews - Security and Privacy
Shadowra
Shadowra
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Avira Pro Antivirus
Replies
5
Views
772
Video Reviews - Security and Privacy
Khushal
Khushal

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top