ESET with HIPS rules

[L0ckJaw]

Has anyone tested ransomware with the HIPS rules that Eset provides ?

like these : Configure HIPS rules for ESET business products to protect against ransomware

 

[Deleted member 65228]

Just by reading their guide and noticing what parts their focus was on, I can say that in my personal opinion, those rules once implemented into the users configuration would end up as being beneficial for most.

Scripts are a very common deployment technique, and PowerShell is widely used by malware authors.

Although personally I would just completely block features like PowerShell from the first day you setup the environment - but this can be troublesome because an attacker can re-name things and come with its own copy, etc.

 

[L0ckJaw]

I have installed Eset and applied those rules, made some tests in Shadow Defender mode and all was blocked.
The new version of Eset 11.1.42.2 works great, awesome Phising filter.

 

[ForgottenSeer 58943]

I have installed Eset and applied those rules, made some tests in Shadow Defender mode and all was blocked.
The new version of Eset 11.1.42.2 works great, awesome Phising filter.

ESET relies on zVelo API's. Some of the strongest HTTP/HTTPS malware filtration and anti-phising available. I use zVelo on my gateway to filter ALL traffic inbound, it catches a LOT of stuff.

zVelo alone makes Eset one of the strongest suites IMO.

 

[Deleted member 65228]

zVelo alone makes Eset one of the strongest suites IMO.

Avast and FireEye are also customers according to the zVelo website.

 

[ForgottenSeer 58943]

Avast and FireEye are also customers according to the zVelo website.

Indeed they do. Cyren used them too, but then stole their proprietary technology and built their own out of it, which resulted in a lawsuit. (Cyren = Sleazy Israeli firm) Sonicwall also licensed their API then violated patents when Sonicwall decided to infringe on zVelo's advanced technology.

Basically, zVelo licenses their web categorization database and very speedy heuristic web scanning engine to firms who then use it in their products. Eset/Avast are a couple of users, but there are thousands. Untangle, FireEye and other UTM's use it as well because quite frankly, it's in the top 5 web scanning engines in the world. Only Google and FortiGuard themselves are comparable.

Some of the newer smart-home protection devices use zVelo but won't disclose they do. (Cujo, etc)