D

Deleted member 65228

Just by reading their guide and noticing what parts their focus was on, I can say that in my personal opinion, those rules once implemented into the users configuration would end up as being beneficial for most.

Scripts are a very common deployment technique, and PowerShell is widely used by malware authors.

Although personally I would just completely block features like PowerShell from the first day you setup the environment - but this can be troublesome because an attacker can re-name things and come with its own copy, etc.
 

Slyguy

Level 42
Verified
I have installed Eset and applied those rules, made some tests in Shadow Defender mode and all was blocked.
The new version of Eset 11.1.42.2 works great, awesome Phising filter.
ESET relies on zVelo API's. Some of the strongest HTTP/HTTPS malware filtration and anti-phising available. I use zVelo on my gateway to filter ALL traffic inbound, it catches a LOT of stuff.

zVelo alone makes Eset one of the strongest suites IMO.
 

Slyguy

Level 42
Verified
Avast and FireEye are also customers according to the zVelo website.
Indeed they do. Cyren used them too, but then stole their proprietary technology and built their own out of it, which resulted in a lawsuit. (Cyren = Sleazy Israeli firm) Sonicwall also licensed their API then violated patents when Sonicwall decided to infringe on zVelo's advanced technology.

Basically, zVelo licenses their web categorization database and very speedy heuristic web scanning engine to firms who then use it in their products. Eset/Avast are a couple of users, but there are thousands. Untangle, FireEye and other UTM's use it as well because quite frankly, it's in the top 5 web scanning engines in the world. Only Google and FortiGuard themselves are comparable.

Some of the newer smart-home protection devices use zVelo but won't disclose they do. (Cujo, etc)