Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
"pyrate", Behavior Blocker Bypass POC #3
Message
<blockquote data-quote="MacDefender" data-source="post: 882207" data-attributes="member: 83059"><p>Yeah I have to say, the biggest surprise is that it is a lot of the small newcomers like [USER=76851]@WiseVector[/USER] and to some extent Emsisoft that have had the most productive and transparent responses to these kinds of POCs.</p><p></p><p>I'm not even demanding that every AV responds to my proof of concepts. WiseVector months ago said they would try to look into improving their product because Kaspersky's BB worked better and it sure looks like they followed up on that promise. Emsisoft said roughly that they don't consider behavior blocking as useful as they once did, and these days by the time ransomware gets on your machine, trying to stop it is a lost cause because of their arsenal of evasion techniques. And I respect that too.</p><p></p><p>ESET is just.... erratic for a lack of a better term. First it's "we don't detect it because this isn't real malware, and writing real malware is unethical". Then the second exploit they added a HOAX/FAKE signature for it. This time they added a real signature without the fake/hoax label but it was so easily bypassable. Meanwhile their website basically advertises a dynamic behavior blocker. Which one is it?</p><p></p><p>My personal interpretation of ESET is that they focus on in the wild threats and addressing them primarily by signature scanning. If that's their belief too, I would 100% respect it if they just owned up to that and stated their reasons why they believe their approach is right.</p><p></p><p>Instead, their current responses make me feel like they are just inventing contradicting excuses, and sometimes their excuses aren't even legitimate. There are many respectable AV programs that at least detect some variants of this attack. ESET basically detects none of them.</p></blockquote><p></p>
[QUOTE="MacDefender, post: 882207, member: 83059"] Yeah I have to say, the biggest surprise is that it is a lot of the small newcomers like [USER=76851]@WiseVector[/USER] and to some extent Emsisoft that have had the most productive and transparent responses to these kinds of POCs. I'm not even demanding that every AV responds to my proof of concepts. WiseVector months ago said they would try to look into improving their product because Kaspersky's BB worked better and it sure looks like they followed up on that promise. Emsisoft said roughly that they don't consider behavior blocking as useful as they once did, and these days by the time ransomware gets on your machine, trying to stop it is a lost cause because of their arsenal of evasion techniques. And I respect that too. ESET is just.... erratic for a lack of a better term. First it's "we don't detect it because this isn't real malware, and writing real malware is unethical". Then the second exploit they added a HOAX/FAKE signature for it. This time they added a real signature without the fake/hoax label but it was so easily bypassable. Meanwhile their website basically advertises a dynamic behavior blocker. Which one is it? My personal interpretation of ESET is that they focus on in the wild threats and addressing them primarily by signature scanning. If that's their belief too, I would 100% respect it if they just owned up to that and stated their reasons why they believe their approach is right. Instead, their current responses make me feel like they are just inventing contradicting excuses, and sometimes their excuses aren't even legitimate. There are many respectable AV programs that at least detect some variants of this attack. ESET basically detects none of them. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
