Serious Discussion TuxTalk - Eset Smart Security Premium Thread

[RansomwareRemediation]

First: It's Gen D and not Gen G (Gen Digital)

Second: Gen D has nothing to do with Broadcom.

sorry Gen Digital

 

[TuxTalk]

First: It's Gen D and not Gen G (Gen Digital)

Second: Gen D has nothing to do with Broadcom.

Let him be Kongo, he always thinks he knows better.

 

[RansomwareRemediation]

Let him be Kongo, he always thinks he knows better.

?

 

[TuxTalk]

?

Have anything to tell about ESET ? If not then stop polluting this topic with Gen Digital topics.

 

[Kongo]

 

[Miravi]

ESET is easily one of the lightest security solutions I've tried. My experience was totally without problems on Windows 11, and I continue to admire their commitment to tasteful, clean UI design that caters to the power user.

While I haven't been convinced that ESET leads the way in unknown malware detection, LiveGuard and HIPS customization certainly alleviate any gaps as already shown in this thread.

 

[Sorrento]

I only went to watch a bit of telly & a snooze & there are 4600 pages to view

 

[piquiteco]

I only went to watch a bit of telly & a snooze & there are 4600 pages to view

I wasn't going to comment here anymore, but where did you see 4,600 pages to view?

 

[stonjean633]

Magic Quadrant for EPP

 

[Sorrento]

I wasn't being serious - Sorry

 

[RoboMan]

To confirm, you reproduced a live scenario, running the true route of infection, applied custom HIPS and firewall rules, and the malware nevertheless evaded all defenses?

Not exactly a full live infection route, but close. I executed the samples manually in a controlled environment, not through its original delivery method (phishing or email). The test was done on a clean Windows system with several software installed and running to emulate a real system, and the antivirus running in real time without any disabled components. I did different tests and fresh machines for each sample. I also had custom HIPS and firewall rules in place. Some rules were extracted from ESET's forums, like:

• Deny processes from script executables
• Deny script processes started by explorer
• Deny child processes from Office 2013/2016 processes
• Deny child processes for regsrv32.exe
• Deny child processes for mshta.exe
• Deny child processes for rundll32.exe
• Deny child processes for powershell.exe
• Hosts file protection

Of course, upon the execution of malware, there was no way of knowing if the techniques the file was going to use was covered by any of these rules, so just take them as an attack surface reduction. But, once again, if we rely on custom HIPS rules to provide a decent protection we are going to need a thousand rules.

To avoid changing the subject, many files I tested this way avoided being detected or stopped. Sadly there's no way to prove I ever performed such tests since I don't have a video, so as I was doing and will keep doing, I'll refrain from talking about the current ESET version.

 

[Divergent]

Not exactly a full live infection route, but close. I executed the samples manually in a controlled environment, not through its original delivery method (phishing or email). The test was done on a clean Windows system with several software installed and running to emulate a real system, and the antivirus running in real time without any disabled components. I did different tests and fresh machines for each sample. I also had custom HIPS and firewall rules in place. Some rules were extracted from ESET's forums, like:

• Deny processes from script executables
• Deny script processes started by explorer
• Deny child processes from Office 2013/2016 processes
• Deny child processes for regsrv32.exe
• Deny child processes for mshta.exe
• Deny child processes for rundll32.exe
• Deny child processes for powershell.exe
• Hosts file protection

Of course, upon the execution of malware, there was no way of knowing if the techniques the file was going to use was covered by any of these rules, so just take them as an attack surface reduction. But, once again, if we rely on custom HIPS rules to provide a decent protection we are going to need a thousand rules.

To avoid changing the subject, many files I tested this way avoided being detected or stopped. Sadly there's no way to prove I ever performed such tests since I don't have a video, so as I was doing and will keep doing, I'll refrain from talking about the current ESET version.

What you describe is a good start, but without proof it’s impossible to verify. Manually executing samples on a clean VM doesn’t trigger many protections that only activate on the original delivery method (phishing, email attachments, drive‑by downloads). Custom HIPS/Firewall rules can help, but a small set of basic HIPS rules won’t cover every technique. The claims about ESET being weak in default settings need reproducible evidence, logs, hashes, or recordings also, otherwise it’s just anecdote.

 

[Minimalist]

Manually executing samples on a clean VM doesn’t trigger many protections that only activate on the original delivery method (phishing, email attachments, drive‑by downloads).

I've encountered such malware detection a week or two ago.
I received email with RAR file which had BAT file compressed in it. I uploaded it to VT and ESET was one of two vendors that detected it. Funny thing is that when I extracted a file and uploaded it to VT it was not detected by ESET. And ESET still doesn't detect BAT file but it detects RAR file. Similar is a case with some other vendors. ž

So I guess that they either figgured out that some other component would intervene when trying to execute that BAT file or they "know" that this malware is always deleivered in compressed RAR file.

Here is link to VT detecetions for RAR file: VirusTotal
and for BAT file:

VirusTotal

VirusTotal

www.virustotal.com

 

[TuxTalk]

People still remember this test from @Shadowra ?

App Review Thread 'Eset Smart Security Premium v18'

Nov 6, 2024

Eset is a well-known Slovakian antivirus, highly appreciated for its lightness on the system.
Formerly called Eset-Nod32, the publisher has modified its entire range in this 2024 edition, calling them Home, Premium and Ultimate (which includes a VPN thanks to a partnership with Windscribe)
In version 18, ESET has strengthened its engine for blocking unknown threats and enhanced protection features against ransomware and advanced malware.

Admittedly, it's not much, but we'll take a look...

• Shadowra
• Replies: 21
• Forum: Video Reviews - Security and Privacy

• 
• 
• 

 

[TuxTalk]

Brave also officially supported,

 

[Trident]

I've encountered such malware detection a week or two ago.
I received email with RAR file which had BAT file compressed in it. I uploaded it to VT and ESET was one of two vendors that detected it. Funny thing is that when I extracted a file and uploaded it to VT it was not detected by ESET. And ESET still doesn't detect BAT file but it detects RAR file. Similar is a case with some other vendors. ž

So I guess that they either figgured out that some other component would intervene when trying to execute that BAT file or they "know" that this malware is always deleivered in compressed RAR file.

Here is link to VT detecetions for RAR file: VirusTotal
and for BAT file:

VirusTotal

VirusTotal

www.virustotal.com

Probably some heuristic for suspicious bat files downloaded compressed in an archive. When you take the bat out of the archive, you take it out of the context and the file itself is not detected.

 

[Victor M]

Not more expensive if you know whew to look.

So, where DO we look ? Come on, be a pal, give us a link.

 

[Victor M]

Jokes aside, that is the turth; I do not get infected because I do not perform anything

But sometimes, trouble go looking for you, like hackers do.

 

[Kongo]

So, where DO we look ? Come on, be a pal, give us a link.

Key resellers like Kinguin, MMOGA etc.

 

[Parkinsond]

But sometimes, trouble go looking for you, like hackers do.

They will be wasting their precious time and effort