My custom HIPS Rules, this set blocks 70-80% of the RATS out there.
TuxTalk - Eset Smart Security Premium Thread
- Thread starter TuxTalk
- Start date
I've seen Eset's HIPS intervene only once and that happened when it was put it in Smart mode. After updating one of my applications, it detected that application was changed and it notified me about it and asked if it should let it run. Though I can't remember which application raised that notification.
There are like 6 or 7 powershells if you do an Explorer search. I include all of them ( those that show the correct icon ) in my rules.
Where can i find your HIPS rules ? You placed them here ?
This sample was blocked by McAfee as soon as it was extracted from the compressed file. Did Eset Smart Security Premium fail to detect it?
Nope ESET was one of the first who detect it.
Eset : a variant of WinGo/Kryptik.KL trojan
Oh good, I thought ESET hadn't detected it.
If Windows does not use mshta.exe, update your hips and add C:\Windows\System32\mshta.exe to blocked. Based on this information Proactive Protection Against DonutLoader with Command-Line Emulation Credit goes to @Khushal for the original post he posted from Symantec Static Data Scanner, which can be found here.
- Dec 4, 2014
- 3,460
- 1
- 18,761
- 4,379
- 52
When first I opened the VT link @TuxTalk posted, ESET didn't detect it. But they later started detecting it again with the same name as it was detected as originally.Oh good, I thought ESET hadn't detected it.
Last edited:
In fact, ESET is fast. I assume it is cloud-based, heuristic, emulation, or something of that nature. If it does not detect it the first time, it will certainly detect it the second time.
Liveguard ;-)
ESET LiveGuard is a cloud-based security feature developed by ESET to provide proactive protection against new, unknown, and sophisticated threats such as ransomware, zero-day exploits, and advanced persistent threats (APTs).
What It Does
ESET LiveGuard works by:
- Automatically submitting suspicious files to ESET’s cloud sandbox environment.
- Running and analyzing these files in isolation using advanced malware detection engines, machine learning, and behavioral analysis.
- Blocking malicious files before they can affect your system or network.
How It Works
- Suspicious files (from browsers, email clients, archives, or USB drives) are detected.
- These files are uploaded to the cloud sandbox for analysis.
- The system uses AI and machine learning to determine if the file is malicious.
- If a threat is found, it is blocked across all endpoints in the organization before it can execute.
Key Features
- Cloud sandboxing for real-time threat analysis.
- Behavioral analysis to detect what a file intends to do.
- Fast response time—typically under 5 minutes.
- Integration with ESET PROTECT for centralized management.
- Proactive protection that can block file execution until analysis is complete.
Product Integration
LiveGuard is available in:
- ESET Smart Security Premium (for home users)
- ESET LiveGuard Advanced (for business users via ESET PROTECT)
It complements other ESET technologies like LiveGrid® and Threat Intelligence, forming a multi-layered defense system. [help.eset.com], [www.eset.com], [help.eset.com], [help.eset.com], [www.eset.com]
According to VT no, but it was detected already like i posted. VT is not immediately up to date !
I confess that I had forgotten about cscript.exe and wsccript.exe, which encompass .js and .vbs files. You will find a complete list in @Andy Ful tool.
ESET detection is sophisticated, cutting-edge technology. I don't know why people complain about ESET.
RoboMan
Level 37
Verified
Honorary Member
Top Poster
Content Creator
Well-known
High Reputation
Forum Veteran
Nope havent got one and the tests online also very low.
You may also like...
-
ESET Internet Security Key (1 Year / 1 PC) € 7,34- Started by Brownie2019
- Replies: 1
-
-
-
ESET Internet Security 2024 Key (1 Year / 1 PC) €5.99
- Started by Brownie2019
- Replies: 14
