Eset useless? Had a clients company network drive (and personal drives) / Cryptowall

[Majestic]

One of the employee's at a client's company got infected with Cryptowall. Tracking it down, it came through some advertising PHP script pop up. The current antivirus is ESET Smart Security. While it gave the user constant warnings of infections and especially, "decrypt.txt and decrypt.htm" it DID NOTHING!

The entire drive was and anything she had network access to was infected. So what was the point of the antivirus? I'm beyond disappointed (aka ****** off) at this antivirus.

Before anybody asks, no Cryptoprevent was not on this machine (I've applied it since). Now I'm looking to change software execution policy and perhaps put Malwarebytes Professional on all of the companies machines. I'm just assuming here that MBAM would've stopped it in its tracks.

Has anybody had this same unfortunate experience with their antivirus? I'm wondering if I can get my money back from Eset based on this alone..

What do you guys/gals think, and recommend here?

Majestic

 

[cypress]

I use ESET personally and I love it and I recommend it along with Kapersky.

You are right I was going to ask about Cryptoprevent lol. I also add in Cryptoguard for the browser as well. Malwarebytes PRO is another layer of security to use, can never be to safe.

I haven't had an issue with the anti-virus before, but were you in charge of the computers before the client had this issue or are you now inheriting it?

 

[MobileTechie]

To a certain extent they are all useless because they detect stop 10's of 1000's of viruses that are not every likely to hit your machine but nearly all fail on the very latest designs that you are likely to come into contact with.

They rely heavily on recognising if the the exact file then characteristics of virus files and the virus writers know this.

 

[YeOldeStonecat]

Eset useless? Had a clients company network drive (and personal drives) / Cryptowall

I would consider Eset to be one of the top 3 brands of antivirus over the past 10+ years. Most other techs with many years of experience in IT tend to say the same thing.

Look at AV-Comparatives.org...they're the only AV testing company whose testing and reports I value. It's consistently done well over the dozen plus years I've been relying on that site. Eset and Kaspersky typically stayed in the top 2 spots..flip flopping.

We've been Eset resellers since...oh, around the Win2K days...when Eset NOD32 version 2.5 was out. Actually wanna say still lots of Win9X back then too. Early on we sold a LOT of Eset licenses...made it to "gold partner" status back then.

It is not our primary/preferred AV anymore...as we've moved to our RMM package for our clients thus use their built in AV. (N-Able...so it used to be Panda ..which was very good, and now its BitDefender..which is very very good).

However, remember....no antivirus is 100% effective. And typically the "latest emerging threats" slip past every single brand. I don't care what brand you have...every brand lets things slip past at one point or another.

And it's also important to think about "what variant"? You may see crypto slip past 1x AV one day, and later that day, or tomorrow...another AV may catch it. But which variant got caught? Crypto has many variants. Perhaps Eset can stop 75% of the crypto variants one day, and some new released variants slip past it.

You cannot rely on just AV to protect computers...it needs to be joined by other services which compliment it to help protect the computers. OS updates, and very importantly...web player updates, combined with safe DNS services, combined by at UTM appliance at the edge which scans with one or two or three other brands of AV. End result is a "bunch of layers" that help protect the computers.

 

[Galdorf]

I have cleaned many machines with Eset - class it same as Microsoft security essentials ->useless at stopping spyware/malware good at viruses.
Kaspersky is a bit better while bitdefender seems to be best at both.
I can get bitdefender in bulk much cheaper seem to have less problems with it.

 

[cyabro]

Eset useless? Had a clients company network drive (and personal drives) / Cry...

Wow surprised at the problems you have seen with eset.
Like stonecat we've been selling eset since the v2 days.
It is also the most sold av software by other computer stores in our town so there are a lot of people that use it.
We hardly ever get a machine in that has eset that has been infected but have had every other av software out there come in with infections.
As we all know no av software works 100%.
The machines we've had in with eset that were infected were very easy to clean unlike the others that the infections have got themselves rooted into the os.

 

[Galdorf]

Scanned a system eset rescue cd 0 detections,kaspersky 0 detections,bitdefender over 22 detections 0 day malware.
All had updated defs bitdefender scanned faster than both.

 

[ohio_grad_06]

One thing that helps imo, no matter what AV you use, set them up with google chrome or firefox and add on adblock plus, and turn on all of it's blocking settings, and get them used to using that. Between that and having current AV, seems to cut down on repeats.

 

[Majestic]

I think that at this point the only option I have aside from Group Policy and cryptoprevent is to put in Malwarebytes Pro edition on all the computers. Only then will I have peace of mind..

 

[TechPJC]

The ones who like ESET
-due to low System Impact, low False Positives etc.-
they better -additionally- use MBAM and/or HitmanPro...

 

[Majestic]

The ones who like ESET
-due to low System Impact, low False Positives etc.-
they better -additionally- use MBAM and/or HitmanPro...

seems that way !!

 

[tankman1989]

I use it on a lot of hardware and just today it caught about 8-10 malicious sites and I am only running AV not Smart Security. IMO it does a very good job at protecting if it is setup correctly.

Have you checked their settings to see what kind of scanning was setup? do you know if they are they type of client who would not pay attention to the pop-up warnings or maybe "mis-click" a "yes" instead of "No" when it asks to block?

Out of curiosity what OS and browser are they using? I just started using IE for a few things and have been impressed with IE 11 and the blocking it does with Windows malicious software package installed.