Hello and welcome to the PC Security Channel. Today, we are testing ESET Internet Security against a batch of brand-new malware collected from the web. This filtered collection, sourced from various repositories, includes the latest ransomware, info-stealers, adware, and more, totaling 2,184 files.
We'll automate the execution of these samples on our fully up-to-date system running ESET Internet Security to evaluate its protection capabilities. Additionally, we'll simulate attacks to test ESET's zero-day defenses, encompassing various components like their host intrusion prevention system.
Malware Execution Test
We'll begin with the malware execution test by running all the samples from a folder on the test system to observe ESET's performance. As expected, a plethora of alerts is popping up, indicating the detection of numerous threats. Initially, ESET didn't scan files directly from the network folder, a common limitation in many AV solutions due to performance reasons. Therefore, we copied the files to the desktop to ensure accurate detection numbers.
So far, the detection rate is approximately 99.26%, which is commendable. Many threats are identified by ESET’s machine learning rules, although the information provided could be more detailed. For instance, clicking on a detection link takes us to a generic page rather than specifics about the malware.
We also encountered our first UAC prompt, which we allowed, and a PUP alert for a coin miner. ESET's handling of notifications is efficient, allowing bulk closure, which is helpful when dealing with thousands of alerts. Performance-wise, ESET is utilizing about 30% of the CPU, indicating substantial resource usage during this intensive test.
Detailed Examination and Performance
Our system momentarily froze due to the high CPU load, but it recovered, allowing us to continue monitoring the detection process. ESET offers detailed granularity in scanning settings and useful tools for live network connection monitoring. However, the UI glitched under stress, which eventually resolved itself.
The detection rate stabilized around 98.24%, with minimal serious malware infiltration. Most detected threats were benign or partially blocked. Post-test second-opinion scans using Malwarebytes identified only a few registry key modifications related to adware, with no serious persistence mechanisms detected.
Simulated Attack Test
Next, we'll use our new malware simulation platform to conduct advanced tests. For instance, a backdoor and downloader simulation initially evaded immediate detection but was partially mitigated by ESET’s behavioral rules. This scenario mimics an EDR test, highlighting ESET's capability to respond to new and unknown threats.
We then tested ransomware behavior by attempting to execute a brand-new encryption test file. Surprisingly, ESET's live grid system flagged it as suspicious purely based on reputation, preventing the file from executing.
Host Intrusion Prevention System (HIPS) Test
Lastly, we tested ESET’s HIPS by running a well-known ransomware sample, BlackMatter, with real-time protection disabled. Despite ESET’s claim of a ransomware shield, the sample encrypted files before ESET intervened, which was disappointing.
Conclusion
In conclusion, ESET Internet Security demonstrated robust detection capabilities with a final detection ratio of 98.22%, missing only 39 samples. Although the HIPS could improve, especially against ransomware, ESET effectively blocked most threats and showed strong performance in malware detection and mitigation.
No comments