ESET Anti-Ransomware Setup

Malware and antivirus software

ESET Anti-Ransomware Setup


Our global research labs drive the development of eset's unique technology

In this Tech Brief we describe the optimal settings of our ESET security solutions against the current form of ransomware and the most common infection scenarios. The goal is to protect our customers even better against a ransomware outbreak where valued data can be encrypted and/or held hostage, only to be released after a ransom is paid.

Current ransomware attacks use advanced infection techniques allowing malicious malware to infect your device. They persuad people to execute a so-called dropper which in turn will download the malicious malware payload to start the encryption process. By attaching the dropper to an email, cybercriminals try to prevent detection at entry.

In most cases a properly constituted phishing mail is used with a ZIP file as attachment. This ZIP file most commonly contains a JavaScript file of the type .JS. Because JavaScript is used by numerous websites, it is impossible to block in the browser. Besides that, Windows also executes JavaScript directly.

Meanwhile the JavaScript code in the dropper is heavily obfuscated, defaced and continuously modified in order to prevent detection. This gives us the opportunity to influence the execution of potentially malicious code through standard processes, by using various security modules.

Firewall

Should the dropper with malicious code be executed, ESET Endpoint Security still prevents the download of malware due to the integrated Firewall. By applying these firewall rules ESET Endpoint Security will block the download of malicious payloads and deny other scripting access to the Internet.

  • Log in to ERA 6 Webconsole
  • Navigate to ADMIN > Policies
  • Then choose "Policies" and after that "Import
  • Import the policies one at a time
  • Adjust the policies to a a group or client

Download the settings

Hide

Icon: Network Attack Protection

Changelog

Open the full changelog
10/6/2016
• Apply "Enable Botnet protection" in firewall policy
• Apply "Enable ESET LiveGrid® reputation system" in antivirus policy
• Apply "Enable HIPS" in antivirus policy
• Apply "Enable Self-Defense" in antivirus policy
• Apply "Enable Advanced Memory Scanner" in antivirus policy
• Apply "Enable Exploit Blocker" in antivirus policy

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial (852) 2893 8186.