Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intrusion Prevention


  • Please log in to reply
9 replies to this topic

#1 midou1994

midou1994

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 17 March 2013 - 01:34 PM

Hi,

 

 

Norton IS/AV Has Intrusion Prevention..

Kaspersky AV/IS Network Attack blocker/Exploit block

 

What does MSE have ???

That takes care of this part The Descrip. that Syamntec of their IPS is it blocks attacks from threats that are already present in the system.

 

Recently I got hit by autorun threat that drops and .js file and then starts the wscript.exe 

(Not to worry I got cleaned Up)

Now some of my friends had avast and Norton AV installed an apparently they kept getting messages every 10 minutes from the IPS and Network that an attack had been blocked

 

For eg Avast said Malware Exploit was blocked or some similar message kept popping up......

Now My Question Is Does MSE Have something or Do I have to get avast or paid product.........

My understanding is that wscript.exe was trying to download some more nasties...........................................................

does MSE Stop these?????

 

 

BTW The File is still not Detected as a threat anyway to submit it to Malware Bytes Team for Analysis or MSE 


Midou

BC AdBot (Login to Remove)

 


#2 export12

export12

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 17 March 2013 - 01:51 PM

Well I use MSE  and I do that because I  don't want to bothered by the pop ups and all that the other AV seems to give me before.

 

For your question, I believe MSE does do that, keyword being "believe". I just basically set my MAPS membership level to Advance so MSE can automatically report any potential malware and other forms of unwanted software to microsoft and tick the option for MSE to send file samples for unrecognize detected items for further analysis then, I wait for my MSE definitions.


Edited by export12, 17 March 2013 - 02:01 PM.


#3 midou1994

midou1994
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 17 March 2013 - 01:59 PM

I think MAPS is different form Network attack Blocking or exploit blocking MSE does say it has Network Inspection Engine but I wish to know what this inspects......

 

MAPS is similar to System Watcher/KSN in Kaspersky I guess

 

 

I too Like MSE But I jus wanna get clarified if MSE does have a protection component or it just failed to block attacks

 

 

Update  some of my friends running MSE and Eset who got hit by this threat have Some silly browser toolbar and their chrome icon has been changed to a Magnifying glass 

 

 

BTW any pen drive inserted has all its folder changed to shortcuts and autorun.inf is copied to the drive  

 

They are formatting their Lap now..... :grinner:


Midou

#4 export12

export12

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 17 March 2013 - 02:22 PM

Sounds like what you're describing is a firewall though and Windows OS has a built-in firewall that protects you on a network or when you're using the net, My guess and it's just a guess, If i were Microsoft, I'd feel It would be redundant to have two firewalls.


Edited by export12, 17 March 2013 - 02:45 PM.


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 17 March 2013 - 04:05 PM

What does MSE have ???

 

Look at what Microsoft has, not only what MSE has.

 

Some of the things you are describing is done by a firewall. Windows 7 has a very configurable firewall.

Exploit prevention can be done by EMET: https://www.microsoft.com/en-us/download/details.aspx?id=30424


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 midou1994

midou1994
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 17 March 2013 - 11:05 PM

Hi,

Kaspersky/Norton have another Component that blocks attacks from threats already present in PC 

 

These AV don`t Disable the Firewall........

 

Norton used to call it Internet Worm protection Yes this feature is similar to a firewall but I just wish to know if MSE has something similar.....................

Like a component that blocks malicious requests 


Midou

#7 midou1994

midou1994
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 17 March 2013 - 11:09 PM

Not able to install EMET  keep getting message don`t have a dll


Midou

#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 18 March 2013 - 04:42 PM

EMET requires .NET. Not for the protection DLLs, but for the GUI.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 midou1994

midou1994
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 19 March 2013 - 11:18 AM

hi 

 

You mentioned that the features I mention are similar to a firewall 

But most AV`s have an intrusion Prevention so,whats the difference between Firewall and IPS and HIPS


Midou

#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 20 March 2013 - 11:18 AM

There's a big difference between the vocabulary of engineers and marketeers. What a marketeer calls an IPS is not necessarily what I call an IPS.

 

 

they kept getting messages every 10 minutes from the IPS and Network that an attack had been blocked

 

These messages are typically port scans.

Simple explanation of a TCP port scan: a TCP connection is attempted with the port to scan. The target machine accepts the connection or refuses the connection (port open or closed). In both cases, packet(s) are send back to the scanner. When a firewall is between the scanner and the target and the firewall is configured to drop traffic for the scanner port, then the scanner will not receive any packets.

 

Public IP addresses are constantly scanned for open ports. If you have a firewall or are behind a NAT router, you shouldn't worry about this.

http://en.wikipedia.org/wiki/Internet_background_noise


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users