PC Magazine - USA (2021-12)

HIPS BLOCKS EXPLOITS
(6(7¶VVXLWHSURGXFWVDGGIXOOEORZQ¿UHZDOODQGQHWZRUNSURWHFWLRQEXWHYHQ
WKHVWDQGDORQHDQWLYLUXVR̆HUVD+RVW,QWUXVLRQ3UHYHQWLRQ6\VWHP+,367R
see this component in action, I hit the test system with 30 exploits generated by
the CORE Impact penetration tool. The HIPS detected and blocked many of
these attempts to exploit security vulnerabilities.

None of the exploits penetrated security, since the test system is fully patched.
NOD32 detected and blocked 35% of the attacks, identifying most of them using
WKHṘFLDOH[SORLWQXPEHU+,36DQGH[SORLWSURWHFWLRQDUHDPRQJWKHDUHDV
ÀDJJHGDVEHLQJLPSURYHGLQWKLVODWHVWYHUVLRQEXWWKDWVFRUHLVGRZQIURP
52% last time I ran this test on ESET. Kaspersky and Bitdefender detected 84%
and 74% respectively in their latest exploit tests.

RANSOMWARE PROTECTION
According to ESET, NOD32’s ransomware protection has been beefed up in this
latest edition. It falls under HIPS in settings, meaning I could test it by turning
R̆RUGLQDU\UHDOWLPHSURWHFWLRQDQGOHDYLQJ+,36WXUQHGRQ,GLGMXVWWKDWDQG
then tested a dozen real-world ransomware samples. The results weren’t pretty.

One of the samples didn’t try any chicanery; without ransomware behavior, the
UDQVRPZDUHGHWHFWRUQDWXUDOO\GLGQ¶WUHDFW)RXU¿OHHQFU\SWLQJVDPSOHV
proceeded to do their dirty deeds without a peep from NOD32, as did one whole
disk-encrypting sample. Four more got caught after launch by NOD32’s scan for
active malware in memory.