Question regarding reputation based alerts

Hey,

We are looking to protect our network against possible APT threats and one of the best solutions we could find is reputation based protection. In order to achieve maximum effectiveness, we would prefer that the product will alert the end-user in our organization when a suspicious file is detected on his PC, based on file reputation.

Currently as far as I know, nothing is said about when it alerts me if a suspicious file (low reputation) is found on my system.

I would like to know if NOD32 or any other ESET product already includes this feature (reputation based alerts). If not, how long before it becomes available for users?


Thanks,

Niklas

 

Assessing harmlessness of files based solely on reputation would lead to myriads of false positives. There are many other smart ways how to determine if a file is benign or if it poses a threat; reputation can be used only as an auxiliary parameter in certain cases.

 

OK, thanks for the answer. I know false-positives are a big issue but still I am looking for an AV product that can alert me based on file reputation. If settings enable me to choose the level of RBP sensitivity, that will be even better..

So, I take it ESET basically doesn't provide these kind of RBP alerts in their products today?

Thanks

 

ESET will never use any approach that will dramatically increase the number of false positives; we've always striven for achieving high detection rates with false positives cut to the bare minimum using smart techniques. So the answer is no if you're looking for a solution triggering alerts based solely on reputation. However, reputation of running processes and selected files can be checked on demand.

 

Marcos,

I really appreciate ESET's stance on this. The company I work for has standardized on a different A/V tool and their reputation scan is brutal in that it instantly deletes applications if that file is not in their database. Being a software developer of multiple small custom projects, this is extremely frustrating. Finally, I had to exclude my entire development drive just so I could function.

I've used Nod32 on my home computers for years and will do what I can to get ESET implemented at my job as well. You guys are great!