matte

Hello,

ESET detects kernel drivers for a number of reasons, including if are infected by a computer virus or are malware, or even if they are legitimate, but pose a security threat to your system because they are being misused for things like bring-your-own-vulnerable-driver (BYOVD) attacks (see these earlier threads asking about kernel drivers from ASUS, Intel, and MSI).

If anti-cheat software was seen in those types of conditions, it would be detected as well.  However, these are included in games by their publishers, which means that they came from the publisher and are considered part of that software.  Regardless of the whole problem of cheating in games and how to counter it—which is certainly outside the scope of this forum—anti-cheat technology is neither intentionally malicious or unsafe, which is something that has to be considered when making a determination as to why something should be detected.  As a very hypothetical example, would formatting a disk to erase all the information on it be considered in most circumstances an inherently malicious act?  Probably not in the consumer space, as this is something PC users do all the time.

Another important thing to consider is that blocking the anti-cheat component of a game is going to prevent the game in question from running, which kind of defeats the whole purpose of the game, which is to be able to play it.

The problem of cheating in games is an incredibly complex one, involving the entire gaming ecosystem (developers, publishers, esports leagues, not to mention the players themselves) and I will also state that it's more than a technical issue but a social issue as well.  I am not sure if it is even right for us to place a stake in there.  I know there are plenty of people who cheat in games, but I suspect the number of people who want to play those same games without cheaters is on the orders of magnitude larger.

Another consideration here, which I will state is a completely separate issue, is concerns about false positive detections.  There's nothing inherently different in the kernel drivers used by GPUs, network cards or sound cards (or their chips at least, since those are normally on the system board these days), or even the software used to control a fans, read CPU temperatures, control RGB lights in gaming PCs, keyboards and mouses (mice?), etc.  There is a lot of kernel-level driver software that used in gaming besides anti-cheat ones.  The idea of blocking one of these kernel driver programs and possibly crashing someone's PC when all they did was install one of these (or updated an existing driver) is not something I would want to be responsible for causing.  It would be the exact opposite of having a good gaming experience.

The best suggestion I have is that if you do not want anti-cheat software on your computer, that you do not purchase and install games which use it, and you let the publisher's know (via social media, letter, or whatever) the reasoning behind your decision.

Regards,

Aryeh Goretsky
 

ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 17.2.7 have been released and are available for download.
Changelog:
Version 17.2.7
New: Added Brave support For Browser Privacy & Security, Safe Banking & Browsing
Improved: Gamer mode improvements
App can be excluded from gamer mode
User is informed about blocked connection after gamer mode
ends Possibility to display notifications / alert windows in gamer mode
Fixed: CVE-2024-3779
Other minor changes and improvements  Known issues:
N/A
Upgrade to Latest Version
Upgrade my ESET Windows home product to the latest version
If your ESET security product has not updated automatically yet, you can enforce product update by manually checking for update in the Update panel or wait until it updates automatically.
Support Resources
ESET provides support in the form of Online Help (user guides), fully localized application and Online Help, online Knowledgebase, and applicable to your region, chat, email or phone support.
Online Help (user guides) Visit www.eset.com/contact to email ESET technical support

Want to add my appreciation for the configurability of ESET as well, one of the reasons why I prefer this AV to other AV providers. Don't see how it could become a problem for "normal" users either since it's all tucked into the "Advanced Setup" part of the software as well.

Response from The PC Security Channel:

"I only disabled the module for one very short part of the test, and I wasn't aware of the previous comment you referenced, nobody from ESET ever reached out to make that known to me. Hopefully the Mal X tests will allow us to test products that do not work well with one or more components disabled before. However, I'd like to state that I have done several tests with ESET's HIPS and rarely seen it pop up, so that does not seem like a completely valid justification, nor is it clear in the UI. If HIPS & Ransomware shield is useless without real-time protection it should be grayed out when realtime protection is turned off. I love how people like to call tests "invalid" when they don't like the results, and not question if the way the product works makes sense? Like why is it a great idea to have an independent ransomware shield that is completely useless without the cloud component (which a user may not want to use for various reasons)? I'm just doing tests to show different scenarios to the users, if you are happy with how the HIPS works, it's your call, nothing invalid about the test."

See Comment: https://www.youtube.com/watch?v=mHtEcqP6q3A&lc=UgwgwiPvn4PwrGxjMlJ4AaABAg.A3up4pl9KsMA3vF_r4asoM
 

On a positive note, the results from the malware test was really good. Happy to see that.

Well, the block was based on an actual malicious redirector on http://x2.c.lencr.org (it's not there any more) but we're investigating why this url was blacklisted as it shouldn't have been despite the malware detection.

I wouldn't worry about those being modified by malware. The drivers themselves aren't malicious, but ESET must have (recently?) been aware of a way to use these drivers in a malicious way (as in they are possibly vulnerable), and is blocking them to play it safe. Also, it only seems to care about the NVFlash utility's drivers themselves, and nothing with the BIOS files of your old GPU.

As for why this happened out of nowhere, Windows usually does file indexing for Windows Search randomly in the background.

I wouldn't worry about those being modified by malware. The drivers themselves aren't malicious, but ESET must have (recently?) been aware of a way to use these drivers in a malicious way (as in they are possibly vulnerable), and is blocking them to play it safe. Also, it only seems to care about the NVFlash utility's drivers themselves, and nothing with the BIOS files of your old GPU.

As for why this happened out of nowhere, Windows usually does file indexing for Windows Search randomly in the background.