Jump to content

Is This A Valid Eset Driver?

Recommended Posts

As part of a manual remediation of an extremely nasty Win 10 malware I encountered a while back, my examination uncovered that a registry entry had been created for esihdrv.sys to run from %LocalAppData\Temp directory at boot time. Could not find any traces of this driver file on my boot HDD.


The only Eset products I have used are Smart Security ver. 8 - 10 and a few stand alone malware utilities downloaded from the Eset support web site. Don't believe any of the utilities have been run on Win 10 since I upgrade from Win 7.

Link to comment
Share on other sites

That is what I though originally but I subsequently ran SysInspector from SS ver. 10 and the driver reg. entry was not recreated. However, I do believe I had previous to this downloaded a standalone version of SysInspector per forum instructions. Perhaps that is where it can from. In any case, as long as it was Eset related, I can "put this one to bed."


I do question the wisdom though of running  any driver from %LocalAppData\Temp directory. Suggest Eset adopt the technique used by Process Explorer.


Also does the HIPS monitor execution of drivers loaded from the%LocalAppData%\Temp directory?

Edited by itman
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...