Jump to content

Memory scan bypass?

daniel keith

Recommended Posts

  • Most Valued Members

I'm not sure maybe report to eset via email. If you google the site eset seems to bring a warning up

Link to comment
Share on other sites

He's using NanoCore. It's a RAT that is usually delivered via e-mail and employs an exploit. As such, a vulnerability must exist for starters.

I really couldn't tell from the video how the malware was deployed if indeed it was. Didn't help that their was no audio. He was also running in a VM and malware plus AV software for that matter, do not always run as expected in a VM.

Also if this was a test of Eset's Advanced Memory Protection, it wasn't done right. AMS has nothing to do with Eset's AV manual scanning. AMS purpose is to detect post-execution after the malware has been loaded into memory.

Advanced Memory Scanner works in combination with Exploit Blocker to strengthen protection against malware that has been designed to evade detection by antimalware products through the use of obfuscation and/or encryption. In cases where ordinary emulation or heuristics might not detect a threat, the Advanced memory Scanner is able to identify suspicious behavior and scan threats when they reveal themselves in system memory. This solution is effective against even heavily obfuscated malware.

Edited by itman
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...