0xDEADBEEF 43 Posted October 25, 2017 Share Posted October 25, 2017 (edited) Glad to see that ESET11 is finally available in multiple languages. Just wondering what's the fundamental changes compared to v10 (for both detection techniques and perhaps low level architecture/engineerings)? Also, can someone elaborate more about the UEFI scan/protect mechanism that is mentioned in blog several days ago? Edited October 25, 2017 by 0xDEADBEEF Link to comment Share on other sites More sharing options...
itman 1,594 Posted October 25, 2017 Share Posted October 25, 2017 Did you see this: https://support.eset.com/kb6564/#UEFIScanner ? Until Eset updates their existing "Eset Technologies" documentation, I believe this will be the most detailed info available on the UEFI BIOS detection scanner. Link to comment Share on other sites More sharing options...
0xDEADBEEF 43 Posted October 25, 2017 Author Share Posted October 25, 2017 (edited) 23 minutes ago, itman said: Did you see this: https://support.eset.com/kb6564/#UEFIScanner ? Until Eset updates their existing "Eset Technologies" documentation, I believe this will be the most detailed info available on the UEFI BIOS detection scanner. hmm didn't find this page. Thanks for the info! But just wondering if the UEFI scan will be subject to some hijack, since the firmware itself lies on lower level, will it be able to simply return the fake "normal" firmware? Edited October 25, 2017 by 0xDEADBEEF Link to comment Share on other sites More sharing options...
itman 1,594 Posted October 25, 2017 Share Posted October 25, 2017 Would not be surprised if Eset's UEFI BIOS scanner is based on a tool developed by Intel Security. You can read about that here: https://www.scmagazineuk.com/intel-security-responds-to-efi-rootkit-malware-updates-detection-tool/article/643799/ . Intel released it as open source and is loaded at GitHub as part of Chipsec: https://github.com/chipsec/chipsec . Chipsec documentation here: https://github.com/chipsec/chipsec/blob/master/chipsec-manual.pdf Warning: Don't fool around with Chipsec on other than a test PC and read thoroughly all warnings associated with the software. Link to comment Share on other sites More sharing options...
0xDEADBEEF 43 Posted October 26, 2017 Author Share Posted October 26, 2017 7 hours ago, itman said: Would not be surprised if Eset's UEFI BIOS scanner is based on a tool developed by Intel Security. You can read about that here: https://www.scmagazineuk.com/intel-security-responds-to-efi-rootkit-malware-updates-detection-tool/article/643799/ . Intel released it as open source and is loaded at GitHub as part of Chipsec: https://github.com/chipsec/chipsec . Chipsec documentation here: https://github.com/chipsec/chipsec/blob/master/chipsec-manual.pdf Warning: Don't fool around with Chipsec on other than a test PC and read thoroughly all warnings associated with the software. Yes I also saw this when reading ESET's blog post. Just not sure what the limitation will be using this technique Link to comment Share on other sites More sharing options...
Administrators Marcos 4,838 Posted October 26, 2017 Administrators Share Posted October 26, 2017 8 hours ago, itman said: Would not be surprised if Eset's UEFI BIOS scanner is based on a tool developed by Intel Security. You can read about that here: https://www.scmagazineuk.com/intel-security-responds-to-efi-rootkit-malware-updates-detection-tool/article/643799/ . I can confirm that we do not use any third-party software to scan UEFI. It's a feature fully developed by ESET. Link to comment Share on other sites More sharing options...
alanbruce 0 Posted October 26, 2017 Share Posted October 26, 2017 Nice Update. Link to comment Share on other sites More sharing options...
Recommended Posts