Jump to content

Something New In 12.1.31?


Recommended Posts

As the below screen shot shows, it appears Eset is continuous scanning select? file locations. Clicking on the file shown yields a small popup stating "Permanent protection of files used by applications or the operating system." Note that no desktop apps were active at screen shot time. Also Eset Idle Scan time option is disabled. 

Eset_Realtime.thumb.png.ea00fb20f9773c266b4a880d708b8bec.png

Link to comment
Share on other sites

1 hour ago, Marcos said:

The information about the last scanned file had had been in the Statistics in older versions.

What I was referring to was that the files shown will change dynamically when the shown screen is displayed; at least for a while. In other words, it is not just showing the last scanned file. Also I never remember this being shown in previous versions; perhaps it never worked for my install in those versions.

Edited by itman
Link to comment
Share on other sites

  • Administrators

Statistics never showed the last scanned file; there can be many files being scanned at a time but only one can be displayed. It was useful in cases when the number of scanned files was growing quickly but the name of the last scanned file wasn't changing (or was changing continually).

Link to comment
Share on other sites

itman,

I had noted the "changing" files at the ESET GUI location you in your screen shot after installing Windows 10 version 1809. I was looking for "what" was communicating through my router one quiet evening when I was not initiating activity. I would see IO activity lights blinking at intervals matching the "changing" of the file name. 

I may be way off but I suspect this activity is due to ESET's integration with Microsoft's Anti-malware Scan Interface (AMSI). Check out this setting that turned up after the fall update 1809.

In my Googling of AMSI this seems to make sense, I have not yet switched it off to see during a quiet time (seems like we always have something running here).

I ran across interesting material you had written in regard to AMSI while googling it so I am sure you are familiar with how it works. Do you think what you have noticed is related to this new enhanced "scanning" ? I guess we would need to know how ESET is implementing it.

image.png.d57d869e101d4bd16ff4ffc992e1c5ec.png

Link to comment
Share on other sites

Marcos,

Thank you for your clarification on the AMSI setting.  I was just trying to correlate something "new" observed with the new activity observed. 

Is it safe to assume this new "scanning" observed is the real time scanner checking critical files/files against an online data base.

I thought of posting a while back but concluded it "had" to be a new method of checking files. After seeing itman's question I am more curious.

Thank you for all you do  

Link to comment
Share on other sites

  • Administrators

It merely shows the last file scanned by real-time protection. Real-time protection scans files locally, not in the cloud. With the LiveGrid feedback system enabled, suspicious files are submitted for automatic replication and analysis and in case a file turns out to be malicious, it will be detected and blocked also for other users with the LiveGrid reputation system enabled.

The LiveGrid reputation system not only improves protection (detection) but also substantially improves performance and cleaning of threats.

Link to comment
Share on other sites

Marcos,

I appreciate the additional info.

I am embarrassed to say what I thought was ESET was something calling/receiving in the router itself (the router has a security feature built in) after a router firmware update last evening the mystery burst are gone this evening.

I lacked the expertise to tell where it was coming from. I incorrectly assumed it had to be something on my wired PC as internet and LAN light for the PC were timed perfectly together with the changing file name along with the router traffic monitor and ESETs  watch activity monitor showing tx/rx pattern on the network after it changed.   

itman - Sorry to distract the topic,  as my concerns now seem unrelated  and now solved

I wanted to share this as I do not want to cast any unnecessary doubt  -- ebill (always learning)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...