ReDy 0 Posted July 2, 2020 Share Posted July 2, 2020 Hello, I want to ask, I updated to a new version of Eset Internet Security 13.2.14.0 via update. After the update, when I check all disks (depth scan), it constantly scans about 2000 files - the same. I noticed new entries (WMI database and system registry). I want to ask if the version missed through the update that is not debugged, in which case I should do a clean installation of ESET. thank you for answer Link to comment Share on other sites More sharing options...
itman 1,668 Posted July 2, 2020 Share Posted July 2, 2020 (edited) Interesting. I didn't notice those two new scan options in ver. 13.2.14. I would have assumed in the past, Eset was scanning the registry and WMI database for malware. Guess not ..........🙄 Edited July 2, 2020 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted July 2, 2020 Administrators Share Posted July 2, 2020 2 minutes ago, itman said: Eset was scanning the registry and WMI database for malware. Guess not ..........🙄 Not via the on-demand scanner. The registry and WMI are now part of the on-demand scanner targets setup. Link to comment Share on other sites More sharing options...
itman 1,668 Posted July 2, 2020 Share Posted July 2, 2020 (edited) 5 minutes ago, Marcos said: Not via the on-demand scanner. This does beg the question about real-time scanning. Attacker modifies registry/WMI database and drops malware there. If it runs prior to an On-Demand scan, are you nailed? Edited July 2, 2020 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted July 2, 2020 Administrators Share Posted July 2, 2020 Real-time protection scans only files. Other system areas are protected by other protection modules. Link to comment Share on other sites More sharing options...
itman 1,668 Posted July 2, 2020 Share Posted July 2, 2020 2 hours ago, ReDy said: After the update, when I check all disks (depth scan), it constantly scans about 2000 files - the same. I noticed new entries (WMI database and system registry). Assumed is the scan counts shown on the On Demand are for stand-alone files. The registry is composed of 4 or 5 "hIve" files and I believe the WMI database is considered one big file physically. Link to comment Share on other sites More sharing options...
itman 1,668 Posted July 2, 2020 Share Posted July 2, 2020 4 minutes ago, Marcos said: Other system areas are protected by other protection modules That leaves the HIPS protecting the registry .............. My existing custom rules there to prevent registry mods. stay in place. Link to comment Share on other sites More sharing options...
Purpleroses 21 Posted July 2, 2020 Share Posted July 2, 2020 How do we get the new version? Link to comment Share on other sites More sharing options...
itman 1,668 Posted July 2, 2020 Share Posted July 2, 2020 2 minutes ago, Purpleroses said: How do we get the new version? If you don't want to wait, switch to pre-release updates. That's what I am running. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted July 2, 2020 Administrators Share Posted July 2, 2020 3 minutes ago, Purpleroses said: How do we get the new version? Currently by switching to the pre-release update channel. Link to comment Share on other sites More sharing options...
razorfancy 9 Posted July 2, 2020 Share Posted July 2, 2020 (edited) 38 minutes ago, Marcos said: Currently by switching to the pre-release update channel. I am on the regular channel and I got the update today. Is that a bug? Edited July 2, 2020 by razorfancy mallard65 1 Link to comment Share on other sites More sharing options...
mallard65 5 Posted July 2, 2020 Share Posted July 2, 2020 28 minutes ago, Marcos said: Currently by switching to the pre-release update channel. Hello. I never use the pre-release channel yet I got the new version late this morning UK time. razorfancy 1 Link to comment Share on other sites More sharing options...
itman 1,668 Posted July 2, 2020 Share Posted July 2, 2020 Simple answer here folks is Eset normal channel release updates are region specific. Select countries will see the release prior to other countries. It has always been this way. razorfancy and mallard65 2 Link to comment Share on other sites More sharing options...
SeriousHoax 83 Posted July 2, 2020 Share Posted July 2, 2020 So what does this new registry scanner look for? Potential malicious changes made by malwares like Malwarebytes or less effective than that? Will this also be integrated into ESET's removal engine? As of now, ESET's real time protection don't look for registry modifications made by malwares at the time of removal. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted July 2, 2020 Administrators Share Posted July 2, 2020 We've have a registry scanner incorporated in products for years. Now the registry and WMI have just been added as a target in the on-demand scanner. Link to comment Share on other sites More sharing options...
itman 1,668 Posted July 2, 2020 Share Posted July 2, 2020 (edited) I ran an On Demand scan as Admin using new Registry and WMI databased option. Appears its using both Registry and WMI references to scan associated files. Total files scan was approx. 35K on my Win 10 1909 build. Problem is many of those files are locked by the OS preventing a scan of them. Edited July 2, 2020 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted July 3, 2020 Administrators Share Posted July 3, 2020 10 hours ago, itman said: Total files scan was approx. 35K on my Win 10 1909 build. Problem is many of those files are locked by the OS preventing a scan of them. We plan to optimize this so that only existing files are scanned. Link to comment Share on other sites More sharing options...
ESET Insiders SM03 12 Posted July 3, 2020 ESET Insiders Share Posted July 3, 2020 As some are saying that they've got this update even in reguler channel so is this version pre-release or the stable version? Also any installer download link available yet with changelog? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,090 Posted July 3, 2020 Administrators Share Posted July 3, 2020 2 minutes ago, SM03 said: As some are saying that they've got this update even in reguler channel so is this version pre-release or the stable version? Also any installer download link available yet with changelog? V13.2.14 is currently available only from the pre-release update channel (some users with regular updates might have received it as well). It's going to be officially released next week. Link to comment Share on other sites More sharing options...
ESET Insiders SM03 12 Posted July 3, 2020 ESET Insiders Share Posted July 3, 2020 1 minute ago, Marcos said: V13.2.14 is currently available only from the pre-release update channel (some users with regular updates might have received it as well). It's going to be officially released next week. OK, thanks for confirming. Link to comment Share on other sites More sharing options...
Recommended Posts