Jump to content

Recommended Posts

Hello,
I want to ask, I updated to a new version of Eset Internet Security 13.2.14.0 via update.
After the update, when I check all disks (depth scan), it constantly scans about 2000 files - the same.
I noticed new entries (WMI database and system registry).
I want to ask if the version missed through the update that is not debugged, in which case I should do a clean installation of ESET.
thank you for answer

01.png.afdb90d56a0703acbe4f5afd2f787275.png02.png.d8e6b060d6318e330ab91a3b8b3b6b6b.png

Share this post


Link to post
Share on other sites
Posted (edited)

Interesting.

I didn't notice those two new scan options in ver. 13.2.14. I would have assumed in the past, Eset was scanning the registry and WMI database for malware. Guess not ..........🙄

Edited by itman

Share this post


Link to post
Share on other sites
2 minutes ago, itman said:

Eset was scanning the registry and WMI database for malware. Guess not ..........🙄

Not via the on-demand scanner. The registry and WMI are now part of the on-demand scanner targets setup.

Share this post


Link to post
Share on other sites
Posted (edited)
5 minutes ago, Marcos said:

Not via the on-demand scanner.

This does beg the question about real-time scanning. Attacker modifies registry/WMI database and drops malware there. If it runs prior to an On-Demand scan, are you nailed?

Edited by itman

Share this post


Link to post
Share on other sites

Real-time protection scans only files. Other system areas are protected by other protection modules.

Share this post


Link to post
Share on other sites
2 hours ago, ReDy said:

After the update, when I check all disks (depth scan), it constantly scans about 2000 files - the same.
I noticed new entries (WMI database and system registry).

Assumed is the scan counts shown on the On Demand are for stand-alone files. The registry is composed of 4 or 5 "hIve" files and I believe the WMI database is considered one big file physically.

Share this post


Link to post
Share on other sites
4 minutes ago, Marcos said:

Other system areas are protected by other protection modules

That leaves the HIPS protecting the registry .............. My existing custom rules there to prevent registry mods. stay in place.

Share this post


Link to post
Share on other sites
2 minutes ago, Purpleroses said:

How do we get the new version?

If you don't want to wait, switch to pre-release updates. That's what I am running.

Share this post


Link to post
Share on other sites
3 minutes ago, Purpleroses said:

How do we get the new version?

Currently by switching to the pre-release update channel.

Share this post


Link to post
Share on other sites
Posted (edited)
38 minutes ago, Marcos said:

Currently by switching to the pre-release update channel.

I am on the regular channel and I got the update today.

Is that a bug?

Edited by razorfancy

Share this post


Link to post
Share on other sites
28 minutes ago, Marcos said:

Currently by switching to the pre-release update channel.

Hello.

I never use the pre-release channel yet I got the new version late this morning UK time.

Share this post


Link to post
Share on other sites

Simple answer here folks is Eset normal channel release updates are region specific. Select countries will see the release prior to other countries. It has always been this way.

Share this post


Link to post
Share on other sites

So what does this new registry scanner look for? Potential malicious changes made by malwares like Malwarebytes or less effective than that? Will this also be integrated into ESET's removal engine? As of now, ESET's real time protection don't look for registry modifications made by malwares at the time of removal. 

Share this post


Link to post
Share on other sites

We've have a registry scanner incorporated in products for years. Now the registry and WMI have just been added as a target in the on-demand scanner.

Share this post


Link to post
Share on other sites
Posted (edited)

I ran an On Demand scan as Admin using new Registry and WMI databased option. Appears its using both Registry and WMI references to scan associated files. Total files scan was approx. 35K on my Win 10 1909 build. Problem is many of those files are locked by the OS preventing a scan of them.

Edited by itman

Share this post


Link to post
Share on other sites
10 hours ago, itman said:

Total files scan was approx. 35K on my Win 10 1909 build. Problem is many of those files are locked by the OS preventing a scan of them.

We plan to optimize this so that only existing files are scanned.

Share this post


Link to post
Share on other sites

As some are saying that they've got this update even in reguler channel so is this version pre-release or the stable version? Also any installer download link available yet with changelog?

Share this post


Link to post
Share on other sites
2 minutes ago, SM03 said:

As some are saying that they've got this update even in reguler channel so is this version pre-release or the stable version? Also any installer download link available yet with changelog?

V13.2.14 is currently available only from the pre-release update channel (some users with regular updates might have received it as well). It's going to be officially released next week.

Share this post


Link to post
Share on other sites
1 minute ago, Marcos said:

V13.2.14 is currently available only from the pre-release update channel (some users with regular updates might have received it as well). It's going to be officially released next week.

OK, thanks for confirming.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...