Jump to content

Missing Help Info on Boot sectors/UEFI Scan


Go to solution Solved by Marcos,

Recommended Posts

I was hoping that the help info for custom scan @ https://help.eset.com/eis/14/en-US/idh_scan_target.html would tell me whether the UEFI firmware held in flash was scanned but there is no mention of boot scanning it at all on that page.

Could ESET please update this page to include that information? UEFI is quite complex and various bits of it are held in different places. I specifically want to know whether the contents of UEFI flash memory are scanned.

Link to comment
Share on other sites

Thanks, but the problem I am reporting is the absence of any information on this item in the help page that appears (URL in my original post) when you click the question mark in the top right of the dialog you show.

The crux of the problem is in the title of this thread: "Missing Help Info on Boot sectors/UEFI Scan". I do know how to run the scan, just not exactly what it does and specifically, whether is accesses firmware on the motherboard or just software images held on disk.

Link to comment
Share on other sites

  • Administrators

Honestly I've never seen UEFI to refer to images on a disk. For more information about the ESET technology for UEFI scanning, please read https://www.eset.com/afr/about/newsroom/press-releases-afr/corporate-blog/what-is-uefi-scanning-and-why-do-you-need-it-4/.

Link to comment
Share on other sites

The crux of the problem is in the title of this thread: "Missing Help Info on Boot sectors/UEFI Scan". I do know how to run the scan, just not exactly what it does and specifically, whether is accesses firmware on the motherboard or just software images held on disk.

Link to comment
Share on other sites

Can I just clarify that there is NO MENTION of the UEFI option on the help page for the custom scan. It is missing. This needs to be remedied @  https://help.eset.com/eis/14/en-US/idh_scan_target.html 

The Boot Sectors/UEFI option also needs to be better described. Boot sectors are on the disk and so is the UEFI partition (see post above). So that option sounds like it may be a disk scan only. None of the ESET articles I have seen state clearly that motherboard firmware is being scanned, unlike this description of a Microsoft solution that is very clear @ https://www.microsoft.com/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level/

Link to comment
Share on other sites

Based on detail shown in this article: https://www.welivesecurity.com/2017/10/19/malware-firmware-exploit-sense-security/ , it can be assumed Eset is scanning any UEFI area accessible to malware and that can be likewise be infected.

Note: Eset only scans for the presence of UEFI malware. It cannot remove it.

Edited by itman
Link to comment
Share on other sites

6 hours ago, William Hudson said:

one of the ESET articles I have seen state clearly that motherboard firmware is being scanned

 
Quote

Usually, the firmware is not accessible to security solutions for scanning and as a result, security solutions are designed only to scan disk drives and memory. To access the firmware, a specialized tool - a scanner - is needed.

The “UEFI scanner” is a module in ESET security solutions whose sole function is to read the content of the UEFI firmware and make it accessible for inspection. Thus, ESET UEFI Scanner makes it possible for ESET’s regular scanning engine to check and enforce the security of the pre-boot environment.

In sum, ESET security solutions, with capabilities boosted by the UEFI scanning technology, are designed to detect suspicious or malicious components in the firmware and report them to the user.

https://www.eset.com/int/uefi-rootkit-cyber-attack-discovered/

Note that Eset was the first AV vendor to scan the UEFI for malware. Microsoft just recently introduced the feature and it appears it's reserved for WD ATP installations only. However, Microsoft is great at promoting its security protections which includes voluminous technical propaganda details which intent is to convince the reader that its protection mechanisms are unique and cutting edge security technology. 

Edited by itman
Link to comment
Share on other sites

Thanks, the last part of this post is encouraging since it refers to the MS article that I mentioned which is very explicit in describing that it is the firmware in flash memory that's being scanned. Thanks for that.

So how do we raise a change request to get ESET to update it's help page on custom scanning and to fully describe the effect of the Boot sector/UEFI option? (The page is here @ https://help.eset.com/eis/14/en-US/idh_scan_target.html. If you read it you will see that the option isn't mentioned at all. This was accessed from the Custom Scan dialog in Internet Security 14.0.22.0.)

Edited by William Hudson
Link to comment
Share on other sites

  • Administrators
  • Solution

I've asked the documentation team to list targets available with a custom scan and link them to glossary terms.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...