Jump to content

Missing Help Info on Boot sectors/UEFI Scan

William Hudson
 Share
Go to solution Solved by Marcos,

Recommended Posts

William Hudson

William Hudson 0

Posted
Posted

I was hoping that the help info for custom scan @ https://help.eset.com/eis/14/en-US/idh_scan_target.html would tell me whether the UEFI firmware held in flash was scanned but there is no mention of boot scanning it at all on that page.

Could ESET please update this page to include that information? UEFI is quite complex and various bits of it are held in different places. I specifically want to know whether the contents of UEFI flash memory are scanned.

Link to comment
Share on other sites
William Hudson

William Hudson 0

Posted
  • Author
Posted

Thanks, but the problem I am reporting is the absence of any information on this item in the help page that appears (URL in my original post) when you click the question mark in the top right of the dialog you show.

The crux of the problem is in the title of this thread: "Missing Help Info on Boot sectors/UEFI Scan". I do know how to run the scan, just not exactly what it does and specifically, whether is accesses firmware on the motherboard or just software images held on disk.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,706

Posted
  • Administrators
Posted

Honestly I've never seen UEFI to refer to images on a disk. For more information about the ESET technology for UEFI scanning, please read https://www.eset.com/afr/about/newsroom/press-releases-afr/corporate-blog/what-is-uefi-scanning-and-why-do-you-need-it-4/.

Link to comment
Share on other sites
Ontanilg

Ontanilg 0

Posted
Posted

The crux of the problem is in the title of this thread: "Missing Help Info on Boot sectors/UEFI Scan". I do know how to run the scan, just not exactly what it does and specifically, whether is accesses firmware on the motherboard or just software images held on disk.

Link to comment
Share on other sites
William Hudson

William Hudson 0

Posted
  • Author
Posted

Can I just clarify that there is NO MENTION of the UEFI option on the help page for the custom scan. It is missing. This needs to be remedied @  https://help.eset.com/eis/14/en-US/idh_scan_target.html 

The Boot Sectors/UEFI option also needs to be better described. Boot sectors are on the disk and so is the UEFI partition (see post above). So that option sounds like it may be a disk scan only. None of the ESET articles I have seen state clearly that motherboard firmware is being scanned, unlike this description of a Microsoft solution that is very clear @ https://www.microsoft.com/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level/

Link to comment
Share on other sites
itman

itman 1,541

Posted
Posted (edited)

Based on detail shown in this article: https://www.welivesecurity.com/2017/10/19/malware-firmware-exploit-sense-security/ , it can be assumed Eset is scanning any UEFI area accessible to malware and that can be likewise be infected.

Note: Eset only scans for the presence of UEFI malware. It cannot remove it.

Edited by itman
Link to comment
Share on other sites
itman

itman 1,541

Posted
Posted (edited)
6 hours ago, William Hudson said:

one of the ESET articles I have seen state clearly that motherboard firmware is being scanned

 
Quote

Usually, the firmware is not accessible to security solutions for scanning and as a result, security solutions are designed only to scan disk drives and memory. To access the firmware, a specialized tool - a scanner - is needed.

The “UEFI scanner” is a module in ESET security solutions whose sole function is to read the content of the UEFI firmware and make it accessible for inspection. Thus, ESET UEFI Scanner makes it possible for ESET’s regular scanning engine to check and enforce the security of the pre-boot environment.

In sum, ESET security solutions, with capabilities boosted by the UEFI scanning technology, are designed to detect suspicious or malicious components in the firmware and report them to the user.

https://www.eset.com/int/uefi-rootkit-cyber-attack-discovered/

Note that Eset was the first AV vendor to scan the UEFI for malware. Microsoft just recently introduced the feature and it appears it's reserved for WD ATP installations only. However, Microsoft is great at promoting its security protections which includes voluminous technical propaganda details which intent is to convince the reader that its protection mechanisms are unique and cutting edge security technology. 

Edited by itman
Link to comment
Share on other sites
William Hudson

William Hudson 0

Posted
  • Author
Posted (edited)

Thanks, the last part of this post is encouraging since it refers to the MS article that I mentioned which is very explicit in describing that it is the firmware in flash memory that's being scanned. Thanks for that.

So how do we raise a change request to get ESET to update it's help page on custom scanning and to fully describe the effect of the Boot sector/UEFI option? (The page is here @ https://help.eset.com/eis/14/en-US/idh_scan_target.html. If you read it you will see that the option isn't mentioned at all. This was accessed from the Custom Scan dialog in Internet Security 14.0.22.0.)

Edited by William Hudson
Link to comment
Share on other sites
  • Administrators
  • Solution
Marcos

Marcos 4,706

Posted
  • Administrators
  • Solution
Posted

I've asked the documentation team to list targets available with a custom scan and link them to glossary terms.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...