Jump to content

LocalSystem Account


Recommended Posts

I would like to know if "eset" is able to clean/remove a process running on that account, let's say a malware is installed on that account while the antivirus is disabled, would that be fatal?

Link to comment
Share on other sites

  • Administrators

For instance, if a rootkit installs under an account with administrator rights, you may need to resort to using ESET SysRescue to boot a clean system and run a disk scan from there.

Link to comment
Share on other sites

but if the rootkit has a kernel mode driver, can eset SysRescue detect and remove it? I've never had a problem with these things, it's just curiosity

Link to comment
Share on other sites

  • Administrators
40 minutes ago, KevinFF said:

but if the rootkit has a kernel mode driver, can eset SysRescue detect and remove it? I've never had a problem with these things, it's just curiosity

Yes because you boot Linux from a clean medium.

Link to comment
Share on other sites

I see, but without using SysRescue, eset has no stopping/eliminating power, could you give a brief explanation why? a process running under the system account or a kernel-mode driver

I say this because eset also has kernel mode drivers and eset also runs under the system account...

Link to comment
Share on other sites

  • Administrators

Malware run with administrator permissions can do virtually anything, including disruption or removal of the AV. Whether or not there are issues cleaning malware cannot be said in general. If you have a particular malware in mind that runs under the system account, let us know and we can look into it. However, as already stated once malware is run with admin privileges anything can happen.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...