rockman61 0 Posted December 7, 2021 Share Posted December 7, 2021 (edited) If I turn off working memory in startup scan, what will not be detected? For example, fileless malware, powershell scripting, DLL injection, etc. 。 Edited December 7, 2021 by rockman61 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,713 Posted December 7, 2021 Administrators Share Posted December 7, 2021 Operating memory won't be scanned so any malware in memory won't be detected, only in other objects that are scanned. Link to comment Share on other sites More sharing options...
rockman61 0 Posted December 8, 2021 Author Share Posted December 8, 2021 Thank you for reply. Let me clarify. You mean that these can not be detect. it is correct? ・fileless malware ・Powershell scripting ・DLL injection Link to comment Share on other sites More sharing options...
Administrators Marcos 4,713 Posted December 8, 2021 Administrators Share Posted December 8, 2021 ESET can detect any kind of malware either on pre-execution or post-execution, e.g. via the registry scanner, Advanced memory scanner, script scanner, Deep Behavior Inspection, etc. Link to comment Share on other sites More sharing options...
rockman61 0 Posted December 8, 2021 Author Share Posted December 8, 2021 (edited) I'm sorry, I didn't communicate well. I understand that any malware in memory won't be detected when I turn off the operating memory in startup scan. However, I would like to know more about the effect of turning off the operating memory in startup scan. For example, ESET can not detect suspicious Powershell Scripting when turning off the operating memory in startup scan. Please tell me more about the effect of turning off the operating memory. Edited December 8, 2021 by rockman61 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,713 Posted December 8, 2021 Administrators Share Posted December 8, 2021 Probably it depends on a particular malware how it works. However, with other pre and post-execution protection modules enabled it's unlikely that malware would be running in memory. Still, we don't recommend disabling memory scanning. It should be quick and virtually unnoticeable. Link to comment Share on other sites More sharing options...
itman 1,542 Posted December 8, 2021 Share Posted December 8, 2021 (edited) Examples of malware Eset can detect during the startup memory scan are MBR and UEFI based malware. Whereas these might be detected and execution blocked by Eset, they must be manually removed. Edited December 8, 2021 by itman Link to comment Share on other sites More sharing options...
rockman61 0 Posted December 10, 2021 Author Share Posted December 10, 2021 noted, thanks! Link to comment Share on other sites More sharing options...
Recommended Posts