Can ESET Smart Security Premium Advanced Threat Protection Access BIOS?

[itman 1,659]

8 minutes ago, just said:

It's enough for me to detect it already, I know that I can install a new BIOS by contacting technical support. @itman

A reflash of the BIOS will not remove MBR malware. The MBR exists in sector 0 of the hard drive.

If you have a PC with a motherboard that uses UEFI versus BIOS, the issue is a moot point for the most point. The MBR doesn't exist in UEFI systems. Rather, Win boot files are stored within the UEFI itself. The exception is UEFI systems whose Boot Mode Selection setting were set to Legacy mode at Win installation time. Most PC manufacturers would have set Boot Mode Selection setting to UEFI or UEFI/Legacy mode and formated the Win installation drive as GPT.

[just 1]

6 minutes ago, itman said:

A reflash of the BIOS will not remove MBR malware. The MBR exists in sector 0 of the hard drive.

If you have a PC with a motherboard that uses UEFI versus BIOS, the issue is a moot point for the most point. The MBR doesn't exist in UEFI systems. Rather, Win boot files are stored within the UEFI itself. The exception is UEFI systems whose Boot Mode Selection setting were set to Legacy mode at Win installation time. Most PC manufacturers would have set Boot Mode Selection setting to UEFI or UEFI/Legacy mode and formated the Win installation drive as GPT.

sector 0 of the hard drive?

 

 

If you have a PC with a motherboard that uses UEFI versus the BIOS the issue is moot point for most?

 

Doesn't it go with the MBR format though?

 

 

Can't ESET detect it if set to legacy mode? As I said, it's enough for me to have ESET detect it. @itman

[itman 1,659]

1 minute ago, just said:

sector 0 of the hard drive?

Actually, its track 1, sector 0. In other words , the very beginning of the hard drive.

[just 1]

23 minutes ago, itman said:

Actually, its track 1, sector 0. In other words , the very beginning of the hard drive.

So something like boot? So is this in something like a file or somewhere like the BIOS?

 

I would also appreciate if you could answer the other questions in my previous question. @itman

[itman 1,659]

2 minutes ago, just said:

So something like boot? So is this in something like a file or somewhere like the BIOS?

Obviously, if its located on the hard drive, it's a physical file although it can't be directly referenced in Windows except at boot time.

Note that Win 10/11keep a backup of the MBR for recovery purposes; e.g. the fixmbr situation noted previously. However, this backup may become corrupted or deleted by malware. I always make it a practice to backup the MBR using software for that purpose and system installation time.

[just 1]

6 minutes ago, itman said:

Obviously, if its located on the hard drive, it's a physical file although it can't be directly referenced in Windows except at boot time.

Note that Win 10/11keep a backup of the MBR for recovery purposes; e.g. the fixmbr situation noted previously. However, this backup may become corrupted or deleted by malware. I always make it a practice to backup the MBR using software for that purpose and system installation time.

Ok thanks

 

So can ESEF access the mbr and detect malware there?

 

Also, what can I do to remove the virus here? @itman

[itman 1,659]

8 minutes ago, just said:

Also, what can I do to remove the virus here?

Refer to my prior posting: https://forum.eset.com/topic/34447-can-eset-smart-security-premium-advanced-threat-protection-access-bios/?do=findComment&comment=159149  . The command string is run in an admin level command prompt window. Also, it doesn't always work. In certain cases additional commands have to be run. You can search on the web on more info related to repairing the MBR.

[just 1]

2 minutes ago, itman said:

Refer to my prior posting: https://forum.eset.com/topic/34447-can-eset-smart-security-premium-advanced-threat-protection-access-bios/?do=findComment&comment=159149  . The command string is run in an admin level command prompt window. Also, it doesn't always work. In certain cases additional commands have to be run. You can search on the web on more info related to repairing the MBR.

So it can be removed with codes and the virus can be deleted, right? And is this safe?

[itman 1,659]

19 minutes ago, just said:

So it can be removed with codes and the virus can be deleted, right?

Yes.

20 minutes ago, just said:

And is this safe?

Unfortunately, none of the known ways to restore the MBR are 100% effective in certain cases. Worse, there are instances where the PC was left unbootable and a Win re-installation was required. In most cases however, the recommended MBR restore methods work without issue. Such is the reality of PC repair these days.

Hence my prior comment that AV's should prevent MBR modification in the first place.

[just 1]

15 minutes ago, itman said:

Yes.

Unfortunately, none of the known ways to restore the MBR are 100% effective in certain cases. Worse, there are instances where the PC was left unbootable and a Win re-installation was required. In most cases however, the recommended MBR restore methods work without issue. Such is the reality of PC repair these days.

Hence my prior comment that AV's should prevent MBR modification in the first place.

Understood thanks.

 

But can ESET's advanced threat protection detect viruses in the MBR?

 

 

Also, my ESET startup scan includes boot sector and UEFI, but when I look at the scanned locations in the startup scan there are no boot sectors/UEFI. Could this be due to something like my ESET being blocked? @itman

[itman 1,659]

5 minutes ago, just said:

But can ESET's advanced threat protection detect viruses in the MBR?

It can detect known malware there.

5 minutes ago, just said:

Also, my ESET startup scan includes boot sector and UEFI, but when I look at the scanned locations in the startup scan there are no boot sectors/UEFI.

Eset startup scans always scan the MBR (boot sector scan) and/or UEFI areas it has access to.

[just 1]

3 minutes ago, itman said:

It can detect known malware there.

But advanced threat protection can access and detect it too, right?

4 minutes ago, itman said:

Eset startup scans always scan the MBR (boot sector scan) and/or UEFI areas it has access to.

Ok but when I look where it scans there is no UEFI and no boot locations. @itman

[itman 1,659]

1 hour ago, just said:

But advanced threat protection can access and detect it too, right?

Ok but when I look where it scans there is no UEFI and no boot locations. @itman

It does on my Eset ver. 16 installation:

[just 1]

7 hours ago, itman said:

It does on my Eset ver. 16 installation:

Ok I enabled it, then when it did the startup scan I went to the scan details and found that there were no boot partitions/UEFI in the scanned places

[itman 1,659]

7 hours ago, just said:

Ok I enabled it, then when it did the startup scan I went to the scan details and found that there were no boot partitions/UEFI in the scanned places

Eset's startup scan does not create a log entry in Scan log.

You must have ran an On-demand scan. The On-demand scan by default uses the Smart scan profile. The Smart scan profile does not scan boot sectors/UEFI. If you wish to do so, you must perform a Custom scan and then select manually which areas you wish Eset to scan.

[just 1]

3 hours ago, itman said:

Eset's startup scan does not create a log entry in Scan log.

You must have ran an On-demand scan. The On-demand scan by default uses the Smart scan profile. The Smart scan profile does not scan boot sectors/UEFI. If you wish to do so, you must perform a Custom scan and then select manually which areas you wish Eset to scan.

no it started by itself

[just 1]

Can you help me please? @Aryeh Goretsky @itman

[itman 1,659]

Correction.

Eset default Smart scan profile does scan scan boot sectors/UEFI. See below screen shot:

[just 1]

10 hours ago, itman said:

Correction.

Eset default Smart scan profile does scan scan boot sectors/UEFI. See below screen shot:

Ok, but I go into the "scan details" while the scan is in progress and I can't see it among the places scanned there, even though I added it from the settings. @itman

[just 1]

Can you help me please? @itman 

[itman 1,659]

12 hours ago, just said:

Ok, but I go into the "scan details" while the scan is in progress and I can't see it among the places scanned there, even though I added it from the settings.

During a scan, Eset will not display file scan details. To do so would result in a humongous scan log. An Eset scan log will only display files Eset couldn't scan or those where malware has been detected.

[just 1]

3 minutes ago, itman said:

During a scan, Eset will not display file scan details. To do so would result in a humongous scan log. An Eset scan log will only display files Eset couldn't scan or those where malware has been detected.

No, it's not, it doesn't appear in the section I marked. @itman

[itman 1,659]

2 minutes ago, just said:

No, it's not, it doesn't appear in the section I marked. @itman

What doesn't appear? The text you highlighted?

[just 1]

1 minute ago, itman said:

What doesn't appear? The text you highlighted?

in the scanned disks section there. @itman

[itman 1,659]

7 minutes ago, just said:

in the scanned disks section there. @itman

Open Computer Scan section in Eset GUI. Select "Scan your computer." Cancel the scan after a few seconds. Select "Show log." Post a screen shot of the log.

Edited November 17, 2022 by itman