just 1 Posted December 9, 2022 Posted December 9, 2022 They told me you Eset's advanced threat protection can access the boot sector, but when I look at the site where ESET's real-time file system protection is explained, I can't see the Boot sectors. Which one is right? Can Antivirus's Advanced Threat Protection access the boot sector and detect threats there? PS: I know I opened a lot of threads about this subject, but when I read that ESET is not crawled on their site, I was confused and wanted to ask again. I would be happy to welcome you with respect.
itman 1,799 Posted December 9, 2022 Posted December 9, 2022 6 minutes ago, just said: ESET's real-time file system protection is explained, I can't see the Boot sectors. Refer to the below screen shot:
just 1 Posted December 9, 2022 Author Posted December 9, 2022 19 minutes ago, itman said: Refer to the below screen shot: Yeah I researched that too and found that it was actually a scan
itman 1,799 Posted December 10, 2022 Posted December 10, 2022 7 hours ago, just said: Can you help me please? @itman I answered your question. I am not going to get into another never ending circular discussion with you.
just 1 Posted December 10, 2022 Author Posted December 10, 2022 6 minutes ago, itman said: Sorunuza cevap verdim. Seninle başka bir bitmeyen döngüsel tartışmaya girmeyeceğim. This has nothing to do with an endless debate. I heard on ESET's website that it just scans. Is that true? After saying that, the discussion will be over anyway.
itman 1,799 Posted December 10, 2022 Posted December 10, 2022 1 minute ago, just said: I heard on ESET's website that it just scans. Is that true? Yes. I already posted in another of your previous threads that Eset does not prevent unknown 0-day malware from writing to the MBR.
just 1 Posted December 10, 2022 Author Posted December 10, 2022 2 minutes ago, itman said: Yes. I already posted in another of your previous threads that Eset does not prevent unknown 0-day malware from writing to the MBR. Then you can't access advanced Threat protection?
ESET Insiders Minimalist 16 Posted December 10, 2022 ESET Insiders Posted December 10, 2022 20 hours ago, just said: Can Antivirus's Advanced Threat Protection access the boot sector and detect threats there? Yes it can. Itman showed you where it can be enabled or disabled. Some more info is also posted here: https://help.eset.com/glossary/en-US/technology_uefi.html
just 1 Posted December 10, 2022 Author Posted December 10, 2022 43 minutes ago, Minimalist said: Yes it can. Itman showed you where it can be enabled or disabled. Some more info is also posted here: https://help.eset.com/glossary/en-US/technology_uefi.html Here he says he is just scanning, and where Itman says he is just scanning. This is where I'm confused. @Minimalist
ESET Insiders Minimalist 16 Posted December 10, 2022 ESET Insiders Posted December 10, 2022 ESET employs different modules which perform different tasks. You can perform on demand scan and scan UEFI if you like but there is also real-time protection as explained on website from my previous link: Quote Unified Extensible Firmware Interface (UEFI) Scanner is part of the Host-based Intrusion Prevention System (HIPS) that protects UEFI firmware on your computer.
just 1 Posted December 10, 2022 Author Posted December 10, 2022 42 minutes ago, Minimalist said: ESET employs different modules which perform different tasks. You can perform on demand scan and scan UEFI if you like but there is also real-time protection as explained on website from my previous link: So ESET's ADVANCED THREAT PROTECTION can access any of the boot sectors and detect threats there, and that's DEFINITELY right? @Minimalist
ESET Insiders Minimalist 16 Posted December 10, 2022 ESET Insiders Posted December 10, 2022 I believe so. Tooltip for that setting shows this:
just 1 Posted December 10, 2022 Author Posted December 10, 2022 5 minutes ago, Minimalist said: I believe so. Tooltip for that setting shows this: It says it will scan here. So isn't Advanced threat protection out of reach? @Minimalist
itman 1,799 Posted December 10, 2022 Posted December 10, 2022 10 minutes ago, just said: Advanced threat protection Since you constantly use this this term, let's clarify what it is: https://www.eset.com/int/business/solutions/advanced-threat-defense/ . To begin, it's a optional subscription service only available for Eset commercial products. It is also designed to work in tandem with Eset server products in a managed business network environment. As far as Eset consumer products go, a scaled down version of LiveGuard Advanced is only available on the Smart Security Premium version. It in essence provides for at-first-sight scanning of file downloads for malicious behavior on Eset VirusLab sandbox servers.
ESET Insiders Minimalist 16 Posted December 10, 2022 ESET Insiders Posted December 10, 2022 1 hour ago, just said: So isn't Advanced threat protection out of reach? I'm sorry but I don't understand your question.
just 1 Posted December 10, 2022 Author Posted December 10, 2022 32 minutes ago, Minimalist said: I'm sorry but I don't understand your question. Then Advanced Threat protection can't access boot sectors right? @Minimalist
just 1 Posted December 10, 2022 Author Posted December 10, 2022 1 hour ago, itman said: Since you constantly use this this term, let's clarify what it is: https://www.eset.com/int/business/solutions/advanced-threat-defense/ . To begin, it's a optional subscription service only available for Eset commercial products. It is also designed to work in tandem with Eset server products in a managed business network environment. As far as Eset consumer products go, a scaled down version of LiveGuard Advanced is only available on the Smart Security Premium version. It in essence provides for at-first-sight scanning of file downloads for malicious behavior on Eset VirusLab sandbox servers. I don't understand much technically, Can you explain in a simpler way?
ESET Insiders Minimalist 16 Posted December 10, 2022 ESET Insiders Posted December 10, 2022 4 minutes ago, just said: Then Advanced Threat protection can't access boot sectors right? @Minimalist I don't understand what you mean by "Advanced Threat Protection". Can you post a link to description of this feature or technology?
just 1 Posted December 10, 2022 Author Posted December 10, 2022 8 minutes ago, Minimalist said: I don't understand what you mean by "Advanced Threat Protection". Can you post a link to description of this feature or technology? Real time file system protection
ESET Insiders Minimalist 16 Posted December 10, 2022 ESET Insiders Posted December 10, 2022 1 minute ago, just said: Real time file system protection Real time file system protection has an option to scan boot sector /UEFI so IMO it's accessible to that module.
itman 1,799 Posted December 10, 2022 Posted December 10, 2022 (edited) 1 hour ago, just said: Real time file system protection I''ll describe in the simplest way I know of. Eset scans the UEFI/MBR via its default scheduled start up scan and the on-demand scan option. The start up scan runs when Windows starts up. Both scans use Eset's real-time scan processing options; i.e. ThreatSense settings in what to scan. I believe your "confusion" stems from the belief Eset uses one protection mechanism for process execution scanning and another for non-executable file scanning. There is only one signature based detection mechanism in Eset used for all file scanning and its titled real-time scanning. Edited December 10, 2022 by itman
itman 1,799 Posted December 10, 2022 Posted December 10, 2022 One finally comment here. If your concerned about MBR malware, you shouldn't be. Most MBR malware is spread from external media; specifically USB drives. Eset by default will prompt you to scan any connected USB drives. If that drive has been connected to any other device other than your home PC, it is imperative that your allow Eset to scan the drive. Additionally, the USB drive should not remain permanently connected to your PC, but disconnected after use. Finally, the MBR in UEFI based PC's has been moved from track 1, sector 0 of the OS boot drive into the UEFI OS protected storage area further protecting access to it by malware.
just 1 Posted December 11, 2022 Author Posted December 11, 2022 10 hours ago, itman said: I''ll describe in the simplest way I know of. Eset scans the UEFI/MBR via its default scheduled start up scan and the on-demand scan option. The start up scan runs when Windows starts up. Both scans use Eset's real-time scan processing options; i.e. ThreatSense settings in what to scan. I believe your "confusion" stems from the belief Eset uses one protection mechanism for process execution scanning and another for non-executable file scanning. There is only one signature based detection mechanism in Eset used for all file scanning and its titled real-time scanning. Ok thanks. But then again, real-time file protection cannot access the boot sectors, since you said you can only scan it. By the way, I would appreciate it if you commented regardless of UEFI or Legacy, I have UEFI on my computer, but I am not sure if UEFI is used. 8 hours ago, itman said: One finally comment here. If your concerned about MBR malware, you shouldn't be. Most MBR malware is spread from external media; specifically USB drives. Eset by default will prompt you to scan any connected USB drives. If that drive has been connected to any other device other than your home PC, it is imperative that your allow Eset to scan the drive. Additionally, the USB drive should not remain permanently connected to your PC, but disconnected after use. Finally, the MBR in UEFI based PC's has been moved from track 1, sector 0 of the OS boot drive into the UEFI OS protected storage area further protecting access to it by malware. Ok I know, but I think my computer was already infected without my knowledge, that is, when I had no control over the computer. As I said again, I doubt whether UEFI mode is used or not. @itman
just 1 Posted December 11, 2022 Author Posted December 11, 2022 11 hours ago, Minimalist said: Real time file system protection has an option to scan boot sector /UEFI so IMO it's accessible to that module. I have UEFI on my computer, but I'm not sure if it's using UEFI mode. @Minimalist
Recommended Posts