Jump to content

Recommended Posts

Posted

They told me you Eset's advanced threat protection can access the boot sector, but when I look at the site where ESET's real-time file system protection is explained, I can't see the Boot sectors. Which one is right? Can Antivirus's Advanced Threat Protection access the boot sector and detect threats there?

 

PS: I know I opened a lot of threads about this subject, but when I read that ESET is not crawled on their site, I was confused and wanted to ask again. I would be happy to welcome you with respect.

Posted
6 minutes ago, just said:

ESET's real-time file system protection is explained, I can't see the Boot sectors.

Refer to the below screen shot:

Eset_Boot.thumb.png.2124fb23f4d7310b43f52803fe5f84c7.png

Posted
19 minutes ago, itman said:

Refer to the below screen shot:

Eset_Boot.thumb.png.2124fb23f4d7310b43f52803fe5f84c7.png

Yeah I researched that too and found that it was actually a scan 

Posted
7 hours ago, just said:

Can you help me please? @itman

I answered your question. I am not going to get into another never ending circular discussion with you.

Posted
6 minutes ago, itman said:

Sorunuza cevap verdim. Seninle başka bir bitmeyen döngüsel tartışmaya girmeyeceğim.

This has nothing to do with an endless debate. I heard on ESET's website that it just scans. Is that true? After saying that, the discussion will be over anyway.

Posted
1 minute ago, just said:

I heard on ESET's website that it just scans. Is that true?

Yes.

I already posted in another of your previous threads that Eset does not prevent unknown 0-day malware from writing to the MBR.

Posted
2 minutes ago, itman said:

Yes.

I already posted in another of your previous threads that Eset does not prevent unknown 0-day malware from writing to the MBR.

Then you can't access advanced Threat protection?

  • ESET Insiders
Posted

ESET employs different modules which perform different tasks. You can perform on demand scan and scan UEFI if you like but there is also real-time protection as explained on website from my previous link:

Quote

Unified Extensible Firmware Interface (UEFI) Scanner is part of the Host-based Intrusion Prevention System (HIPS) that protects UEFI firmware on your computer.

Posted
42 minutes ago, Minimalist said:

ESET employs different modules which perform different tasks. You can perform on demand scan and scan UEFI if you like but there is also real-time protection as explained on website from my previous link:

So ESET's ADVANCED THREAT PROTECTION can access any of the boot sectors and detect threats there, and that's DEFINITELY right? @Minimalist

  • ESET Insiders
Posted

I believe so. Tooltip for that setting shows this:

image.thumb.png.0028e2b58300dd0fd407a214a1299d80.png

Posted
5 minutes ago, Minimalist said:

I believe so. Tooltip for that setting shows this:

image.thumb.png.0028e2b58300dd0fd407a214a1299d80.png

It says it will scan here. So isn't Advanced threat protection out of reach? @Minimalist

Posted
10 minutes ago, just said:

Advanced threat protection

Since you constantly use this this term, let's clarify what it is: https://www.eset.com/int/business/solutions/advanced-threat-defense/ .

To begin, it's a optional subscription service only available for Eset commercial products. It is also designed to work in tandem with Eset server products in a managed business network environment.

As far as Eset consumer products go, a scaled down version of LiveGuard Advanced is only available on the Smart Security Premium version. It in essence provides for at-first-sight scanning of file downloads for malicious behavior on Eset VirusLab sandbox servers.

  • ESET Insiders
Posted
1 hour ago, just said:

So isn't Advanced threat protection out of reach?

I'm sorry but I don't understand your question.

Posted
32 minutes ago, Minimalist said:

I'm sorry but I don't understand your question.

Then Advanced Threat protection can't access boot sectors right? @Minimalist

Posted
1 hour ago, itman said:

Since you constantly use this this term, let's clarify what it is: https://www.eset.com/int/business/solutions/advanced-threat-defense/ .

To begin, it's a optional subscription service only available for Eset commercial products. It is also designed to work in tandem with Eset server products in a managed business network environment.

As far as Eset consumer products go, a scaled down version of LiveGuard Advanced is only available on the Smart Security Premium version. It in essence provides for at-first-sight scanning of file downloads for malicious behavior on Eset VirusLab sandbox servers.

I don't understand much technically, Can you explain in a simpler way?

  • ESET Insiders
Posted
4 minutes ago, just said:

Then Advanced Threat protection can't access boot sectors right? @Minimalist

I don't understand what you mean by "Advanced Threat Protection". Can you post a link to description of this feature or technology?

Posted
8 minutes ago, Minimalist said:

I don't understand what you mean by "Advanced Threat Protection". Can you post a link to description of this feature or technology?

Real time file system protection

  • ESET Insiders
Posted
1 minute ago, just said:

Real time file system protection

Real time file system protection has an option to scan boot sector /UEFI so IMO it's accessible to that module.

Posted (edited)
1 hour ago, just said:

Real time file system protection

I''ll describe in the simplest way I know of.

Eset scans the UEFI/MBR via its default scheduled start up scan and the on-demand scan option. The start up scan runs when Windows starts up. Both scans use Eset's real-time scan processing options; i.e. ThreatSense settings in what to scan.

I believe your "confusion" stems from the belief Eset uses one protection mechanism for process execution scanning and another for non-executable file scanning. There is only one signature based detection mechanism in Eset used for all file scanning and its titled real-time scanning.

Edited by itman
Posted

One finally comment here.

If your concerned about MBR malware, you shouldn't be. Most MBR malware is spread from external media; specifically USB drives. Eset by default will prompt you to scan any connected USB drives. If that drive has been connected to any other device other than your home PC, it is imperative that your allow Eset to scan the drive. Additionally, the USB drive should not remain permanently connected to your PC, but disconnected after use.

Finally, the MBR in UEFI based PC's has been moved from track 1, sector 0 of the OS boot drive into the UEFI OS protected storage area further protecting access to it by malware.

Posted
10 hours ago, itman said:

I''ll describe in the simplest way I know of.

Eset scans the UEFI/MBR via its default scheduled start up scan and the on-demand scan option. The start up scan runs when Windows starts up. Both scans use Eset's real-time scan processing options; i.e. ThreatSense settings in what to scan.

I believe your "confusion" stems from the belief Eset uses one protection mechanism for process execution scanning and another for non-executable file scanning. There is only one signature based detection mechanism in Eset used for all file scanning and its titled real-time scanning.

Ok thanks.

 

But then again, real-time file protection cannot access the boot sectors, since you said you can only scan it. By the way, I would appreciate it if you commented regardless of UEFI or Legacy, I have UEFI on my computer, but I am not sure if UEFI is used.

8 hours ago, itman said:

One finally comment here.

If your concerned about MBR malware, you shouldn't be. Most MBR malware is spread from external media; specifically USB drives. Eset by default will prompt you to scan any connected USB drives. If that drive has been connected to any other device other than your home PC, it is imperative that your allow Eset to scan the drive. Additionally, the USB drive should not remain permanently connected to your PC, but disconnected after use.

Finally, the MBR in UEFI based PC's has been moved from track 1, sector 0 of the OS boot drive into the UEFI OS protected storage area further protecting access to it by malware.

Ok I know, but I think my computer was already infected without my knowledge, that is, when I had no control over the computer. As I said again, I doubt whether UEFI mode is used or not. @itman

Posted
11 hours ago, Minimalist said:

Real time file system protection has an option to scan boot sector /UEFI so IMO it's accessible to that module.

I have UEFI on my computer, but I'm not sure if it's using UEFI mode. @Minimalist

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...