Jump to content

Can Antivirus' Advanced threat protection Access Boot Sectors?


Recommended Posts

They told me you Eset's advanced threat protection can access the boot sector, but when I look at the site where ESET's real-time file system protection is explained, I can't see the Boot sectors. Which one is right? Can Antivirus's Advanced Threat Protection access the boot sector and detect threats there?

 

PS: I know I opened a lot of threads about this subject, but when I read that ESET is not crawled on their site, I was confused and wanted to ask again. I would be happy to welcome you with respect.

Link to comment
Share on other sites

6 minutes ago, itman said:

Sorunuza cevap verdim. Seninle başka bir bitmeyen döngüsel tartışmaya girmeyeceğim.

This has nothing to do with an endless debate. I heard on ESET's website that it just scans. Is that true? After saying that, the discussion will be over anyway.

Link to comment
Share on other sites

1 minute ago, just said:

I heard on ESET's website that it just scans. Is that true?

Yes.

I already posted in another of your previous threads that Eset does not prevent unknown 0-day malware from writing to the MBR.

Link to comment
Share on other sites

2 minutes ago, itman said:

Yes.

I already posted in another of your previous threads that Eset does not prevent unknown 0-day malware from writing to the MBR.

Then you can't access advanced Threat protection?

Link to comment
Share on other sites

  • ESET Insiders
20 hours ago, just said:

 Can Antivirus's Advanced Threat Protection access the boot sector and detect threats there?

Yes it can.

Itman showed you where it can be enabled or disabled.

Some more info is also posted here:

https://help.eset.com/glossary/en-US/technology_uefi.html

Link to comment
Share on other sites

43 minutes ago, Minimalist said:

Yes it can.

Itman showed you where it can be enabled or disabled.

Some more info is also posted here:

https://help.eset.com/glossary/en-US/technology_uefi.html

Here he says he is just scanning, and where Itman says he is just scanning. This is where I'm confused. @Minimalist

Link to comment
Share on other sites

  • ESET Insiders

ESET employs different modules which perform different tasks. You can perform on demand scan and scan UEFI if you like but there is also real-time protection as explained on website from my previous link:

Quote

Unified Extensible Firmware Interface (UEFI) Scanner is part of the Host-based Intrusion Prevention System (HIPS) that protects UEFI firmware on your computer.

Link to comment
Share on other sites

42 minutes ago, Minimalist said:

ESET employs different modules which perform different tasks. You can perform on demand scan and scan UEFI if you like but there is also real-time protection as explained on website from my previous link:

So ESET's ADVANCED THREAT PROTECTION can access any of the boot sectors and detect threats there, and that's DEFINITELY right? @Minimalist

Link to comment
Share on other sites

10 minutes ago, just said:

Advanced threat protection

Since you constantly use this this term, let's clarify what it is: https://www.eset.com/int/business/solutions/advanced-threat-defense/ .

To begin, it's a optional subscription service only available for Eset commercial products. It is also designed to work in tandem with Eset server products in a managed business network environment.

As far as Eset consumer products go, a scaled down version of LiveGuard Advanced is only available on the Smart Security Premium version. It in essence provides for at-first-sight scanning of file downloads for malicious behavior on Eset VirusLab sandbox servers.

Link to comment
Share on other sites

1 hour ago, itman said:

Since you constantly use this this term, let's clarify what it is: https://www.eset.com/int/business/solutions/advanced-threat-defense/ .

To begin, it's a optional subscription service only available for Eset commercial products. It is also designed to work in tandem with Eset server products in a managed business network environment.

As far as Eset consumer products go, a scaled down version of LiveGuard Advanced is only available on the Smart Security Premium version. It in essence provides for at-first-sight scanning of file downloads for malicious behavior on Eset VirusLab sandbox servers.

I don't understand much technically, Can you explain in a simpler way?

Link to comment
Share on other sites

  • ESET Insiders
4 minutes ago, just said:

Then Advanced Threat protection can't access boot sectors right? @Minimalist

I don't understand what you mean by "Advanced Threat Protection". Can you post a link to description of this feature or technology?

Link to comment
Share on other sites

8 minutes ago, Minimalist said:

I don't understand what you mean by "Advanced Threat Protection". Can you post a link to description of this feature or technology?

Real time file system protection

Link to comment
Share on other sites

  • ESET Insiders
1 minute ago, just said:

Real time file system protection

Real time file system protection has an option to scan boot sector /UEFI so IMO it's accessible to that module.

Link to comment
Share on other sites

1 hour ago, just said:

Real time file system protection

I''ll describe in the simplest way I know of.

Eset scans the UEFI/MBR via its default scheduled start up scan and the on-demand scan option. The start up scan runs when Windows starts up. Both scans use Eset's real-time scan processing options; i.e. ThreatSense settings in what to scan.

I believe your "confusion" stems from the belief Eset uses one protection mechanism for process execution scanning and another for non-executable file scanning. There is only one signature based detection mechanism in Eset used for all file scanning and its titled real-time scanning.

Edited by itman
Link to comment
Share on other sites

One finally comment here.

If your concerned about MBR malware, you shouldn't be. Most MBR malware is spread from external media; specifically USB drives. Eset by default will prompt you to scan any connected USB drives. If that drive has been connected to any other device other than your home PC, it is imperative that your allow Eset to scan the drive. Additionally, the USB drive should not remain permanently connected to your PC, but disconnected after use.

Finally, the MBR in UEFI based PC's has been moved from track 1, sector 0 of the OS boot drive into the UEFI OS protected storage area further protecting access to it by malware.

Link to comment
Share on other sites

10 hours ago, itman said:

I''ll describe in the simplest way I know of.

Eset scans the UEFI/MBR via its default scheduled start up scan and the on-demand scan option. The start up scan runs when Windows starts up. Both scans use Eset's real-time scan processing options; i.e. ThreatSense settings in what to scan.

I believe your "confusion" stems from the belief Eset uses one protection mechanism for process execution scanning and another for non-executable file scanning. There is only one signature based detection mechanism in Eset used for all file scanning and its titled real-time scanning.

Ok thanks.

 

But then again, real-time file protection cannot access the boot sectors, since you said you can only scan it. By the way, I would appreciate it if you commented regardless of UEFI or Legacy, I have UEFI on my computer, but I am not sure if UEFI is used.

8 hours ago, itman said:

One finally comment here.

If your concerned about MBR malware, you shouldn't be. Most MBR malware is spread from external media; specifically USB drives. Eset by default will prompt you to scan any connected USB drives. If that drive has been connected to any other device other than your home PC, it is imperative that your allow Eset to scan the drive. Additionally, the USB drive should not remain permanently connected to your PC, but disconnected after use.

Finally, the MBR in UEFI based PC's has been moved from track 1, sector 0 of the OS boot drive into the UEFI OS protected storage area further protecting access to it by malware.

Ok I know, but I think my computer was already infected without my knowledge, that is, when I had no control over the computer. As I said again, I doubt whether UEFI mode is used or not. @itman

Link to comment
Share on other sites

11 hours ago, Minimalist said:

Real time file system protection has an option to scan boot sector /UEFI so IMO it's accessible to that module.

I have UEFI on my computer, but I'm not sure if it's using UEFI mode. @Minimalist

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...