Can Antivirus' Advanced threat protection Access Boot Sectors?

[just 1]

They told me you Eset's advanced threat protection can access the boot sector, but when I look at the site where ESET's real-time file system protection is explained, I can't see the Boot sectors. Which one is right? Can Antivirus's Advanced Threat Protection access the boot sector and detect threats there?

 

PS: I know I opened a lot of threads about this subject, but when I read that ESET is not crawled on their site, I was confused and wanted to ask again. I would be happy to welcome you with respect.

[itman 1,659]

6 minutes ago, just said:

ESET's real-time file system protection is explained, I can't see the Boot sectors.

Refer to the below screen shot:

[just 1]

19 minutes ago, itman said:

Refer to the below screen shot:

Yeah I researched that too and found that it was actually a scan 

[just 1]

Can you help me please? @itman

[itman 1,659]

7 hours ago, just said:

Can you help me please? @itman

I answered your question. I am not going to get into another never ending circular discussion with you.

[just 1]

6 minutes ago, itman said:

Sorunuza cevap verdim. Seninle başka bir bitmeyen döngüsel tartışmaya girmeyeceğim.

This has nothing to do with an endless debate. I heard on ESET's website that it just scans. Is that true? After saying that, the discussion will be over anyway.

[itman 1,659]

1 minute ago, just said:

I heard on ESET's website that it just scans. Is that true?

Yes.

I already posted in another of your previous threads that Eset does not prevent unknown 0-day malware from writing to the MBR.

[just 1]

2 minutes ago, itman said:

Yes.

I already posted in another of your previous threads that Eset does not prevent unknown 0-day malware from writing to the MBR.

Then you can't access advanced Threat protection?

[Minimalist 16]

20 hours ago, just said:

 Can Antivirus's Advanced Threat Protection access the boot sector and detect threats there?

Yes it can.

Itman showed you where it can be enabled or disabled.

Some more info is also posted here:

https://help.eset.com/glossary/en-US/technology_uefi.html

[just 1]

43 minutes ago, Minimalist said:

Yes it can.

Itman showed you where it can be enabled or disabled.

Some more info is also posted here:

https://help.eset.com/glossary/en-US/technology_uefi.html

Here he says he is just scanning, and where Itman says he is just scanning. This is where I'm confused. @Minimalist

[Minimalist 16]

ESET employs different modules which perform different tasks. You can perform on demand scan and scan UEFI if you like but there is also real-time protection as explained on website from my previous link:

Quote

Unified Extensible Firmware Interface (UEFI) Scanner is part of the Host-based Intrusion Prevention System (HIPS) that protects UEFI firmware on your computer.

[just 1]

42 minutes ago, Minimalist said:

ESET employs different modules which perform different tasks. You can perform on demand scan and scan UEFI if you like but there is also real-time protection as explained on website from my previous link:

So ESET's ADVANCED THREAT PROTECTION can access any of the boot sectors and detect threats there, and that's DEFINITELY right? @Minimalist

[Minimalist 16]

I believe so. Tooltip for that setting shows this:

[just 1]

5 minutes ago, Minimalist said:

I believe so. Tooltip for that setting shows this:

It says it will scan here. So isn't Advanced threat protection out of reach? @Minimalist

[itman 1,659]

10 minutes ago, just said:

Advanced threat protection

Since you constantly use this this term, let's clarify what it is: https://www.eset.com/int/business/solutions/advanced-threat-defense/ .

To begin, it's a optional subscription service only available for Eset commercial products. It is also designed to work in tandem with Eset server products in a managed business network environment.

As far as Eset consumer products go, a scaled down version of LiveGuard Advanced is only available on the Smart Security Premium version. It in essence provides for at-first-sight scanning of file downloads for malicious behavior on Eset VirusLab sandbox servers.

[Minimalist 16]

1 hour ago, just said:

So isn't Advanced threat protection out of reach?

I'm sorry but I don't understand your question.

[just 1]

32 minutes ago, Minimalist said:

I'm sorry but I don't understand your question.

Then Advanced Threat protection can't access boot sectors right? @Minimalist

[just 1]

1 hour ago, itman said:

Since you constantly use this this term, let's clarify what it is: https://www.eset.com/int/business/solutions/advanced-threat-defense/ .

To begin, it's a optional subscription service only available for Eset commercial products. It is also designed to work in tandem with Eset server products in a managed business network environment.

As far as Eset consumer products go, a scaled down version of LiveGuard Advanced is only available on the Smart Security Premium version. It in essence provides for at-first-sight scanning of file downloads for malicious behavior on Eset VirusLab sandbox servers.

I don't understand much technically, Can you explain in a simpler way?

[Minimalist 16]

4 minutes ago, just said:

Then Advanced Threat protection can't access boot sectors right? @Minimalist

I don't understand what you mean by "Advanced Threat Protection". Can you post a link to description of this feature or technology?

[just 1]

8 minutes ago, Minimalist said:

I don't understand what you mean by "Advanced Threat Protection". Can you post a link to description of this feature or technology?

Real time file system protection

[Minimalist 16]

1 minute ago, just said:

Real time file system protection

Real time file system protection has an option to scan boot sector /UEFI so IMO it's accessible to that module.

[itman 1,659]

1 hour ago, just said:

Real time file system protection

I''ll describe in the simplest way I know of.

Eset scans the UEFI/MBR via its default scheduled start up scan and the on-demand scan option. The start up scan runs when Windows starts up. Both scans use Eset's real-time scan processing options; i.e. ThreatSense settings in what to scan.

I believe your "confusion" stems from the belief Eset uses one protection mechanism for process execution scanning and another for non-executable file scanning. There is only one signature based detection mechanism in Eset used for all file scanning and its titled real-time scanning.

Edited December 10, 2022 by itman

[itman 1,659]

One finally comment here.

If your concerned about MBR malware, you shouldn't be. Most MBR malware is spread from external media; specifically USB drives. Eset by default will prompt you to scan any connected USB drives. If that drive has been connected to any other device other than your home PC, it is imperative that your allow Eset to scan the drive. Additionally, the USB drive should not remain permanently connected to your PC, but disconnected after use.

Finally, the MBR in UEFI based PC's has been moved from track 1, sector 0 of the OS boot drive into the UEFI OS protected storage area further protecting access to it by malware.

[just 1]

10 hours ago, itman said:

I''ll describe in the simplest way I know of.

Eset scans the UEFI/MBR via its default scheduled start up scan and the on-demand scan option. The start up scan runs when Windows starts up. Both scans use Eset's real-time scan processing options; i.e. ThreatSense settings in what to scan.

I believe your "confusion" stems from the belief Eset uses one protection mechanism for process execution scanning and another for non-executable file scanning. There is only one signature based detection mechanism in Eset used for all file scanning and its titled real-time scanning.

Ok thanks.

 

But then again, real-time file protection cannot access the boot sectors, since you said you can only scan it. By the way, I would appreciate it if you commented regardless of UEFI or Legacy, I have UEFI on my computer, but I am not sure if UEFI is used.

8 hours ago, itman said:

One finally comment here.

If your concerned about MBR malware, you shouldn't be. Most MBR malware is spread from external media; specifically USB drives. Eset by default will prompt you to scan any connected USB drives. If that drive has been connected to any other device other than your home PC, it is imperative that your allow Eset to scan the drive. Additionally, the USB drive should not remain permanently connected to your PC, but disconnected after use.

Finally, the MBR in UEFI based PC's has been moved from track 1, sector 0 of the OS boot drive into the UEFI OS protected storage area further protecting access to it by malware.

Ok I know, but I think my computer was already infected without my knowledge, that is, when I had no control over the computer. As I said again, I doubt whether UEFI mode is used or not. @itman

[just 1]

11 hours ago, Minimalist said:

Real time file system protection has an option to scan boot sector /UEFI so IMO it's accessible to that module.

I have UEFI on my computer, but I'm not sure if it's using UEFI mode. @Minimalist