JosephKing 3 Posted January 11, 2023 Share Posted January 11, 2023 I'm trying to clarify in what ways anti-virus works on the network layer of the tcp/ip stack. Search engines didn't turn up too much info. How does AV work on layer 3? Is it just connection management? Does AV check ip blacklists? Is it primarily the presentation and application layer, including dns? Is there any diagram with the tcp/ip stack next to AV protections? Link to comment Share on other sites More sharing options...
itman 1,786 Posted January 11, 2023 Share Posted January 11, 2023 Eset doesn't directly interface with the Network stack layers. Rather it uses and interfaces with the network stack via the Windows Filtering Platform: https://learn.microsoft.com/en-us/windows-hardware/drivers/network/windows-filtering-platform-architecture-overview . Link to comment Share on other sites More sharing options...
itman 1,786 Posted January 11, 2023 Share Posted January 11, 2023 (edited) 4 hours ago, JosephKing said: Does AV check ip blacklists? Yes. Plus much more. Refer to this for a description of Eset's protection mechanisms: https://www.eset.com/int/about/technology/ . Edited January 11, 2023 by itman Link to comment Share on other sites More sharing options...
Recommended Posts