Locked task manager, registry editor and so on.

[TheNikita 6]

Hello! I have a little question. Does ESET fix problems like locked task manager, disabled registry editor, changed WinLogon and so on? For example, Kaspersky Lab products have a special tool that fixes all this. The product from Dr.Web fixes it during a scan (if it finds it). Does ESET fix similar problems? Thank you in advance!

[Marcos 5,074]

The System cleaner should restore most of system settings modified by malware:

[Dmitry228 1]

Just now, Marcos said:

Очиститель системы должен восстановить большинство системных настроек, измененных вредоносным ПО:

I had the task manager disabled, but ESET did not find it and did not restore it

[TheNikita 6]

Confirmed, I also disabled the task manager through the registry editor, but ESET is silent and does not see anything

[TheNikita 6]

Another thing I checked: when you change WinLogon (namely "Shell" and "Userinit") ESET also does not see anything and does not fix it.

[Marcos 5,074]

33 minutes ago, Dmitry228 said:

I had the task manager disabled, but ESET did not find it and did not restore it

Ok, you're right. We'll add support for cleaning it via a module update soon.

Quote

Another thing I checked: when you change WinLogon (namely "Shell" and "Userinit") ESET also does not see anything and does not fix it.

I've tested it with eicar by replacing the default "explorer.exe" value and it was cleaned alright upon detection and cleaning of the eicar file.

[TheNikita 6]

5 minutes ago, Marcos said:

I've tested it with eicar by replacing the default "explorer.exe" value and it was cleaned alright upon detection and cleaning of the eicar file.

Shouldn't ESET restore the default value whenever "Shell" is changed? For example, if you change "Shell" from "explorer.exe" to "notepad.exe", there must be some reaction to the change of "Shell", right? When I change "Shell", ESET does not react in any way. 

[Marcos 5,074]

"Shell" is an autostart location which is cleaned when malware is registered there.

[TheNikita 6]

If I understood you correctly, this is when a malware known to ESET is registered in "Shell". What if the "Shell" contains some malware that is not yet known to ESET? Or, for example, if some program purposely changes the value of "Shell" to, for example, the same "notepad.exe"? In these cases, ESET will simply keep silent, even though it is supposed to restore the default "Shell" value, just like other antiviruses do.

Edited May 1, 2023 by TheNikita

[Marcos 5,074]

If a program changes the value and thus makes the system malfunction, it should be detected as malware. Once such threat is recognized, it will be cleaned from the registry too.

[TheNikita 6]

Okay, thanks for the clarification!