Guest Jeffrey Posted May 12 Share Posted May 12 Hi so I was wondering if let’s say a rootkit bypassed the antivirus somehow or other malicious malware, would network inspector pick up the foreign ip or something of the sorts? And would it block it automatically from being on my network so that it possibly couldn’t give me a worm etc? Quote Link to comment
itman 1,538 Posted May 12 Share Posted May 12 (edited) If an undetected rootkit existed that performed network communication, it most likely would initially perform outbound network communication to the attacker's C&C server. This would be allowed by the Eset firewall since by default, it allows all outbound network communication. Network Inspector is N/A in the above scenario since no new device creation on the local network is required. Edited May 12 by itman Quote Link to comment
Administrators Marcos 4,704 Posted May 12 Administrators Share Posted May 12 On the other hand, Botnet protection can detect malicious outbound communication with botnets. Quote Link to comment
Recommended Posts