rotaru 10 Posted July 10, 2023 Share Posted July 10, 2023 I "played" a little bit with several antiviruses (Kaspersky, Bitdefender, Webroot, Windows Defender) Without exception, all of them , upon detection of a malware will exhibit a "change in status" , will "do something" for 5-8 sec, after that getting a message about the detection and the outcome of detection. For example: Kaspersky will display a yellow triangle and exclamation mark on its own icon, will do something for 5-10 ses after that getting a banner about what happened and how was fixed. Bitdefender will display a banner asking you to wait while the action is being performed. Defender will change the status of the icon, will do something for 5-10 ses , after that icon change to normal Webroot will display a yellow exclamation mark while will remove and rescan the PC (1-2 min) Only ESET performs all these instantaneous. You get a warning which is displayed as many sec you selected and that's it. So, when is ESET "disinfecting" or "cleaning" in fact???? How ESET knows the cleaning or disinfection is possible? Shouldn't ESET perform the task FIRST and after that inform the user about outcome????? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted July 11, 2023 Administrators Share Posted July 11, 2023 Most of today's threats are not viruses that are prepended or appended to actual legitimate files so cleaning basically consists of quarantining / deleting the detected file and removing registry or WMI references to it. Link to comment Share on other sites More sharing options...
rotaru 10 Posted July 11, 2023 Author Share Posted July 11, 2023 3 hours ago, Marcos said: so cleaning basically consists of quarantining / deleting the detected file and removing registry or WMI references to it. Yes, but this "theory" should be valid for any antivirus. So, why the antiviruses mentioned above (which are reputable, with good results in AV comparatives) spend 5-10 sec in "cleaning" while ESET can do it instantaneous????? Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted July 11, 2023 Most Valued Members Share Posted July 11, 2023 1 hour ago, rotaru said: Yes, but this "theory" should be valid for any antivirus. So, why the antiviruses mentioned above (which are reputable, with good results in AV comparatives) spend 5-10 sec in "cleaning" while ESET can do it instantaneous????? It depends on how their software is built and the procedure of the cleaning/removal ESET is known to be light since the first days , while in those same days Kaspersky and Norton and Panda and lot of other AVs had trouble with being light , and since all computers back then were weak, NOD32 was perfect for the slowness of the hardware , and still perfect till this day for me Link to comment Share on other sites More sharing options...
Mr_Frog 15 Posted July 11, 2023 Share Posted July 11, 2023 4 hours ago, Nightowl said: NOD32 was perfect for the slowness of the hardware , and still perfect till this day for me I agree with this statement. Link to comment Share on other sites More sharing options...
itman 1,752 Posted July 11, 2023 Share Posted July 11, 2023 9 hours ago, Marcos said: so cleaning basically consists of quarantining / deleting the detected file and removing registry or WMI references to it. Here's my opinion. Whereas deleting and quarantining a malware file can occur quickly, removing registry or WMI references to it take some time. The forum is full of postings about Eset detecting malware, deleting it, and quarantining it only to have the same malware keep reappearing later. This indicates Eset's malware cleaning capability is not as effective as exists in some other AV solutions. Super_Spartan 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted July 11, 2023 Administrators Share Posted July 11, 2023 1 hour ago, itman said: The forum is full of postings about Eset detecting malware, deleting it, and quarantining it only to have the same malware keep reappearing later. This indicates Eset's malware cleaning capability is not as effective as exists in some other AV solutions. Please provide links to some of such reports as we are not aware of any problems with cleaning. If there were any in the past, they were addressed quickly. Link to comment Share on other sites More sharing options...
itman 1,752 Posted July 11, 2023 Share Posted July 11, 2023 2 hours ago, Marcos said: Please provide links to some of such reports as we are not aware of any problems with cleaning Below are links just from this year; https://forum.eset.com/topic/35984-pitouj-trojan-how-to-remove/#comment-165109 https://forum.eset.com/topic/35798-trojan-dropper-remcos/ https://forum.eset.com/topic/35850-crypto-miner-and-random-files-recreating-itself/#comment-164617 https://forum.eset.com/topic/35685-powershelltrojandownloaderagentdv-trojan-horse/#comment-164146 https://forum.eset.com/topic/35698-trojandownloaderagentghn/#comment-163990 https://forum.eset.com/topic/35286-threat-removed/#comment-162550 Link to comment Share on other sites More sharing options...
itman 1,752 Posted July 11, 2023 Share Posted July 11, 2023 (edited) 19 hours ago, rotaru said: Defender will change the status of the icon, will do something for 5-10 ses , after that icon change to normal Let's use MD as an example. Assumed is that it first does local heuristic scanning as most AV's do. That processing is very fast. Next and assumed this file is a download and no heuristic signature/blacklist detection occurred, "Block-at-first-Sight" (BAFS) will upload the file for additional scanning on Microsoft Azure servers. By default, the maximum cloud scan duration is 30 secs.. Now lets say you have Eset Smart Security Premium installed. Eset submission to its cloud servers after heuristic processing is totally silent with Eset default settings. The only way you would know cloud scanning is underway is either you tried to manually run the download or it auto executed. Likewise if the cloud scanning finds the file malicious is will be silently deleted and quarantined. Edited July 11, 2023 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted July 11, 2023 Administrators Share Posted July 11, 2023 I've gone through most of the above topics but didn't find any issues with cleaning as long as the threat was detected in a file or registry. 1, MBR malware: We cannot carry MBR for operating systems for legal reasons so that we could replace it in case of infection. Malware in MBR must be cleaning using Windows tools. 2, Malware detected in an already running process that no longer exists on the disk can be cleaned only by killing the process or rebooting the machine. 3, If malware is detected by the AMSI scanner for instance or in a stream when the actual source cannot be determined, the source of malware cannot be cleaned. Link to comment Share on other sites More sharing options...
rotaru 10 Posted July 11, 2023 Author Share Posted July 11, 2023 (edited) 1 hour ago, itman said: The only way you would know cloud scanning is underway is either you tried to manually run the download or it auto executed Thank you for your answer, makes sense! however I believe is totally wrong from ESET to declare " issue solved" while is still performing the task and to perform the actions "silently".... From commercial point of view is spectacular( wau!!!, ESET is so fast) but in reality Eset should display something like "Analyzing......" and when the process is finished , only then should declare it solved. Edited July 11, 2023 by rotaru Link to comment Share on other sites More sharing options...
itman 1,752 Posted July 11, 2023 Share Posted July 11, 2023 12 minutes ago, rotaru said: Eset should display something like "Analyzing......" and when the process is finished , only then should declare it solved. You can set Eset desktop notification to alert when a file has been submitted for analysis per below screen shot; Link to comment Share on other sites More sharing options...
rotaru 10 Posted July 11, 2023 Author Share Posted July 11, 2023 1 hour ago, itman said: You can set Eset desktop notification to alert when a file has been submitted for analysis per below screen shot Yes, but this is not the point; you said that if the file id determined to be malicious is deleted silently, if not, probably is not deleted. I would like to know what happened and what was the outcome of the submission. Link to comment Share on other sites More sharing options...
Solution itman 1,752 Posted July 11, 2023 Solution Share Posted July 11, 2023 44 minutes ago, rotaru said: I would like to know what happened and what was the outcome of the submission. This was debated extensively in the past in the forum in regards to Eset LiveGuard scan processing. Most expressed the same opinion. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted July 12, 2023 Administrators Share Posted July 12, 2023 7 hours ago, rotaru said: Yes, but this is not the point; you said that if the file id determined to be malicious is deleted silently, if not, probably is not deleted. I would like to know what happened and what was the outcome of the submission. If the file is evaluated malicious, you will get a standard red detection alert. Otherwise the file will be unblocked silently unless you attempted to run it while being analyzed; in such case you'd get a notification that the file was evaluated safe. Link to comment Share on other sites More sharing options...
rotaru 10 Posted July 12, 2023 Author Share Posted July 12, 2023 3 hours ago, Marcos said: If the file is evaluated malicious, you will get a standard red detection alert. Otherwise the file will be unblocked silently unless you attempted to run it while being analyzed; in such case you'd get a notification that the file was evaluated safe. Thank you for your answer! However, this does not clarify how ESET can perform a detection and disinfection instantaneous while the other players need between 5 and 10 sec from the moment of detection till displaying a message. Link to comment Share on other sites More sharing options...
Recommended Posts