Jump to content

How is ESET doing it so fast????


rotaru
Go to solution Solved by itman,

Recommended Posts

I "played" a little bit with several antiviruses (Kaspersky, Bitdefender, Webroot, Windows Defender)

Without exception, all of them , upon detection of a malware will exhibit a "change in status" , will "do something" for 5-8 sec, after that getting a message about the detection and the outcome of detection.

For example:

Kaspersky will display a yellow triangle and exclamation mark on its own icon, will do something for 5-10 ses after that getting a banner about what happened and how was fixed.

Bitdefender will display a banner asking you to wait while the action is being performed.

Defender will change the status of the icon, will do something for 5-10 ses , after that icon change to normal

Webroot will display a yellow exclamation mark while will remove and rescan the PC (1-2 min)

Only ESET performs all these instantaneous. You get a warning which is displayed as many sec you selected and that's it.

So, when is ESET "disinfecting" or "cleaning" in fact???? How ESET knows the cleaning or disinfection is possible? 

Shouldn't ESET perform the task FIRST and after that inform the user about outcome?????

Link to comment
Share on other sites

  • Administrators

Most of today's threats are not viruses that are prepended or appended to actual legitimate files so cleaning basically consists of quarantining / deleting the detected file and removing registry or WMI references to it.

Link to comment
Share on other sites

3 hours ago, Marcos said:

so cleaning basically consists of quarantining / deleting the detected file and removing registry or WMI references to it.

Yes, but this "theory" should be valid for any antivirus.

So, why the antiviruses mentioned above (which are reputable, with good results in AV comparatives) spend 5-10 sec in "cleaning" while ESET can do it instantaneous?????

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, rotaru said:

Yes, but this "theory" should be valid for any antivirus.

So, why the antiviruses mentioned above (which are reputable, with good results in AV comparatives) spend 5-10 sec in "cleaning" while ESET can do it instantaneous?????

It depends on how their software is built and the procedure of the cleaning/removal

ESET is known to be light since the first days , while in those same days Kaspersky and Norton and Panda and lot of other AVs had trouble with being light , and since all computers back then were weak, NOD32 was perfect for the slowness of the hardware , and still perfect till this day for me :)

Link to comment
Share on other sites

4 hours ago, Nightowl said:

NOD32 was perfect for the slowness of the hardware , and still perfect till this day for me

I agree with this statement. 

Link to comment
Share on other sites

9 hours ago, Marcos said:

so cleaning basically consists of quarantining / deleting the detected file and removing registry or WMI references to it.

Here's my opinion.

Whereas deleting and quarantining a malware file can occur quickly, removing registry or WMI references to it take some time.

The forum is full of postings about Eset detecting malware, deleting it,  and quarantining it only to have the same malware keep reappearing later. This indicates Eset's malware cleaning capability is not as effective as exists in some other AV solutions.

Link to comment
Share on other sites

  • Administrators
1 hour ago, itman said:

The forum is full of postings about Eset detecting malware, deleting it,  and quarantining it only to have the same malware keep reappearing later. This indicates Eset's malware cleaning capability is not as effective as exists in some other AV solutions.

Please provide links to some of such reports as we are not aware of any problems with cleaning. If there were any in the past, they were addressed quickly.

Link to comment
Share on other sites

19 hours ago, rotaru said:

Defender will change the status of the icon, will do something for 5-10 ses , after that icon change to normal

Let's use MD as an example.

Assumed is that it first does local heuristic scanning as most AV's do. That processing is very fast. Next and assumed this file is a download and no heuristic signature/blacklist detection occurred, "Block-at-first-Sight" (BAFS) will upload the file for additional scanning on Microsoft Azure servers. By default, the maximum cloud scan duration is 30 secs.. 

Now lets say you have Eset Smart Security Premium installed. Eset submission to its cloud servers after heuristic processing is totally silent with Eset default settings. The only way you would know cloud scanning is underway is either you tried to manually run the download or it auto executed. Likewise if the cloud scanning finds the file malicious is will be silently deleted and quarantined.

Edited by itman
Link to comment
Share on other sites

  • Administrators

I've gone through most of the above topics but didn't find any issues with cleaning as long as the threat was detected in a file or registry.

1, MBR malware: We cannot carry MBR for operating systems for legal reasons so that we could replace it in case of infection. Malware in MBR must be cleaning using Windows tools.

2, Malware detected in an already running process that no longer exists on the disk can be cleaned only by killing the process or rebooting the machine.

3, If malware is detected by the AMSI scanner for instance or in a stream when the actual source cannot be determined, the source of malware cannot be cleaned.

Link to comment
Share on other sites

1 hour ago, itman said:

The only way you would know cloud scanning is underway is either you tried to manually run the download or it auto executed

Thank you for your answer, makes sense! however I believe is totally wrong from ESET to declare " issue solved" while is still performing the task and to perform the actions "silently"....

From commercial point of view is spectacular( wau!!!, ESET is so fast) but in reality Eset should display something like "Analyzing......" and when the process is finished , only then should declare it solved.

Edited by rotaru
Link to comment
Share on other sites

12 minutes ago, rotaru said:

Eset should display something like "Analyzing......" and when the process is finished , only then should declare it solved.

You can set Eset desktop notification to alert when a file has been submitted for analysis per below screen shot;

Eset_Notifications.thumb.png.87712febef0c651fba61a0f0a95932e8.png

Link to comment
Share on other sites

1 hour ago, itman said:

You can set Eset desktop notification to alert when a file has been submitted for analysis per below screen shot

Yes, but this is not the point; you said that if the file id determined to be malicious is deleted silently, if not, probably is not deleted.

I would like to know what happened and what was the outcome of the submission. 

Link to comment
Share on other sites

  • Solution
44 minutes ago, rotaru said:

I would like to know what happened and what was the outcome of the submission. 

This was debated extensively in the past in the forum in regards to Eset LiveGuard scan processing. Most expressed the same opinion.

Link to comment
Share on other sites

  • Administrators
7 hours ago, rotaru said:

Yes, but this is not the point; you said that if the file id determined to be malicious is deleted silently, if not, probably is not deleted.

I would like to know what happened and what was the outcome of the submission. 

If the file is evaluated malicious, you will get a standard red detection alert. Otherwise the file will be unblocked silently unless you attempted to run it while being analyzed; in such case you'd get a notification that the file was evaluated safe.

Link to comment
Share on other sites

3 hours ago, Marcos said:

If the file is evaluated malicious, you will get a standard red detection alert. Otherwise the file will be unblocked silently unless you attempted to run it while being analyzed; in such case you'd get a notification that the file was evaluated safe.

Thank you for your answer!

However, this does not clarify how ESET can perform a detection and disinfection instantaneous  while the other players need between 5 and 10 sec from the moment of detection till displaying a message.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...