Jump to content

Security issue with the latest version of Endpoint Antivirus. efwd.exe


Recommended Posts

I just got an alert from Microsoft's security platform that there's a security issue with ESET Endpoint.

"Fix unquoted service path for Windows services" on path C:\Program Files\ESET\ESET Security\efwd.exe.

In the registry in paths 

Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\efwd
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\efwd

Name: ImagePath Value: C:\Program Files\ESET\ESET Security\efwd.exe

This should have quotes.  Value should be "C:\Program Files\ESET\ESET Security\efwd.exe"

You can manually add quotes to protect yourself immediately.

 

 

Link to comment
Share on other sites

  • Administrators

Please post a screenshot of the alert for clarification. I'll report your finding to developers, however, it's not a security issue since the said service does nothing. What matters is that it's registered in the registry.

Link to comment
Share on other sites

Attached.  According to Microsoft the potential risk is "An attacker can exploit this misconfiguration in order to perform path interception to gain escalation of privileges and persistency on the machine."

Screenshot 2023-08-12 124017.jpg

Screenshot 2023-08-12 124056.jpg

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...