Jump to content

ESETs mechanism and functionalities


Recommended Posts

Greetings ESET community, 

let me get straight to the point. 

Recently, I have come in contact with ESET on multiple occasions and that enabled me to see its capabilities when it comes to protection and malware detection. However, since working with ESET on a daily basis (business license), a few questions came to mind I would like to discuss here or even better, have clarified by more experienced users. 

 

1. So I would like to understand the mechanisms behind ESET scans a bit more, basically how it works and how reliable it actually is? How can I, as a user, be sure that when ESET says there is no malware on my device, that there really is not? This question goes for any AV tool and I wonder how deep does such a scan from ESET actually go? How does the scan actually work? Sandboxing every file or...? I mean, an AV tool is basically the only protection and source for knowledge a user has regarding malcious activities.

 

2. How exactly is the Payment bowser ESET provides even more secure than the already protected browser? 

 

3. How sensitive is ESET when actually setting it to "aggressive"? 

 

Im fully aware that no AV tool is perfect, however, since I will continue to work with ESET for the foreseeable future, I would like to undertand it's functions a bit more and better. 

 

I hope you can quench my thrist for knowledge regarding this matter. :)

 

I wish y'all a happy new year!

Link to comment
Share on other sites

  • Administrators
26 minutes ago, PowerOfSecurity said:

1. So I would like to understand the mechanisms behind ESET scans a bit more, basically how it works and how reliable it actually is? How can I, as a user, be sure that when ESET says there is no malware on my device, that there really is not? This question goes for any AV tool and I wonder how deep does such a scan from ESET actually go? How does the scan actually work? Sandboxing every file or...? I mean, an AV tool is basically the only protection and source for knowledge a user has regarding malcious activities.

 

Please read https://www.eset.com/int/about/technology for more information about various ESET technologies that we leverage to detect threats.

Since no AV can detect 100% of threats, you can never be 100% sure there is no malware on your machine if no threat has been detected by the AV no matter which one you use. However, with a state-of-the-art AV the chances that malware was running undetected are quite low.

As for sandboxing, ESET LiveGuard in ESET Smart Security Premium, ESET Ultimate Security and ESET LiveGuard Advanced in business products submits certain files to the cloud sandbox where where they detonate, the outcome is analyzed and a result is returned. Proactive protection is configured to block submitted files until a verdict is received.

 

26 minutes ago, PowerOfSecurity said:

3. How sensitive is ESET when actually setting it to "aggressive"?

With aggressive level of detection more threats can be detected at the cost of a relatively small increase of false positives.

Link to comment
Share on other sites

1 hour ago, Marcos said:

It protects you from threats in untrusted extensions, keyloggers (key scrambling) and threats that read browser's memory.

Also, clipboard protection;

Quote

Clipboard protection—If enabled, ESET Smart Security Premium will prevent pasting any online payment-related data modified by malware from the clipboard into the secured browser. This ensures protection against potential changes made by malicious software.

The only protection I see missing is for screen scrappers unless Eset memory protection covers that. Ref.: https://logixconsulting.com/2022/03/29/what-is-screen-scraping-malware-get-the-facts/

Edited by itman
Link to comment
Share on other sites

ESET keylogger protection only works with browsers. So it is not "system-wide" anti-keylogger, so it does not protect, for example, when you log in to Steam, or any non-browser based logins. That's why i'm using third-party system-wide anti-keylogger, which scrambles anything you type. 

I hope that ESET will add a feature, where you can add your favorite, like steam.exe to its keyloggin protection.

Link to comment
Share on other sites

Posted (edited)

Thanks for the replies thus far.

 

Just recently, ESET has prevented Avast from dropping a jsis.dll file within my directory. This .dll seems to have a connection to Win32/Avast.AVGSecureBrowser.A. From what info I could gather so far, it seems as if Avast no longer asks the user for permission when wanting to install the AVGSecureBrowser. 

 

However, some sites say that this .exe is malicious, so I wanted to ask if this is truly something concerning? Imagine Avast simply installing something malicious without consent.

Edited by PowerOfSecurity
Link to comment
Share on other sites

20 minutes ago, PowerOfSecurity said:

Just recently, ESET has prevented Avast from dropping a jsis.dll file within my directory. This .dll seems to have a connection to Win32/Avast.AVGSecureBrowser.A

The .dll is malicious: https://hybrid-analysis.com/sample/ecca190ce5307cee4b4f02062ba0fca6ae2d0fa0d5ac223c726eab31d55b822d along with its source, avast_secure_browser_setup.exe , https://any.run/report/cbf767eb0ad2158a1ef877f168f64a197cb190ddc3c081cf474f35bc0633fcde/9639ea79-9677-4603-a930-f906da1aadb0 or avg_secure_browser_setup.exe,  https://hybrid-analysis.com/sample/251af2d396c5d86b2f02b7e26d01d082b8dd75e99c86c707719fed7f4b02f1d1

Edited by itman
Link to comment
Share on other sites

2 hours ago, PowerOfSecurity said:

Win32/Avast.AVGSecureBrowser.A

Also unlike other AV and malware detection sandbox solutions that detect as malicious, Eset detects Avast/AVG Secure Browser as a PUA. More details here: https://malwaretips.com/threads/eset-now-detects-avast-avg-secure-browser-installer-as-pua.119375/ .

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...