LocknetSSmith 6 Posted January 13, 2015 Share Posted January 13, 2015 I'm just checking to see if anyone knows if the ESET Endpoint products (I.e. Endpoint Antivirus and Endpoint Security) have definitions to protect against the "skeleton key" infection? If so, what the detection name is? - hxxp://www.darkreading.com/skeleton-key-malware-bypasses-active-directory/d/d-id/1318570 Thanks ~ Link to comment Share on other sites More sharing options...
Former ESET Employees Solution MichaelA 3 Posted January 15, 2015 Former ESET Employees Solution Share Posted January 15, 2015 Hello, Currently with the SHA1 and MD5 hashes of the 2 files that were discovered by Dell Secureworks are not being detected on VirusTotal at all by any AV vendor; however, that is not to say that the Advanced Memory Scanner (Version 6 applications) and Advanced Hieuristic analysis of the items on the Server environment would not be able to detect odd behavior in protected operating system areas. Also, the application makes mention that if 2FA (2 Factor Authentication), like ESET Secure Authentication, is utilized, the Skeleton Key malware would not be able to operate in an effective manner or at all. Link to comment Share on other sites More sharing options...
Recommended Posts