Hello,

ESET SysInspector v1.1.2.0 has been released in English and Slovak. This release is a minor update and fixes the following issue:

Fixed vulnerability in the anti-stealth driver allowing mis-use of kernel processes under administrator privileges.No other changes have been made to the program. If you have further questions, please your local ESET office, distributor or reseller.

The new version is available for download from ESET's web site at http://www.eset.com/download/sysinspector.php (http://www.eset.com/download/sysinspector.php) .

Regards,

Aryeh Goretsky

Hello, with new generation v4 has been released new SysInspector, which is integrated. Do you plan new separated version?

Hello,

ESET SysInspector will continue to be updated and offered as a standalone product.

Right now, though, ESET has just completed integrating ESET SysInspector into ESET NOD32 Antivirus, ESET Smart Security and ESET Remote Administrator, so, as you might imagine, they are very interested in getting feedback on how the integration of the program is working with the public beta test versions of those programs.

Regards,

Aryeh Goretsky

-{ Quote: "they are very interested in getting feedback on how the integration of the program is working with the public beta test versions of those programs." }-


How ?! It is more or less the same as the standalone version . It is just integrated there but hidden for the "average Joe" because it is accessable only in Advanced mode . This way it is just a 3 Mb crap because it won't help the average Joe at all , it will simply sit there and do nothing . However , I can see it as advanced user . But I am advanced and I don't need it because it is not me who gets infected on daily bases ... and I do know users/clients who get infected on weekly bases .

Unless ESI does something automatically and warns even the average Joe of potential problems (red and yellow entries) , its integration is pointless.

I emailed a suggestion to ESET betasupport long time ago , let's see if there will be something later ... not that they are bound to do it.

Hello,

Ensuring that all components work correctly is the point of releasing the software as a public beta. As it is, issues have already been identified which ESET's developers are investigating.

ESET SysInspector is a very useful program for a variety of purposes beyond helping identify malware. Very common uses for it by ESET's support department include troubleshooting software conflicts and network conflicts. Having it present where it can be accessed right from within the program provides ESET's support department with a way to quickly resolve customer's issues without having to ask them lots of questions about their system, download and run various standalone programs, send the resulting log files back for analysis and so forth. I think it is fair to say that solving problems quickly benefits both ESET and its customers.

Also, keep in mind that just like everything else, additional features and functionality are planned for future versions of ESET SysInspector that will make it even more useful.

Regards,

Aryeh Goretsky


-{ Quote: "How ?! It is more or less the same as the standalone version . It is just integrated there but hidden for the "average Joe" because it is accessable only in Advanced mode . This way it is just a 3 Mb crap because it won't help the average Joe at all , it will simply sit there and do nothing . However , I can see it as advanced user . But I am advanced and I don't need it because it is not me who gets infected on daily bases ... and I do know users/clients who get infected on weekly bases .

Unless ESI does something automatically and warns even the average Joe of potential problems (red and yellow entries) , its integration is pointless.

I emailed a suggestion to ESET betasupport long time ago , let's see if there will be something later ... not that they are bound to do it." }-

I can see how this is going to be very useful to me as a tech. Can someone tell me where the status of the MBR is indicated?

Hello,

That functionality is not available in ESET SysInspector v1.1.2.0.

Regards,

Aryeh Goretsky

-{ Quote: "I can see how this is going to be very useful to me as a tech. Can someone tell me where the status of the MBR is indicated?" }-

Thank you for the reply, even though it was not what I was hoping to hear. The SysInspector download page lists it as a key feature. Is this functionality still in the works for subsequent releases?
My concern, of course, is the detection of the likes of Sinowal/Mebroot.

Regards,
wjal

Hello,

Allow me to clarify, ESET SysInspector can detect Win32/Mebroot infections, but it does so heuristically. When no threat is found, ESET SysInspector does not display information about the master boot record.

You can also download the standalone EMebRemover (http://www.eset.eu/download/emebremover) program from ESET's web site to remove the malware.

Regards,

Aryeh Goretsky


-{ Quote: "Thank you for the reply, even though it was not what I was hoping to hear. The SysInspector download page lists it as a key feature. Is this functionality still in the works for subsequent releases?
My concern, of course, is the detection of the likes of Sinowal/Mebroot.

Regards,
wjal" }-

Ahh.... thank you,
and congratulations on the development of a truly elegant application.

There has been a bit of a flare up in the forums regarding a POC exploit for version 1.1.1.0 that you may wish to address.
http://sysopt.earthweb.com/forum/showthread.php?t=202168

-{ Quote: "There has been a bit of a flare up in the forums regarding a POC exploit for version 1.1.1.0 that you may wish to address." }-

v 1.1.2.0 has already been released . The previous version has been removed from all official places/servers , etc . No point in discussing it anymore

TCP view has improved as it seems the rest looks similar to 1.1.1.1

Hello,

I took a quick look at the message thread, and it seems to be addressed by that forum's regular posters.

Regards,

Aryeh Goretsky


-{ Quote: "There has been a bit of a flare up in the forums regarding a POC exploit for version 1.1.1.0 that you may wish to address.
http://sysopt.earthweb.com/forum/showthread.php?t=202168" }-

I justed wanted to say, nice job with SysInspector!
Really nice tool, integrated with NOD32 it will kick ass!

My deepest regards and thanks for posting this update.

EASTER

I've tried SysInspector and it crashes on my home and work computers every time during start up. Just start scanning and then crash at 'Critical Files' point.

Asked ESET Support for assistance (as a registered customer), but seems they are unable to say something worth (stupid template responses and questions like 'Why do you want to run sysinspector?'). Sorry, just got angry of them.

-{ Quote: "I've tried SysInspector and it crashes on my home and work computers every time during start up. Just start scanning and then crash at 'Critical Files' point.

Asked ESET Support for assistance (as a registered customer), but seems they are unable to say something worth (stupid template responses and questions like 'Why do you want to run sysinspector?'). Sorry, just got angry of them." }-

Just answer their questions.

Hello,

Hopefully, you won't find these questions stupid, as knowing the answers to them will be helpful in troubleshooting the problem.

Were you running ESET SysInspector because you suspected you had an infection or other malicious activity occurring on your computer, or just wanted to try the program? Also, were you trying to run the 32-bit or the 64-bit version of ESET SysInspector?

What other security software is present on your computer?

Which version of Microsoft (http://www.microsoft.com/) Windows (http://www.microsoft.com/windows/) and what service pack level is your computer running? Is it fully patched?

Regards,

Aryeh Goretsky



-{ Quote: "I've tried SysInspector and it crashes on my home and work computers every time during start up. Just start scanning and then crash at 'Critical Files' point.

Asked ESET Support for assistance (as a registered customer), but seems they are unable to say something worth (stupid template responses and questions like 'Why do you want to run sysinspector?'). Sorry, just got angry of them." }-

Hi Aryeh,

Your questions are quite reasonable.

I just wanted to try the software in comparison with the Sysinternal's Process Explorer.
The computers were:
1) Windows XP 32bit SP3 (ESET Smart Security v3.0.667 installed and active)
2) Windows Vista 32bit Business SP1 (PCTools SDAV 6 installed but inactive)
Just a couple of minutes ago I've installed latest updates, run chkdsk, restarted, unload all unneeded apps and processes (except system ones) - no luck. Still crashes (got a fresh version from the site, just in case).

Also, I asked my colleague to run SysInspector and it runs ok (Vista 32 SP1).
Apparently something wrong with my software environment, but I've no idea what's.

-{ Quote: "
Were you running ESET SysInspector because you suspected you had an infection or other malicious activity occurring on your computer, or just wanted to try the program? Also, were you trying to run the 32-bit or the 64-bit version of ESET SysInspector?

What other security software is present on your computer?

Which version of Microsoft Windows and what service pack level is your computer running? Is it fully patched?

Regards,

Aryeh Goretsky" }-

m3y, I advised you to contact the support that will help you.
http://www.eset.com/support/contact.php

Fixer, I did. They replied 5 times, always not related to the issue, and finally just stopped responding when I asked to give me the contact of their manager or a team leader.

But support quality is not the issue. Especially in this thread. If they can't help, OK, no problem.

-{ Quote: "m3y, I advised you to contact the support that will help you.
" }-

Hello,

Although it is not active, it is possible that a service or driver from PC Tools Spyware Doctor with Antivirus is still resident in the operating environment and conflicting with ESET SysInspector's anti-stealth driver. I would recommend temporarily uninstalling the program, running ESET SysInspector, and then reinstalling it when you are finished. If possible, be sure to export your settings so that you can quickly re-import them once PC Tools Spyware Doctor with Antivirus is reinstalled.


Regards,


Aryeh Goretsky


-{ Quote: "Hi Aryeh,

Your questions are quite reasonable.

I just wanted to try the software in comparison with the Sysinternal's Process Explorer.
The computers were:
1) Windows XP 32bit SP3 (ESET Smart Security v3.0.667 installed and active)
2) Windows Vista 32bit Business SP1 (PCTools SDAV 6 installed but inactive)
Just a couple of minutes ago I've installed latest updates, run chkdsk, restarted, unload all unneeded apps and processes (except system ones) - no luck. Still crashes (got a fresh version from the site, just in case).

Also, I asked my colleague to run SysInspector and it runs ok (Vista 32 SP1).
Apparently something wrong with my software environment, but I've no idea what's." }-

Uninstalled, no changes.
Info from Process Monitor shows last activities before crash were the following:
1) QueryInformationVolume (...)\drivers\etc\hosts SUCCESS
2) QueryAllInformationFile (...)\drivers\etc\hosts BUFFER OVERFLOW
3) ReadFile (...)\drivers\etc\hosts SUCCESS
4) QueryNameInformationFile (....)\SysInspector.exe SUCCESS
Then crash initiated by svchost.


-{ Quote: "Hello,

Although it is not active, it is possible that a service or driver from PC Tools Spyware Doctor with Antivirus is still resident in the operating environment and conflicting with ESET SysInspector's anti-stealth driver. I would recommend temporarily uninstalling the program, running ESET SysInspector, and then reinstalling it when you are finished. If possible, be sure to export your settings so that you can quickly re-import them once PC Tools Spyware Doctor with Antivirus is reinstalled.


Regards,


Aryeh Goretsky" }-

Hello,

Does the crash occur if you run ESET SysInspector in Safe Mode or log in as a different user?

Regards,

Aryeh Goretsky

Tried the safe mode using the Administrator's login (WinXP SP3 32b) - exactly the same crash.
-{ Quote: "Does the crash occur if you run ESET SysInspector in Safe Mode or log in as a different user?
" }-

Hello,

That increases the chance that the problem is due to a kernel-mode and not a user-mode process, or at least something that runs across all accounts and not just the one you normally use to log in to the operating system.

While I check with the developers is there anything else you can tell me about the operating environment on the computers which is non-standard? Perhaps some additional security, system management, backup or data integrity tools that might be installed and running in the background?

Regards,

Aryeh Goretsky

Surprisingly, I've renamed the `hosts` file and the SysInspector started successfully.
I've made some tests with hosts file and now, I believe, found the issue. I'm using editor which configured to use unix type line ending (\n) and SysInspector expects win style (\r\n).

-{ Quote: "Hello,

That increases the chance that the problem is due to a kernel-mode and not a user-mode process, or at least something that runs across all accounts and not just the one you normally use to log in to the operating system.

While I check with the developers is there anything else you can tell me about the operating environment on the computers which is non-standard? Perhaps some additional security, system management, backup or data integrity tools that might be installed and running in the background?

Regards,

Aryeh Goretsky" }-

Hello,

That is very interesting; I have not seen that before. Then again, I suspect most people who edit their hosts file use an MS-DOS (CR/LF style) text editor.

Regards,

Aryeh Goretsky

New version is out: 1.2.012.0

http://www.eset.com/download/sysinspector.php

Is there an email or official feedback method for SysInspector?

I would like to request that SysInspect also check the following key as I had been beating my head in trying to find out how malware was starting... turns out it was an added "aux" key that loaded with WMI and Explorer.exe (and probably others).

The interesting thing about this is that once loaded, there were no references in memory or open handles to the file. Process Monitor just shows the image was loaded and threads were created.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

-{ Quote: "Is there an email or official feedback method for SysInspector?" }-

Perhaps if you send a request to support@eset.com someone will have a look at it.

Hello,

Your enhancement request has been noted.

Regards,

Aryeh Goretsky

-{ Quote: "Is there an email or official feedback method for SysInspector?

I would like to request that SysInspect also check the following key as I had been beating my head in trying to find out how malware was starting... turns out it was an added "aux" key that loaded with WMI and Explorer.exe (and probably others).

The interesting thing about this is that once loaded, there were no references in memory or open handles to the file. Process Monitor just shows the image was loaded and threads were created.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32" }-

Thanks for the update!