Diagnostic program ESET SysInspector

ESET has a fine free diagnostic program available called ESET SysInspector that can be used to assess a system for malware or other problems. This program should appeal to those of you who use HijackThis, AutoRuns, and similar programs. This program has not been mentioned often on Wilders non-ESET forums, so I wanted to bring this program to the attention of those of you who don't frequent the Wilders ESET forums.

I like this program . The use of color coding and ability to filter by risk level is very nice; nine different risk levels exist. I also appreciate the ability to compare a saved log with the current log to see what changed over time. The claimed ability to find items cloaked by rootkits is another advantage over some other diagnostic programs. The program doesn't provide any fixing capabilities presently, although it does allow you to open file items in Windows Explorer and registry items in RegEdit.

 

Hello , MrBrian ! I'd greatly appreciate your post . Eset SysInspector : INDISPENSABLE ! One click - and you know ALL ! Immediately . And in action : see Sysinternals Forums / Windows Discussions / Malware / thread : Bugs on the screen ( 03 June 2008 ) ... Look to my configuration on Wilders / Other Anti-Malware Forum / thread : What is your security ... Page 105 . Thanks , PROROOTECT

 

Thanks for the link MrBrian.

Another useful app I will add to my "Fixit" folder on my usb drive.

 

You're welcome .

Here is a screenshot, highlighting the Services section and one particular service. Notice how the color coding allows you to easily see which services are unknown. The filtering level can be set to see only items that are more suspicious.

 

Indeed it's very good MrBrian, and i would never find it if you didn't make this thread. I don't read much from ESET's forum myself.

Smokes a few programs i had for the effect.

Thank you

 

You're welcome . I hope more people discover this program.

 

I just did! Thanks MrBrian. This is a handy and illuminating app to add to my arsenal.

 

Thanks!
Nice addition to the tools folder

 

Thanks, got it. It does flag OutPost Firewall as a rootkit (and ranks it 9).

 

I did some tests of SysInspector.

First I ran SysInspector, noting some of the files on my system that were considered 'known' items by SysInspector. Then I changed some of these 'known' files with a hex editor. Then I ran the program again. In every case, the altered items were considered 'unknown', which is exactly what I hoped for! SysInspector appears to have a hash-based whitelist. This was determined by changing a 'known' file that had no digital signature, repairing the PE checksum (to rule this out as a possible mechanism), and noting that the file's status changed to 'unknown'. SysInspector also appears to check digital signatures, if present. This was determined by changing a 'known' file with a digital signature that was newer than the date of the SysInspector exe itself (to rule out use of a built-in whitelist), turning off Internet access (to rule out use of an Internet-based whitelist), and noting that the file's status changed to 'unknown'.

I also tested the program's claim of finding rootkit-hidden items. I installed Elite Keylogger. I then ran SysInspector. SysInspector found 3 hidden drivers and assigned all of them status 9-risky, the highest risk status.

I am pleased with the results of these tests .

 

Nice tip!

 

Eset SysInspector & MrBrian : GREAT IN ACTION !
Thanks , PROROOTECT

 

Hello,

ESET SysInspector will be integrated into new major version of ESET Smart Security. With upgradability of Antistealth module it will provide powerful and very fast information about your infected machine.

Regards

 

Will a standalone version remain also?

 

Yes

 

Dear Kosak

Will SysInspector be available in EAV or only in ESS ?
May I also ask if a major new version of EAV is also in pipeline ? Thanks

SKA

 

Nice tool.
But one thing makes me somewhat confused:
When I install Spywareblaster and immunize with it, the hosts eset sysinsp. finds seems to be fine.
When I install Spybot & Destroy and immunize all, sysinspector finds a lot of critical hosts ...

 

Spywareblaster(SB) does not add Hosts file entries when you "immunize with it". The only Hosts file feature associated with SB is the ability to create a back-up of your Hosts file for safe keeping.

 

Thanks, didn't know that.
And the changes that immunization with Spybot & Destroy brings to the Critical Files results of SysInspector? Are these hosts file changes by Spybot a bad thing? (because Sysinspector does make me think so, but maybe I don't understand well what it means, these critical files..)

 

New version released (1.1.2.0):

http://www.eset.com/download/sysinspector.php

Fixed vulnerability of the ESI driver allowing under administrator privileges to run and misuse kernel processes while running ESI.

 

Thank you, MrBrian!

SysInspector & MrBrian: GREAT's in ACTION!

PS. Download also in SysInspector: Help / Check for Updates.