Eset and x64 systems

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by Habakuck, Jul 12, 2011.

Thread Status:
Not open for further replies.
  1. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
  2. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    ESET does scan that folder, the explanation is simple, as those are drivers, 99% is in use :). Somewhat of a pointless test tbh.
     
    Last edited: Jul 12, 2011
  3. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    And if a malware driver is in use Eset will not scan it too? :cool:
     
  4. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Correct. Direct Disk Access scanning for locked files should be implemented.
     
  5. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    No, then it will be picked up in operating memory, and removed in either safe-mode, with sysrescue, or a standalone removal tool
     
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    This would have been my question as well. There are products that work. It might be a good idea to compete with them. :ouch:
     
  7. Temp Member

    Temp Member Registered Member

    Joined:
    Mar 28, 2009
    Posts:
    263
    Location:
    Glasgow
    There should be a mode where it can scan 100% of all files even if it means in Safe mode or even before Windows boots up!

    No doubt there is some of recovery CD you can boot from same as other AV vendors but that is not what I mean!
     
  8. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Are you saying,that eset cant scan the drivers because they are in use ,whereas the other products in that thread can?.Or are you saying that it was just lucky that when the other products returned those results ,those drivers just happened not to be in use?.
    ellison
     
  9. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    I'm saying that some products list them as scanned even though it could not open them because they were in use. This excluding HitmanPro as I know they actually wrote their own filesystem driver. Other than that it's a Windows limitation.
     
  10. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    If what you say is correct ,i would be interested in any proof you may have or have heard of) that some of those products that show they have scanned the 64 drivers in the said thread ,haven't really,as they haven't opened them,and what products are you referring too?.I use avast as a primary av.I also use SAS .Do you know whether these products actually scan those drivers ,or are they just reporting that they have scanned ,when in actual fact they haven't?.
     
  11. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Please discuss non Eset software (proof etc) in the already referenced thread
     
  12. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    If that's the case im not quite sure why you haven't transferred all the posts in this thread to the referenced thread? unless its ok to make claims about other avs in an eset forum but not be able to reply to those claims in an eset forum?
     
  13. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    What is there to be unsure about. Eset forums is to discuss Eset products. Lets see if more can be learned about whether Eset can or can't scan those drivers. Any further posts should be about that.
     
  14. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    It can scan them just fine, if you are in safe-mode or using the sysrescue disc. Since ESET uses the Windows filesystem, it's "limited" to the broundries of that filesystem. Unless other vendors use their own FS driver (like HMP) I can't see it working any other way. Mind you, this is all based on my own assumptions.

    ..although this has nothing to do with x86 or x64 really, it's the same for all files that are in use while scanning :)
     
  15. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    I think we have already ascertained that eset cant scan those drivers in normal windows mode .The thread then evolved by insinuating that other avs cant scan them either but in essence pretend too ...hence my asking for clarification or proof ,hence the uncertainty in my last post.
     
    Last edited: Jul 12, 2011
  16. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Thank you for being concise and honest.I don't know whether other avs scan them correctly or are pretending too either ,hence me asking for proof or links.Maybe an av expert can comment/?
     
  17. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    That should be the normal procedure for all drivers, yes. Or direct disk access. Normally i think both methods should be used...
    But as you said: Eset should scan those files, in memory or not... but Eset does not scan them!
     
  18. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    It does for me, it just gives an error when opening. It also removes any EICAR file I put in that folder, so real-time protection is also watching it.
     

    Attached Files:

  19. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    520
    I just scanned the system32\drivers folder in my 32 bit vista laptop and the number of scanned items is 382 and there were no error messages in scan log. So if Eset is showing less items in a 64 bit drivers folder scan I think Eset is not able to scan them. I use defraggler portable which has 64 bit files and Eset has no issues in scanning them. May be a reply from an expert will clarify these.
     
  20. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    ESET's antistealth technology does allow some types of disk and memory redirection used by malware to be bypassed, but if a file is held open exclusively by the operating system (e.g., other programs are blocked from accessing it) than in order to scan that file (or files) the computer should be started from an ESET SysRescue disc and the file system(s) on the hard drive(s) scanned from there.

    Regards,

    Aryeh Goretsky
     
  21. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Yeah but Eicar is not a x64 file... And the errors could indicate that Eset is not able to scan 64 bit files. I think they really should work on this!
    TDL4 taught us that x64 rootkits are possible and in the wild and the development of 64 bit malware will grow rapidly due to the fact that x64 systems will push into the marked during the next years..
    Especially the gaming computer market, which is massively targeted my Eset, is 64-bit land... I think nearly all new gaming computers selled at the moment are x64 systems.

    Indeed the main reason i am interessted in Eset is that i want to protect my gaming machine (x64 setup for sure) but now i am not sure whether this is a good idea or not.
     
  22. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Hello Aryeh,

    i think what you said is not coherent to the posts above.

    On x86 systems eset is able to scan those drivers in user, for sure think, otherwise it would not be able to protect the computer in real time. I dont think that scanning the computer every day from a liveCD is an option for any user...


    -> So far we got no conclusive answer from Eset support whether NOD32 is able to scan x64 files or not. <-
     
  23. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372

    64 bit is the only foreseeable future. With windows 8 coming out most likely by the end of next year a 4 gig limit on RAM will be considered the bare minimum in any system, it basically is now. The only place where one finds less than 4 gigs of ram is the tablet pc category and that is dominated by DROIDS and APPLES of the world (Linux and Unix).
     
  24. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    ESET's software scans x86 and x64 files and removes (cleans, deletes or takes whatever appropriate actions area available) threats from them as well. It also detects programs which attempt to block detection through memory or disk I/O manipulation (stealth or "rootkit" type behavior) as well.

    As previously noted, some files cannot be scanned because they are held open exclusively by the operating system. In these instances, you will need to perform an offline scan (ESET SysRescue disc, mount the hard disk drive in another PC, etc.) to check them for threats.

    For removal of the Win32/Olmarik rootkit (also known as Alureon, TDL3, TDL4, TDSS and so forth), you can use the standalone cleaner available from ESET Knowledgebase Article #2372, "Stand-alone malware removal tools." Additional instructions are available in the video at the bottom of the page.

    Regards,

    Aryeh Goretsky
     
  25. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372

    Thanks!

    Great to hear.
     
Thread Status:
Not open for further replies.