ESET Windows home products version 15

I certainly wouldn't suggest it! As you referenced above, I did a series of videos on this topic far, far too many years ago demonstrating that many anti-malware solutions were inadequate boot time protectors. I submitted these findings to the vendors affected, and some like Kaspersky and Avast included this protection in their next builds while ESET did not (and still does not as I verified this morning).

 

I still have to question the value of a boot time protector in a product that already failed and let the problem in to begin with. I'd want to dump that product regardless at that point. It's like asking the security guard at your front door to come in and make sure the intruder they let in last night doesn't come to the breakfast table.

 

Could not have said it better myself.

 

Jack- A file can be created with the persistence mechanism of dropping an actual malware file (like some ransomware, or whatever) that has been woven into it. The trick here is that even if an AV solution would normally detect the malware file if it was run directly, it still must be quick enough (not have a delayed protection responsiveness) to detect that malware file on System start.

Such a delay is sub-optimal.

 

By this sort of reasoning, an AV that excludes boot-time scan capability must consider that their front-line protection is 100% bullet-proof versus every malware now extant as well as any & all 0-day stuff-to-come, plus every possible trick hackers might come up with.

AFAIK, even AVs with the very best BB/Heuristics do not catch every possible 0-day. Also, I have read that another purpose of boot time scans is to scan items that cannot readily be scanned when Windows is running, such as kernel and core files, as well as malware that seeks to hide itself. Lots of articles on this -- are they all wrong?

I continue to wonder WHY so many top-notch AVs have boot-time scans if they are unnecessary. Are the nay-sayers right and all those professional AV staffers are wrong? Is inclusion of a boot-time scan done solely for advertising purposes? If so, those AVs aren't doing a very good job of it. The capability for boot-time scans can be found on their sites but it isn't prominently displayed. I had to look for it.

IMO, every AV is striving to be bullet-proof BUT it remains prudent for them to include an effective boot-time scan capability until such time as a bullet-proof status is achieved.

 

A little reading for those interested:

https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware

https://docs.microsoft.com/en-us/windows-hardware/drivers/install/elam-prerequisites

 

With boot-time scan do you mean an on demand scan like the one from Avast? Imho that is not an important feature. Yes, such a scan could reveal hidden malware because it doesn't have a chance to load at boot yet. However, so can other solutions like a bootable CD/USB environment from an AV vendor, or attaching your drive to another computer and scanning it from that. Those are less convenient, but the chances of finding such hidden malware seem greater to me when you don't boot the OS at all, instead of scanning early during boot with a boot-time scan.

ELAM seems more important to me, since it is actually real-time protection during early boot, and as such can detect the malware from early on, instead of after the fact when it is already too late. ESET does support ELAM:
https://www.wilderssecurity.com/thr...re-and-avs-supporting-it.369386/#post-2924842

 

Do understand that I do not expect any product to be bulletproof. My response is actually about the opposite. Once we have reached the point where the boot time scanner would catch something, we have failed regardless of what comes next. At this point, i am going to reimage my disk, not trusting that it is safe to continue as is, even if a product claims to have detected something at boot time and claims to have resolved the issue, I am not trusting that there is not something left behind.

@cruelsister
Good points but again, I am going to reimage at that point.

A good backup solution beats just about any security solution.

 

I agree with re-image procedure upon malware discovery. I surely wouldn't go into process of disinfection hoping that everything will be OK.

Only benefit of using pre-boot environment for me would be if AV wouldn't be capable of detecting malware from within OS but would detect it only from pre-boot environment. IDK if such situation can occur in practise since most AVs use some kind of anti-rootkit technology.

 

Yes, and a boot-time scan might tell you when that point has been arrived at. Or do you not want to know?

Me,too. I NEVER set an AV to "fix" anything. I set it to Quarantine & report all supposed nasties. Since 1998, my "fixing method" for substantive computer problems has always been to Restore-a-clean-image.

To me, an AV's capability to do a boot-time scan is an added tool in my tool shed. If effective-AV "A" offers a useful protective tool and effective-AV "B" does not, I go for "A". (I am not talking about AVs that include tools unrelated to computer security. I have ZERO interest in bloated AVs.)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

@itman -- Should I interpret your smiley/wordless comment #110 to mean that all those top-tier AVs that include capability for boot-time scans are simply offering useless bloat for possibly no more than advertising purposes?

 

THIS !

 

[CA8262] Modules Review, March 2022

https://support.eset.com/en/ca8262-modules-review-march-2022

 

I can confirm the issue in my Windows 11 machine.

 

Unable to duplicate here, everything seems fine. There must be some other factor here as well.

 

Update from Marcos today on the issue at that Eset forum thread
https://forum.eset.com/topic/32254-eset-and-task-manager-conflict-or-bug/page/4/

 

I now have this module but I cannot confirm that it fixes anything as I was never affected to begin with. It will be interesting to see the responses from the folks that were.

 

[CA8268] Local privilege escalation vulnerabilities in installers for ESET products for Windows fixed

https://support.eset.com/en/ca8268-...nstallers-for-eset-products-for-windows-fixed

 

I too got it today on the regular release channel : Internet protection module 1440.2

 

Seeing these issues crop up makes me concerned as my license ends in 6 weeks. I know they have fixed them but I hope this doesn't become a trend. I'll probably renew but am a little hesitant to do so without seeing how the next couple of weeks go.

 

[CA8275] Modules Review, April 2022

https://support.eset.com/en/ca8275-modules-review-april-2022

 

The last few days ( 2 or 3 ) I got some kind of "explosion" of module updates, on the regular update channel.
I don't remember me that I ever got so many modules updated in such a short time.
No, I'm not complaining. The developpers must have been very busy.

 

As far as ESSP goes, I received one on 5/24. The update prior to that was on 5/18.

 

You are on the pre-release update channel? As far as I remember, you are. Please post on which channel you are. That could make a difference. I'm also aware that not everyone get all the updates at the same day.

Just only today I got about 10 (yes, ten) module updates. And I got more in recent days. Sometimes it was the same module that was again and again updated. Sometimes I think that I saw a bit strange thing happening (date and version number), but let's not talk about that.

I could post my current list of modules, and a comparison with a previous one, but I have decided long ago not to do that anymore.