Process launching monitor

Discussion in 'ESET Smart Security' started by plx, Aug 8, 2009.

Thread Status:
Not open for further replies.
  1. plx

    plx Registered Member

    Joined:
    Aug 8, 2009
    Posts:
    9
    Why ESS does not monitor such activity as process launching? so this firewall can be easily passed for example with writing some data to html file in the form and sending it via JS. That seems to me very strange - maybe i couldn't find such an option?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The firewall controls inbound and outbound network connections. It is the role of the real-time scanner to check if files perform malicious actions or not.
     
  3. plx

    plx Registered Member

    Joined:
    Aug 8, 2009
    Posts:
    9
    OK. What do you think about such option in real-time scanner? :)

    By the way, "The firewall controls inbound and outbound network connections": a creation of an htm file with a content like

    ...
    <body onload="f.submit();">
    <form id="f">
    <input type=text value="private gathered information">
    </form>
    ...

    is a way to bypass a firewall with use of browser launch. So, such detection must be the work of firewall too.
     
    Last edited: Aug 8, 2009
  4. plx

    plx Registered Member

    Joined:
    Aug 8, 2009
    Posts:
    9
    m? doesn't really anybody want to talk on this subject? :)
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If the html file was malicious it would/could be detected by the real-time scanner and other protection modules (ie. on-demand/startup/web/email scanners). It's not a role of firewall to detect suspicious html files.
     
  6. plx

    plx Registered Member

    Joined:
    Aug 8, 2009
    Posts:
    9
    Then what the role of firewall is? :)
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Firewall inspects packets at NDIS layer. Basically its role is to control communication at the lowest level.
     
Thread Status:
Not open for further replies.