Advice Request Can Antiviruses Access the Places I Specify?

Please provide comments and solutions that are helpful to the author of this topic.

ciao

Level 1
Thread author
Nov 22, 2022
46
Hello, there is a lot of disagreement about this. That's why I wanted to ask someone who knows about it. My question is:

ADVANCED THREAT PROTECTION of antiviruses (can be any) Can "MBR/GPT, boot sector/VBR, BIOS/UEFI firmware, EFI system partition" access and detect threats there?


Some say if it's UEFI it can access and detect, some say it can't reach it at all, some say it can access and detect all of them. What is the truth, can an expert or someone who knows tell me?
 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,246
Hello :)

It is mainly to detect Rootkit and MBR modifications made by MBRLocker Ransomware.
On the other hand, all the systems are in UEFI, so the antiviruses integrate defenses to counter them
 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,246
In other words, in systems with MBR (I guess when MBR the system is LEGACY, so I get both the same) only changes are checked and a scan is not performed. So what happens on UEFI systems?

There is an .EFI file that is checked in analysis
 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,246
So what I'm saying is not accurate? So is it certain that ESET will notice changes in LEGACY, or is it also certain that ESET's ADVANCED THREAT PROTECTION will access UEFI and detect viruses there?

The answer is what you said before :)
 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,246
So that's right ok but I was wondering if somehow ESET's access can be interrupted or not notice the changes so for sure? :)

No. If there is a modification, it will be detected, as I told you :)
 
  • Like
Reactions: simmerskool

ciao

Level 1
Thread author
Nov 22, 2022
46
No. If there is a modification, it will be detected, as I told you :)
Well, (I'm a little paranoid about this, sorry if I'm boring too much :)) is this not valid on Legacy systems?

and advanced threat protection on UEFI systems also works, accesses and detects and that's for sure right?
 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,246
Well, (I'm a little paranoid about this, sorry if I'm boring too much :)) is this not valid on Legacy systems?
Advanced protection no. Analysis yes

and advanced threat protection on UEFI systems also works, accesses and detects and that's for sure right?

Yes
 
  • Applause
Reactions: vtqhtr413

ciao

Level 1
Thread author
Nov 22, 2022
46
Advanced protection no. Analysis yes



Yes
translation is wrong that's why I misread advanced threat protection can't access but you said change is analyzed sorry

But if there was a change on legacy systems before ESET was installed, can ESET still detect it? @Shadowra
 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,246
translation is wrong that's why I misread advanced threat protection can't access but you said change is analyzed sorry

But if there was a change on legacy systems before ESET was installed, can ESET still detect it? @Shadowra

Theoretically not.

No problem for the translation :)
 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,246
Practically?

There was a problem with Google translation, because you wrote "no" and put a period, the "number" understood it.

I'll make it simpler:

If the system is in LEGACY, Eset does not scan the MBR.
The LEGACY system is no longer used on new PCs and new OSs

If the system is in UEFI / EFI, Eset detects the changes (included in the protection against advanced threats) and can also scan and clean! :) (.EFI file that is scanned if you do a scan) .
This is a solution that has been integrated into Eset 8 from memory to counter the arrival of Bootkit (like TDL4 / Alureon) and other Ransomware MBRLocker .

I hope I was simple in my explanations :p
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top