Eset Exploit Protection

  • Thread starter Deleted member 2913
  • Start date
Status
Not open for further replies.
D

Deleted member 2913

Thread author
Theres a thread going on Eset Exploit Protection on Wilders

http://www.wilderssecurity.com/thre...of-an-eset-vulnerability.377379/#post-2504929

A users post I am pasting here

"
I think we are getting close here.

Eplghooks.dll resides in Eset x86 folder. In other words, it's a 32 bit .dll. Now this excerpt:

SetWindowsHookEx function can be used to inject a DLL into another process if the following conditions are met:
  • A 32-bit DLL can be injected only into a 32-bit process, and a 64-bit DLL can be injected only into a 64-bit process. It is not possible to inject a 32-bit DLL into a 64-bit process or vice versa.
  • The 32-bit and 64-bit DLLs must have different names.
ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa384274(v=vs.85).aspx

So on x64 OS and processes, Eplghooks.dll will never be used. On a 32 bit OS, I am sure it will inject just fine. Fooling around on a 64 bit OS will crash your system as I learned the hard way.

As you commented, there is no full exploit mitigation when Eset is installed on a 64 bit OS. There is detection when running a 32 bit process and what appears to be blocking but that is it based on my tests. No alerts or logs entry, etc.. When running a 64 bit process, Eset's exploit protection is a "hit or miss" scenario from what I have determined.

You need a separate exploit blocker that does work unconditionally on 64 bit processes if running Eset on a 64 bit OS."
 
  • Like
Reactions: Logethica, LabZero, nissimezra and 4 others
Piteko21

Piteko21

Level 18
Verified
Top Poster
Well-known
Sep 13, 2014
874
so, I have ESET in my wind 8.1 64 bits and also have Malwarebytes anti-exploit free.
I think I should be a little more protected, although the free version does not protect me against all...

nice thread @yesnoo ;)
 
  • Like
Reactions: nissimezra
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
Technology Epic Games Store will end Windows 7, 8, 8,1, and 32-bit Windows 10 support in June 2024
Replies
0
Views
197
Technology News
Gandalf_The_Grey
Gandalf_The_Grey
Jonny Quest
    • Like
    • +Reputation
New Update F-Secure Beta 19.4 Released
Replies
44
Views
2,964
F-Secure
Trident
Trident
Ink
    • Like
Deprecated Discord to end 32-bit support for Windows; December 1st
Replies
1
Views
656
Social media
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top