Eset Exploit Protection

[Deleted member 2913]

Theres a thread going on Eset Exploit Protection on Wilders

http://www.wilderssecurity.com/thre...of-an-eset-vulnerability.377379/#post-2504929

A users post I am pasting here

"
I think we are getting close here.

Eplghooks.dll resides in Eset x86 folder. In other words, it's a 32 bit .dll. Now this excerpt:

SetWindowsHookEx function can be used to inject a DLL into another process if the following conditions are met:

• A 32-bit DLL can be injected only into a 32-bit process, and a 64-bit DLL can be injected only into a 64-bit process. It is not possible to inject a 32-bit DLL into a 64-bit process or vice versa.
• The 32-bit and 64-bit DLLs must have different names.

ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa384274(v=vs.85).aspx

So on x64 OS and processes, Eplghooks.dll will never be used. On a 32 bit OS, I am sure it will inject just fine. Fooling around on a 64 bit OS will crash your system as I learned the hard way.

As you commented, there is no full exploit mitigation when Eset is installed on a 64 bit OS. There is detection when running a 32 bit process and what appears to be blocking but that is it based on my tests. No alerts or logs entry, etc.. When running a 64 bit process, Eset's exploit protection is a "hit or miss" scenario from what I have determined.

You need a separate exploit blocker that does work unconditionally on 64 bit processes if running Eset on a 64 bit OS."

 

[Piteko21]

so, I have ESET in my wind 8.1 64 bits and also have Malwarebytes anti-exploit free.
I think I should be a little more protected, although the free version does not protect me against all...

nice thread @yesnoo

 

[Azure]

Another interesting post from there.

"You have to exclude at least ekrn.exe and also eguie.exe for good measure from protocol filtering as I have circled in the screen shot. Once that is done, Eset passes every test tool x64 exploit test."
http://www.wilderssecurity.com/thre...of-an-eset-vulnerability.377379/#post-2505218