D
Deleted member 2913
Thread author
Theres a thread going on Eset Exploit Protection on Wilders
http://www.wilderssecurity.com/thre...of-an-eset-vulnerability.377379/#post-2504929
A users post I am pasting here
"
I think we are getting close here.
Eplghooks.dll resides in Eset x86 folder. In other words, it's a 32 bit .dll. Now this excerpt:
SetWindowsHookEx function can be used to inject a DLL into another process if the following conditions are met:
So on x64 OS and processes, Eplghooks.dll will never be used. On a 32 bit OS, I am sure it will inject just fine. Fooling around on a 64 bit OS will crash your system as I learned the hard way.
As you commented, there is no full exploit mitigation when Eset is installed on a 64 bit OS. There is detection when running a 32 bit process and what appears to be blocking but that is it based on my tests. No alerts or logs entry, etc.. When running a 64 bit process, Eset's exploit protection is a "hit or miss" scenario from what I have determined.
You need a separate exploit blocker that does work unconditionally on 64 bit processes if running Eset on a 64 bit OS."
http://www.wilderssecurity.com/thre...of-an-eset-vulnerability.377379/#post-2504929
A users post I am pasting here
"
I think we are getting close here.
Eplghooks.dll resides in Eset x86 folder. In other words, it's a 32 bit .dll. Now this excerpt:
SetWindowsHookEx function can be used to inject a DLL into another process if the following conditions are met:
- A 32-bit DLL can be injected only into a 32-bit process, and a 64-bit DLL can be injected only into a 64-bit process. It is not possible to inject a 32-bit DLL into a 64-bit process or vice versa.
- The 32-bit and 64-bit DLLs must have different names.
So on x64 OS and processes, Eplghooks.dll will never be used. On a 32 bit OS, I am sure it will inject just fine. Fooling around on a 64 bit OS will crash your system as I learned the hard way.
As you commented, there is no full exploit mitigation when Eset is installed on a 64 bit OS. There is detection when running a 32 bit process and what appears to be blocking but that is it based on my tests. No alerts or logs entry, etc.. When running a 64 bit process, Eset's exploit protection is a "hit or miss" scenario from what I have determined.
You need a separate exploit blocker that does work unconditionally on 64 bit processes if running Eset on a 64 bit OS."