Exploit Blocker is designed to fortify often exploited application types on users' systems, such as web browsers, PDF readers, email client or MS office components. It adds another layer of protection by using a completely different technology, compared to techniques focusing on detection of malicious files themselves...
Instead, it monitors behavior of processes and watches for suspicious activities that are typical for exploits. When triggered, the suspicious behavior is analyzed and the threat might be blocked immediately on the machine. Certain suspicious activities are processed further in our cloud systems, which gives Exploit Blocker the potential to protect users against targeted attacks and previously unknown exploits, so called zero-day attacks.
Advanced Memory Scanner couples nicely with Exploit Blocker, as it is also designed to strengthen the protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation or/and encryption. This causes problems with unpacking and might pose a challenge to bypass for ordinary anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of a malicious process and scans it once it decloaks in the memory. This allows for effective infection prevention even from heavily obfuscated malware.
Vulnerability shield is an extension of firewall and improves detection of Common Vulnerabilities and Exposures (CVE's) on the network level.
By implementing detections for CVE's of widely used protocols, such as SMB, RPC and RDP, it constitutes another important layer of protection against spreading malware, network-conducted attacks and exploitations of vulnerabilities for which a patch has not been released or deployed yet.
Built on ThreatSence.NET® advanced early warning system, ESET LiveGrid® utilizes data that ESET users have submitted worldwide and sends it to ESET's Virus Lab. ESET Virus Lab specialists then use the information to build an accurate snapshot of the nature and scope of global threats in order to release relevant updates to our virus signature database, keeping ESET adaptive to the latest threats.
Moreover, it implements a reputation system that helps to improve the overall efficiency of our anti-malware solutions. When an executable file or archive is being inspected on user's system, its hash tag is first compared against a database of white- and blacklisted items.
If it is found on the whitelist, the inspected file is considered clean and also flagged to be excluded from future scans. If it is on the blacklist, appropriate actions are taken - based on the nature of the threat. Only if no match was found, the file is scanned thoroughly. Based on results of this scan the file becomes a candidate to extend the corresponding list. This approach has a significant positive impact on scanning performance.
This reputation system allows for effective detection of malware samples even before their signatures are delivered to user's computer in via updated virus database (which happens several times a day).
Anti-Phishing technology protects you from attempts to acquire passwords, banking data and other sensitive information by fake websites masquerading as legitimate ones. When user's computer attempts to access an URL, ESET systems compare it against our database of known phishing sites. If a match is found, connection to the URL is aborted and a warning message is displayed. At this point, user has as well the option to proceed to the URL at his/her own risk or report the URL to us as a potentially false positive warning.
The anti-phishing database is updated by ESET regularly (users' computers receive data about new phishing threats every 20 minutes) and this database includes information from our partners as well.
Along this straightforward approach, ESET Anti-Phishing implements specific proactive algorithms. These inspect the visual design of websites in an effort to eliminate those parasitizing on their genuine counterparts. This approach is used to detect for example fake internet banking forms.
ESET's Security Research Lab daily receives many infected samples from various sources. Sample submissions from users, customers or distributors (sent to email@example.com) are an important source of new malware.
Other sources include sample exchanges or active honey pots, for example. After being pre-processed by automated algorithms, the received samples are reviewed by a team of detection engineers and malware analysts. Their job is to decide whether the submitted file or URL is malicious, and if it is, to create a suitable detection algorithm for it.
There are several types of detection signatures and the detection engineer has to choose the most effective one depending on the characteristics of malware. Newly created signatures are then packed together and released to our users in the form of a Virus Database Update. These updates are rolled out several times a day.
ESET's ThreatSense® scanning engine uses several types of detection signatures for detecting malicious objects (files, processes, URLs, etc.). The signature types range from very specific hashes (useful, for example, in targeting specific malicious binaries, specific versions of malware, statistical purposes, or simply giving a more precise detection name to a malware that we have been detecting generically) to so-called DNA-based generic signatures, which are rather complex definitions of malicious behavior and malware characteristics. These generic signatures also rely on heuristics and emulation to evaluate the scanned sample.
In the generic signatures lies the strength of ESET's proactive detection. This means that the detection is effective, as well as efficient - a single well-crafted generic signature can detect thousands of related malware variants and that our antivirus software can detect not only malware that we know of, or have seen before, but also new, previously unknown variants.
When computer is infected with malware, it will usually suffice to delete the detected file(s) in order to clean the infected system. But in certain cases - for example when the malware has modified operating system files or when a parasitic virus has infected the user's own files - the situation gets more complicated. Simply deleting the infected file could cause data loss or even render the computer unbootable.
Therefore, a different approach - cleaning or disinfection of the infected files - has to be taken. In most of such cases the cleaning is performed directly by the installed antivirus. Exceptionally, however, the disinfection steps are too complex or simply too dangerous (system stability-wise) and we may opt to release standalone cleaners for this purpose. These are available free of charge, also for non-customers.
Advanced Heuristics is one of the technologies used for proactive detection. It provides the ability to detect unknown malware based on its functionality through emulation. Its latest version introduces a completely new way of code emulation based on binary translation.
This new binary translator helps to bypass anti-emulation tricks used by malware writers. Along these improvements, also the DNA-based scanning has been extended significantly. This allow for better creation of generic detections addressing current malware.