Our global research labs drive the development of ESET's unique technology
ESET uses multilayered technologies that go far beyond the capabilities of basic antivirus. Download this white paper for an overview of core ESET technologies and an approximation of when and how they can detect and/or block a threat during its lifecycle in the system.
ESET is the first internet security provider to add a dedicated layer into its solution that protects the Unified Extensible Firmware Interface (UEFI). ESET UEFI Scanner checks and enforces the security of the pre-boot environment that is compliant with the UEFI specification. It is designed to monitor the integrity of the firmware and in case modification is detected, it notifies the user.
UEFI is a standardized specification of the software interface that exists between a device’s operating system and its firmware, replacing the Basic Input/Output System (BIOS) used in computers since the mid-1970s. Thanks to its well documented layout, UEFI is easier to analyze and parse, thus allowing developers to build extensions for the firmware. However, this opens the door for malware developers and attackers who can infect the UEFI with their malicious modules.
ESET has developed its own in-house machine learning engine, dubbed ESET Augur. It uses the combined power of neural networks (such as deep learning and long short-term memory) and a handpicked group of six classification algorithms. This allows it to generate a consolidated output and help correctly label the incoming sample as clean, potentially unwanted or malicious.
To offer the best detection rates and lowest possible number of false positives, the ESET Augur engine is fine-tuned to cooperate with other protective technologies such as DNA, sandbox and memory analysis as well as extraction of behavioral features.
Cloud Malware Protection System
The ESET Cloud Malware Protection System is one of several technologies based on ESET’s LiveGrid? cloud system. Unknown, potentially malicious applications and other possible threats are monitored and submitted to the ESET cloud via the ESET LiveGrid? Feedback System.
The samples collected are subjected to automatic sandboxing and behavioral analysis, which results in the creation of automated detections if malicious characteristics are confirmed. ESET clients learn about these automated detections via the ESET LiveGrid? Reputation System without the need to wait for the next detection engine update.
Behavioral Detection and Blocking - HIPS
ESET's Host-based Intrusion Prevention System (HIPS) monitors system activity and uses a pre-defined set of rules to recognize suspicious system behavior. When this type of activity is identified, the HIPS self-defense mechanism stops the offending program or process from carrying out potentially harmful activity.
Users can define a custom set of rules to be used instead of the default rule set; however this requires advanced knowledge of applications and operating systems.
Today’s malware is often heavily obfuscated and tries to evade detection as much as possible. To see through this and identify the real behavior hidden underneath the surface, we use in-product sandboxing. With the help of this technology, ESET solutions emulate different components of computer hardware and software to execute a suspicious sample in an isolated virtualized environment.
We use binary translations to keep the in-product sandboxing lightweight and avoid slowing down the machine. We implemented this technology in our solutions in 1995 and have been improving it ever since.
ESET Ransomware Shield is an additional layer protecting users from ransomware. This technology monitors and evaluates all executed applications based on their behavior and reputation. It is designed to detect and block processes that resemble the behaviors of ransomware.
The technology is activated by default. If ESET Ransomware Shield is triggered by a suspicious action, then the user will be prompted to approve/deny a blocking action. This feature is fine-tuned to offer the highest possible level of ransomware protection together with other ESET technologies including Cloud Malware Protection System, Network Attack Protection and DNA Detections.
Network Attack Protection
Network Attack Protection is an extension of firewall technology that improves detection of known vulnerabilities on the network level. It constitutes another important layer of protection against spreading malware, network-conducted attacks and exploitation of vulnerabilities for which a patch has not yet been released or deployed.
We Live Security
Stay up to date on IT security with news, views and how-tos from our experts.
ESET Security Forum
Join professionals from the www.t8z3a.cnmunity for IT conversations.
Join us on Facebook for everything ESET – including news and unique fan content!