Question Can Advanced Threat Protection of Antiviruses Access BIOS?

[Justcicia]

Hello.

1. Can ESET Premium Security's Advanced Threat Protection find viruses in BIOS or boot partitions?


2. What is the difference between BIOS viruses and boot (UEFI-MBR-Bootkit) viruses?

Note: I'm trying to get the most accurate information about this subject. Therefore, I would be grateful if knowledgeable and expert people on these issues would also give answers.

 

[Colif]

1. Can ESET Premium Security's Advanced Threat Protection find viruses in BIOS or boot partitions?

Yes & No. It can protect UEFI bios, but not legacy bios. See below.

Can ESET Smart Security Premium Access the BIOS Chip?

Hello He said somewhere that antiviruses cannot find it because the BIOS is located on the chip on the motherboard. Is this true? Can ESET BIOS detect viruses?

forum.eset.com

2. What is the difference between BIOS viruses and boot (UEFI-MBR-Bootkit) viruses?

nothing. For most people, the BIOS is the UEFI
long winded...

Spoiler

Up until 2009 all PC used Legacy bios.

• They didn't know what a mouse was, you had to use arrow keys on kb to navigate them.
• They weren't very modifiable, they had to be a certain size and were only 32bit.
• They only used Legacy boot method (it wasn't called legacy yet)

it uses MBR - MBR stands for Master Boot record

• MBR drives can only have 4 partitions and max drive size is 2.2tb
• Boot partition on MBR drives is always 1st partition on drive

In 2009 UEFI was released to replace Legacy bios.
UEFI stands for Unified Extensible Firmware Interface

• it uses a graphical interface that knows what a mouse is
• It can be expanded and have new features added
• It can use UEFI or Legacy boot method
• It can boot legacy drives since it was made to replace BIOS, can't not be backwards compatible.
• The boot partition can be anywhere on the pc, doesn't have to be in a specific location.

It supports GPT

GPT stands for GUID (GUID = Global Unique ID - every GPT drive on earth has its own number) Partition Table

• GPT drives can have up to 256 partitions and max drive size is a silly 18.8 million tb
• Boot partition on a GPT drive can be anywhere.

All PC before win 7 used MBR
Win 7 32bit uses MBR only
Win 7 64bit can be MBR or GPT
win 10 64 bit can also be either but it prefers GPT
Win 11 only supports GPT unless install updated from 10.

UEFI boot method can boot both MBR & GPT drives.
Legacy can only boot MBR, it doesn't know what GPT is for booting

I expect you wouldn't see many viruses aimed at legacy BIOS now. I think most target UEFI, they might just not call it that.
MBR is a legacy boot method but unless PC in question is from before 2009, the actual BIOS is a UEFI BIOS and its emulating a legacy BIOS boot method.
I assume you mean Rootkit, not sure if they care what boot method is.

 

[Justcicia]

ESET can scan the new BIOS, but can ESET's advanced threat protection also access the BIOS?



As far as I know I have UEFI BIOS but how can I be sure about that? I am using PK brand motherboard.

Also since BIOS viruses can access the whole BIOS, if this UEFI setting is done by something else, it will not be prevented from scanning that UEFI and therefore cannot perform operations without being found by ESET? @Colif

 

[DSzymborski]

BIOS viruses are very rare. The chances that you have one are astronomically tiny. You're far more likely to be struck by lightning than have one.

 

[Justcicia]

Ok but as far as I know UEFI viruses are not that rare. @DSzymborski

 

[USAFRet]

Ok but as far as I know UEFI viruses are not that rare. @DSzymborski

Any documentation on this 'not that rare'?
(preferably from someone not trying to sell us a solution for it)

 

[Justcicia]

No, but I want to evaluate every possibility and not leave my job to chance. @USAFRet

 

[USAFRet]

No, but I want to evaluate every possibility and not leave my job to chance. @USAFRet

As we all do.

But a statement like should be backed up with some evidence.

In most systems, UEFI == BIOS.
If they are 'not rare', we'd ALL like to have some evidence and solutions, so that we could ALL protect our infrastructure.

 

[Justcicia]

Ok I admit it's rare, I just want to consider all possibilities

 

[USAFRet]

Ok I admit it's rare, I just want to consider all possibilities

1. Good computing practices.
2. AV at the corporate firewall.
3. Software updates.
4. Channelizatiion of access. ex: the Marketing dept systems have zero access to the HR systems. Not even a little bit.
5. Comprehensive backup plan, with known, tested recovery steps.

There is no AV that is proof against ALL viruses.
Zero day things do happen.

 

[Justcicia]

I don't quite understand the translation, but I'm also asking: ESET antivirus can access and scan the BIOS or UEFI, but can ESET antivirus's advanced threat protection also access and detect BIOS or UEFI? I'm just asking this

 

[USAFRet]

I don't quite understand the translation, but I'm also asking: ESET antivirus can access and scan the BIOS or UEFI, but can ESET antivirus's advanced threat protection also access and detect BIOS or UEFI? I'm just asking this

"When ESET announced that improvements to the latest version of its endpoint protection product for consumers included a UEFI Scanner "

What is UEFI scanning and why do you need it?

www.eset.com

 

[Justcicia]

As far as I read, the link you sent does not say anything about advanced threat protection.

 

[USAFRet]

As far as I read, the link you sent does not say anything about advanced threat protection.

??

The very first sentence speaks to a "UEFI scanner"
Which what I thought you were asking about.

If I was mistaken, please elucidate.

 

[Justcicia]

You say browser, I mean advanced threat protection

 

[USAFRet]

You say browser, I mean advanced threat protection

I did not say "browser" at any time.

Your comment was the first instance of the word "browser".

 

[Justcicia]

ok anyway but i just want to get an answer to this: Can ESET's advanced Threat protection access the BIOS or UEFI and detect threats there?

 

[USAFRet]

ok anyway but i just want to get an answer to this: Can ESET's advanced Threat protection access the BIOS or UEFI and detect threats there?

Drilling down into the ESET world....

(for business)
https://www.eset.com/int/business/entry-protection-bundle/
"ESET was the first endpoint security provider to add a dedicated layer into its solution that protects the Unified Extensible Firmware Interface (UEFI). "

(for consumers)
https://www.eset.com/int/home/internet-security/#whats-inside
"UEFI Scanner"
"Protects from threats that attack your computer on a deeper level, even before Windows starts - on systems with the UEFI system interface. "


If you are considering paying them for some product, you really need to be doing this research yourself.

 

[Justcicia]

So advanced threat protection can also twspit viruses in UEFI or BIOS?

 

[USAFRet]

So advanced threat protection can also twspit viruses in UEFI or BIOS?

Supposedly, yes.

Of course, companies trying to sell you something often say a lot of stuff that isn't quite realistic.

 

[Justcicia]

I mean, it can't be accessed, but is it showing as it can?

 

[USAFRet]

I mean, it can't be accessed, but is it showing as it can?

What do you mean by "can't be accessed"?

The marketing text from ESET says they can scan it.
If they can scan it, apparently they can access it.

 

[Justcicia]

That's how I understood it when you said "supposedly he can reach it". Now advanced threat protection can definitely access and detect BIOS or UEFI right?

 

[USAFRet]

That's how I understood it when you said "supposedly he can reach it". Now advanced threat protection can definitely access and detect BIOS or UEFI right?

I am not part of the ESET software or management team, so I cannot and will not state "definitely ".

They say it does.

 

[Justcicia]

OK thanks

At first, they said that if you have UEFI, you can access it.

Well, Since BIOS viruses can access the entire BIOS, if the BIOS virus pulls the setting that makes the system UEFI from UEFI to legacy, won't ESET be able to access it because there is no UEFI anymore and therefore will not be able to operate without being found by ESET?