Question Can Advanced Threat Protection of Antiviruses Access BIOS?

[Justcicia]

Hello.

1. Can ESET Premium Security's Advanced Threat Protection find viruses in BIOS or boot partitions?


2. What is the difference between BIOS viruses and boot (UEFI-MBR-Bootkit) viruses?

Note: I'm trying to get the most accurate information about this subject. Therefore, I would be grateful if knowledgeable and expert people on these issues would also give answers.

 

[USAFRet]

Can you help me? @USAFRet

Not sure what more "help" you need with this.

 

[Justcicia]

I just want to know whether this event is possible or not, if not, why is it not possible?

If you don't remember, my question is:

Since BIOS viruses can access the entire BIOS, if the BIOS virus pulls the setting that makes the system UEFI from UEFI to legacy, won't ESET be able to access it because there is no UEFI anymore, and therefore will not be able to operate without being found by ESET? @USAFRet

 

[USAFRet]

I just want to know whether this event is possible or not, if not, why is it not possible?

If you don't remember, my question is:

Since BIOS viruses can access the entire BIOS, if the BIOS virus pulls the setting that makes the system UEFI from UEFI to legacy, won't ESET be able to access it because there is no UEFI anymore, and therefore will not be able to operate without being found by ESET? @USAFRet

In theory, a "BIOS virus" can access the BIOS.
Be it Legacy, UEFI, whatever.

In theory.

Also, in theory, an AV tool that can scan the BIOS for a virus can ....scan it.


In practice, NO tool is 100% proof against all attacks.

When was the last time you personally had a "BIOS virus", and how did it happen?
Further, do you personally know anyone who had a system attacked like that?

 

[Justcicia]

I haven't lived, but I may be alive. I've had a lot of play, like adding 101 songs that aren't even in my language even though my spotify playlist is private @USAFRet

 

[Colif]

if you haven't had one yourself, then you may never get one, and be wasting time now worrying about it.
We can't guarantee you won't get one.
Not sure what more you want.

 

[Justcicia]

I just want to know:

1. It can access and scan all BIOS-related places (boot, UEFI, bootkit whatever you can think of), but does this apply to advanced threat protection as well, so ESET's advanced threat protection can also scan to places ESET can scan (boot, UEFI, bootkit, BIOS whatever comes to mind) and find threats there?


2. You said that ESET can scan for BIOS viruses when there is UEFI, but since BIOS viruses can access the entire BIOS, if the BIOS virus pulls the setting that makes the system UEFI from UEFI to legacy, ESET cannot access it because it is no longer UEFI, and therefore ESET cannot access it. Is there no possibility to trade without being found?



I just want answers to these two questions from you. I probably won't ask any more questions after that. @Colif

 

[Colif]

Question 1: Ask ESET, we don't work for them.

ESET Security Forum

forum.eset.com

Question 2: The UEFI is the BIOS.
there is not a UEFI & Legacy BIOS choice. Its the same thing.

The UEFI can emulate a legacy bios for any operating system that needs to use MBR - it has modules that run and act like legacy bios but they are running in the UEFI.

So a Virus cannot turn it into a legacy bios. There is nothing there apart from UEFI.

Any Virus that only works on Legacy bios won't work on UEFI bios. It won't find what its looking for.

ESET can probably scan the UEFI regardless of boot method. Its still a UEFI BIOS regardless of boot method.

 

[Justcicia]

Understood thanks.


So this boot mode shown in white doesn't make it UEFI or Legacy does it?

Is there any other setting that can do this and can't this be changed except that the motherboard doesn't support UEFI?


I ask on the ESET forum but they never answer my questions and say things in other ways. @Colif

 

[Colif]

can you show screenshot of the boot mode showing in white?

what motherboard are you using?

 

[Justcicia]

can you show screenshot of the boot mode showing in white?

what motherboard are you using?

I couldn't find where to upload the photo.


As far as I know, I am using PK brand motherboard and my computer is Acer Nitro 5 an515

 

[Colif]

That has a UEFI bios, it uses one made by Insyde
laptop isn't that old.
That is all I needed to know, no laptops made in the last 10 years have a legacy BIOS.

you upload photos to an image sharing website like Imgur and show a link here.

 

[Justcicia]

That has a UEFI bios, it uses one made by Insyde
laptop isn't that old.
That is all I needed to know, no laptops made in the last 10 years have a legacy BIOS.

you upload photos to an image sharing website like Imgur and show a link here.

https://community.acer.com/en/discu...-no-bootable-device-problem-aspire-3-a3115-41 There is one photo from this site at the bottom of the question, the picture after the text "thanks you for attention". @Colif

 

[Colif]

This might answer question about what ESET scan: https://www.eset.com/afr/about/news...at-is-uefi-scanning-and-why-do-you-need-it-4/

All that menu choice does is changes the boot mode, it doesn't change the actual BIOS into legacy or UEFI.

You best leave that as it is now or PC might not boot into windows.
Legacy is for all versions of windows prior to WIn 7 64 bit
UEFI is for all the newer versions since then.

 

[Justcicia]

This might answer question about what ESET scan: https://www.eset.com/afr/about/news...at-is-uefi-scanning-and-why-do-you-need-it-4/

All that menu choice does is changes the boot mode, it doesn't change the actual BIOS into legacy or UEFI.

You best leave that as it is now or PC might not boot into windows.
Legacy is for all versions of windows prior to WIn 7 64 bit
UEFI is for all the newer versions since then.

Thanks for your answer.

So even if we make this place Legacy, will ESET be able to scan it? And are you sure about that? @Colif

 

[Colif]

Eset say all their consumer products scan it and explain why on that link.

changing that spot doesn't change the bios at all.

You not first person to think that swapping that changes the bios. People in the past have swapped that and in some cases, swapped from legacy to UEFI and wondered why it still looks the same...

 

[Justcicia]

Eset say all their consumer products scan it and explain why on that link.

changing that spot doesn't change the bios at all.

Ok thanks.

Well, there is no other setting in the BIOS for this, and in order for ESET to not scan a UEFI BIOS, the motherboard needs to be changed to a legacy motherboard, right?


How do I know if my motherboard has UEFI? And even if it's in the BIOS, can this be disabled by playing with the motherboard or in-motherboard? @Colif

 

[Colif]

Well, there is no other setting in the BIOS for this, and in order for ESET to not scan a UEFI BIOS, the motherboard needs to be changed to a legacy motherboard, right?

Yes, and I doubt parts would work on an old board. There is no way around it.

You know its a UEFI bios as it has a choice called Legacy. Before UEFI bios came out, there was only one type of bios, and it wasn't called legacy until UEFI replaced it.

I don't think its possible to play with motherboard enough to install an old bios on it. More likely to break motherboard.

 

[Justcicia]

Yes, and I doubt parts would work on an old board. There is no way around it.

You know its a UEFI bios as it has a choice called Legacy. Before UEFI bios came out, there was only one type of bios, and it wasn't called legacy until UEFI replaced it.

I don't think its possible to play with motherboard enough to install an old bios on it. More likely to break motherboard.

What do you mean by breaking the motherboard?



Also, how can I tell if this BIOS-UEFI-MBR-Bootkit and boot viruses block any antivirus? @Colif

 

[Colif]

You can't disable the UEFI. or replace it with a BIOS.
Messing with motherboard settings could brick motherboard - leave it in a state it won't work.

Also, how can I tell if this BIOS-UEFI-MBR-Bootkit and boot viruses block any antivirus?

I am sure there are some that do that but the trick is to not install them in first place. Its why you have an AV, to stop being infected.
Honestly, install ESET on PC and assume its not infested now.
You can only be so cautious... Or just never use the thing and read a book... I can't guarantee its fine now but really good chance it is okay.

 

[Justcicia]

You can't disable the UEFI. or replace it with a BIOS.
Messing with motherboard settings could brick motherboard - leave it in a state it won't work.


I am sure there are some that do that but the trick is to not install them in first place. Its why you have an AV, to stop being infected.
Honestly, install ESET on PC and assume its not infested now.
You can only be so cautious... Or just never use the thing and read a book... I can't guarantee its fine now but really good chance it is okay.

Understood thanks.

I couldn't understand "or change a BIOS" because of the translation but?


But can't I notice it's blocked? @Colif

 

[DSzymborski]

What do you mean by breaking the motherboard?

Most likely bricking it permanently.

Also, how can I tell if this BIOS-UEFI-MBR-Bootkit and boot viruses block any antivirus? @Colif

The same way you can tell if you've been kidnapped, brainwashed, and returned to your house without a memory of the events: you don't, but it's so unlikely that it's not worth even thinking about unless you face an extremely unusual set of circumstances.

 

[Colif]

I expect when you install ESET it scans the BIOS and if it were blocked at any stage after that, it would probably send a warning saying as such.
I feel if a virus gets into the BIOS without ESET being aware, its probably too late to worry about that fact as its probably infected more than just bios... windows as well.

 

[Justcicia]

Most likely bricking it permanently.



The same way you can tell if you've been kidnapped, brainwashed, and returned to your house without a memory of the events: you don't, but it's so unlikely that it's not worth even thinking about unless you face an extremely unusual set of circumstances.

Can't it be replaced if it's permanently bricked?




I didn't quite understand your second answer because of the translation, but? @DSzymborski

 

[Justcicia]

I expect when you install ESET it scans the BIOS and if it were blocked at any stage after that, it would probably send a warning saying as such.
I feel if a virus gets into the BIOS without ESET being aware, its probably too late to worry about that fact as its probably infected more than just bios... windows as well.

ESET was not installed when I thought it was infected

 

[Colif]

Whenever you install it, it will check the UEFI is clean or will clean it before going any further.