User guide
Table Of Contents
- ESET NOD32 Antivirus 6
- Installation
- Beginner's guide
- Work with ESET NOD32 Antivirus
- Computer
- Web and email
- Updating the program
- Tools
- User interface
- Advanced user
- Glossary
78
What is Anti-Stealth technology ?
Anti-Stealth technology provides effective rootkit detection.
If the system is attacked by malicious code that behaves as a rootkit, the user may be exposed to data loss or theft.
Without a special anti-rootkit tool, it is almost impossible to detect rootkits.
Why are there sometimes files marked as "Signed by MS", having a different "Company Name" entry at the same
time ?
When trying to identify the digital signature of an executable, ESET SysInspector first checks for a digital signature
embedded in the file. If a digital signature is found, the file will be validated using that information. If a digital signature
is not found, the ESI starts looking for the corresponding CAT file (Security Catalog - %systemroot%\system32\catroot)
that contains information about the executable file processed. If the relevant CAT file is found, the digital signature of
that CAT file will be applied in the validation process of the executable.
This is why there are sometimes files marked as "Signed by MS", but having a different "CompanyName" entry.
Example:
Windows 2000 includes the HyperTerminal application located in C:\Program Files\Windows NT. The main application
executable file is not digitally signed, but ESET SysInspector marks it as a file signed by Microsoft. The reason for this is a
reference in C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\sp4.cat pointing to C:\Program
Files\Windows NT\hypertrm.exe (the main executable of the HyperTerminal application) and sp4.cat is digitally signed by
Microsoft.
5.6.6 ESET SysInspector as part of ESET NOD32 Antivirus
To open the ESET SysInspector section in ESET NOD32 Antivirus, click Tools > ESET SysInspector. The management
system in the ESET SysInspector window is similar to that of computer scan logs, or scheduled tasks. All operations
with system snapshots – create, view, compare, remove and export – are accessible within one or two clicks.
The ESET SysInspector window contains basic information about the created snapshots such as create time, a short
comment, name of the user that created the snapshot and snapshot status.
To compare, create, or delete snapshots, use the corresponding buttons located below the list of snapshots in the ESET
SysInspector window. Those options are also available from the context menu. To view the selected system snapshot,
select Show from the context menu. To export the selected snapshot to a file, right-click it and select Export....
Below is a detailed description of the available options:
Compare – Allows you to compare two existing logs. It is suitable if you want to track changes between the current
log and an older log. For this option to take effect, you must select two snapshots to be compared.
Create... – Creates a new record. Before that, you must enter a short comment about the record. To find out the
snapshot creation progress (of the currently generated snapshot), see the Status column. All completed snapshots
are marked by the Created status.
Delete/Delete all – Removes entries from the list.
Export... – Saves the selected entry in an XML file (also in a zipped version).
5.7 ESET SysRescue
ESET SysRescue is a utility which enables you to create a bootable disk containing one of the ESET Security solutions - it
can be ESET NOD32 Antivirus, ESET Smart Security or even some of the server-oriented products. The main advantage
of ESET SysRescue is the fact that the ESET Security solution runs independent of the host operating system, while it
has a direct access to the disk and the entire file system. This makes it possible to remove infiltrations which normally
could not be deleted, e.g., when the operating system is running, etc.