User guide
116
To avoid attacks, we recommend that you use authentication passwords or keys.
6.2.7 ICMP attacks
The ICMP (Internet Control Message Protocol) is a popular and widely-used Internet protocol. It is used primarily by
networked computers to send various error messages.
Remote attackers attempt to exploit the weaknesses of the ICMP protocol. The ICMP protocol is designed for one-
way communication requiring no authentication. This enables remote attackers to trigger so-called DoS (Denial of
Service) attacks, or attacks which give unauthorized individuals access to incoming and outgoing packets.
Typical examples of an ICMP attack are ping flood, ICMP_ECHO flood and smurf attacks. Computers exposed to the
ICMP attack are significantly slower (this applies to all applications using the Internet) and have problems
connecting to the Internet.
6.3 ESET Technology
6.3.1 Exploit Blocker
Exploit Blocker is designed to fortify commonly exploited application types such as web browsers, PDF readers,
email clients and MS Office components. It works by monitoring the behavior of processes for suspicious activity
that might indicate an exploit.
When Exploit Blocker identifies a suspicious process, it can stop the process immediately and record data about the
threat, which is then sent to the ESET Live Grid cloud system. This data is processed by the ESET Threat Lab and used
to better protect all users from unknown threats and zero-day attacks (newly released malware for which there is
no pre-configured remedy).
6.3.2 Advanced Memory Scanner
Advanced Memory Scanner works in combination with Exploit Blocker to strengthen protection against malware
that has been designed to evade detection by antimalware products through the use of obfuscation and/or
encryption. In cases where ordinary emulation or heuristics might not detect a threat, the Advanced memory
Scanner is able to identify suspicious behavior and scan threats when they reveal themselves in system memory.
This solution is effective against even heavily obfuscated malware.
Unlike Exploit Blocker, Advanced Memory Scanner is a post-execution method, which means that there is a risk that
some malicious activity could have been performed prior to its detecting a threat; however in the case that other
detection techniques have failed, it offers an additional layer of security.
6.3.3 Vulnerability Shield
Vulnerability shield is an extension of the Personal firewall that improves the detection of known vulnerabilities
on the network level. By implementing detections for common vulnerabilities in widely used protocols such as
SMB, RPC and RDP, it constitutes another important layer of protection against spreading malware, network-
conducted attacks and exploitations of vulnerabilities for which a patch has yet not been released or deployed.
6.3.4 ESET Live Grid
Built on ThreatSense.Net® advanced early warning system, ESET Live Grid utilizes data that ESET users have
submitted worldwide and sends it to the ESET Virus Lab. By providing suspicious samples and metadata from the
wild, ESET Live Grid enables us to react immediately to needs of our customers and keep ESET responsive to the
latest threats. ESET malware researchers use the information to build an accurate snapshot of the nature and scope
of global threats, which helps us focus on the right targets. ESET Live Grid data plays an important role in setting
priorities in our automated processing.
Additionally, it implements a reputation system that helps to improve the overall efficiency of our anti-malware
solutions. When an executable file or archive is being inspected on a user’s system, its hash tag is first compared
against a database of white- and blacklisted items. If it is found on the whitelist, the inspected file is considered