Our unique, multilayered approach to security
A single layer of defence is not enough in today’s constantly evolving threat landscape. ESET employs a multitude of proprietary, layered technologies, working together as ESET LiveSense, that go far beyond the capabilities of basic antivirus. We also use advanced machine learning, which ESET pioneered to combat emerging threats. And we were among the earliest adopters of cloud technology, which powers our ESET LiveGrid® global reputation system to constantly update threat intelligence. Advances like these are the work of ESET’s team of dedicated people, who have been researching malware and innovating technology for more than three decades.
The ESET approach
ESET LiveSense technology, combined with our machine learning expertise, cloud reputation system, and our people, together power the world’s most formidable cyber threat prevention, detection and response platform.
Our global research labs drive the development of ESET's unique technology
ESET uses multi-layered technologies that go far beyond the capabilities of basic antivirus. The figure below shows various core ESET technologies and an approximation of when and how they can detect and/or block a threat during its lifecycle in the system.
UEFI Scanner
ESET was the first endpoint security provider to add a dedicated layer into its solution that protects the Unified Extensible Firmware Interface (UEFI). ESET UEFI Scanner checks and enforces the security of the pre-boot environment so that it is compliant with the UEFI specification. It is designed to detect malicious components in the firmware and report them to the user.
Show more
UEFI is a standardized specification of the software interface between a device’s operating system and its firmware, replacing Basic Input/Output System (BIOS) used in computers since the mid-1970s. Thanks to its well-documented layout, UEFI is easier to analyze and parse, thus allowing developers to build extensions for the firmware. However, this opens the door also for malware developers and attackers who can infect the UEFI with their malicious modules.
DNA Detections
Detection types range from very specific hashes to ESET DNA Detections - which are complex characteristics of malicious behaviour and malware. While malicious code can be easily modified or obfuscated by attackers, the behaviour of objects cannot be changed so easily, and ESET DNA Detections are designed to take advantage of this principle.
Show more
We perform deep analysis of the code, extract “genes” responsible for its behaviour, and construct ESET DNA Detections - used to assess potentially suspect code, whether found on the disk or in the running process memory. DNA Detections can identify specific known malware samples, new variants of a known malware family or even previously unseen or unknown malware that contains genes that indicate malicious behaviour.
Advanced Machine Learning
ESET products utilise two different forms of Advanced Machine Learning – a high-powered detection engine in the cloud and a lightweight version on the endpoint. Both employ a handpicked array of classification algorithms, deep learning and boosted trees that ensure rapid and accurate analysis necessary to stop emerging threats.
Show more
Advanced Machine Learning utilises outputs of both static and dynamic analysis to offer the best detection rates and the lowest possible false positive rates. It is also fine-tuned to coordinate with ESET’s other technologies, such as behavioural analysis, DNA detections, sandboxing and advanced memory scanning.
Cloud Malware Protection System
The ESET Cloud Malware Protection System is one of several technologies based on ESET’s LiveGrid® cloud system. Unknown, potentially malicious applications and other possible threats are monitored and submitted to the ESET cloud via the ESET LiveGrid® Feedback System.
Show more
The samples collected are subjected to automatic sandboxing and behavioural analysis, which results in the creation of automated detections if malicious characteristics are confirmed. ESET clients learn about these automated detections via the ESET LiveGrid® Reputation System without the need to wait for the next detection engine update.
Reputation & Cache
When inspecting a file or URL, before any scanning takes place, our products check the local cache for known malicious or allow listed benign objects. This improves scanning performance.
Afterwards, our ESET LiveGrid® Reputation System is queried for the object’s reputation (i.e. whether the object has already been seen elsewhere and classified as malicious). This improves scanning efficiency and enables faster sharing of malware intelligence with our customers.
Show more
Applying URL blacklists and checking reputation prevents users from accessing sites with malicious content and/or phishing sites.
Behavioural Detection and Blocking - HIPS
ESET Host-based Intrusion Prevention System (HIPS) uses a predefined set of rules to look for suspicious activities and to monitor and scan behavioural events such as running processes, files and registry keys. When identified, HIPS reports the offending item and requests deeper inspection using other ESET technology layers if further analysis is necessary.
Show more
Deep Behavioral Inspection (DBI) is one of HIPS’ built-in modules that enables deeper and more granular user-mode monitoring of unknown and suspicious processes. DBI was introduced in 2019 and represents an effective antidote for evasion techniques used by threat actors in the wild.
In-Product Sandbox
Today’s malware is often heavily obfuscated and tries to evade detection as much as possible. To see through this and identify the real behaviour hidden underneath the surface, we use in-product sandboxing. With the help of this technology, ESET solutions emulate different components of computer hardware and software to execute a suspicious sample in an virtualised environment.
Show more
We use binary translations to keep the in-product sandboxing lightweight and avoid slowing down the machine. We implemented this technology in our solutions in 1995 and have been improving it ever since.
Advanced Memory Scanner
Advanced Memory Scanner is a unique ESET technology which effectively addresses an important issue of modern malware – heavy use of obfuscation and/or encryption. To tackle these issues, Advanced Memory Scanner monitors the behaviour of a suspicious process and scans it once it decloaks in memory.
Show more
Advanced Memory Scanner performs a behavioural code analysis using ESET DNA Detections whenever a process makes a system call from a new executable page. Thanks to the implementation of smart caching, Advanced Memory Scanner doesn't cause any noticeable deterioration in processing speeds.
Moreover, there is a new trend in advanced malware. Some malicious code now operates "in-memory only" without needing persistent components in the file system (fileless malware) that can be detected conventionally. Only memory scanning can successfully discover such malicious attacks, and ESET is ready for this new trend with its Advanced Memory Scanner.
Ransomware Shield
ESET Ransomware Shield is an additional layer protecting users from ransomware. This technology monitors and evaluates all executed applications based on their behaviour and reputation. It is designed to detect and block processes that resemble behaviour of ransomware.
Show more
The technology is activated by default. If ESET Ransomware Shield is triggered by a suspicious action, then the user will be prompted to approve or deny a blocking action. This feature is fine-tuned to offer the highest possible level of ransomware protection together with other ESET technologies including Cloud Malware Protection System, Network Attack Protection and DNA Detections.
Network Level Protection
ESET also uses a broad line of detection technologies to identify threats attempting to penetrate victim’s environment on the network level. The list includes detection of malicious network communication, exploitation of yet unpatched vulnerabilities and brute-force attacks against a variety of protocols such as Remote Desktop Protocol, SMB and SQL.
Show more
To increase network level protection offered by ESET products our experts developed Botnet Protection. This technology has been specifically designed to identify malicious communication and processes associated with botnets – vast networks of attacker-controlled infected devices, typically used for DDoS attacks, distribution of malware and sending unsolicited emails.
Connected Home
Our Connected Home layer has been designed to reveal what is happening on users’ Wi-Fi networks and get the most out of their connected devices and smart home setups. It also helps users identify vulnerabilities in their home networks such as unpatched firmware flaws in their routers, open ports and weak router passwords.
Show more
Connected Home provides users with a user-friendly "sonar" view of connected devices, showing printers, routers, mobile devices, game consoles, IoT gadgets and other devices connected to their Wi-Fi networks. The provided overview includes the IP address, MAC address, name, model, and vendor of each scanned appliance.
We Live Security
Get in the know about the latest in IT security – news, analyses and views, and how-tos from our experts.
ESET Security Forum
Join in the discussion with professionals from ESET community – on a broad range of topics.
ESET Community
Join us on Facebook and stay in the loop with everything ESET – including unique fan content!