Will Dormann1d ago

I wrote a thing about a thing.

Specifically, Finding Vulnerabilities with Crassus – A Case Study with ESET.

I created Crassus on a whim a few years ago, and it's interesting to see that it still can find things.

It's also interesting (disappointing) that reporting vulnerabilities to vendors is still as painful as ever.

Show threadJán Trenčanský1d ago
@wdormann Hey, thanks for the report and sorry about that response. Whoever wrote it was not being very helpful, I'll look into that. By "another product" they mean ESET Endpoint Security which has a driver that (should) enforce self-defense on the path. Without EES, EIConnector doesn't work. That however doesn't make this finding invalid, if you are somehow able to install one without the other.
Show threadWill Dormann

@j91321
Thanks.

I think at the end of the day, "Product <foo> is vulnerable, but product <bar> mitigates it", does not change the fact that "Product <foo> is vulnerable"

Specifically, in my original analysis, I installed the product with ESET Endpoint Antivirus 11.0.2044.0, and that product does not do anything to mitigate the vulnerability.

I don't know if it's an EEA vs. EES thing, or a version number thing. But either way, it is indeed possible to install ESET Inspect Connector in a way that truly is vulnerable.

Personally, I think that if ESET Inspect Connector contains a vulnerability, then that product itself should get the attention it needs to mitigate it, without relying on another product to mitigate it.

Apr 4 at 11:55amWeb