ESET, the developer for one of the top popular antivirus NOD32 has launched the beta version of ESET SysInspector late last year. ESET SysInspector is an application that thoroughly inspects your computer and displays gathered data in a comprehensive way. Information like installed drivers and applications, network connections or important registry entries can help you to investigate suspicious system behavior be it due to software or hardware incompatibility or malware infection. Pretty much like HijackThis but it is able to dig up more information about your computer.
After few months of testing, they’ve finally released a newer beta version which contains many fixes, changes and new features. Two major features added to the latest SysInspector beta is the detection of master boot record (MBR) infecting rootkits, such as Win32/Mebroot and anti-stealth device driver which dynamically loads at runtime to to detect rootkits and other hidden objects.
ESET Inspector is portable. There is only one executable file (SysInspector.exe) which you run and it’ll start inspecting your computer. Each time ESET SysInspector is run, it examines the system to precisely determine its configuration. This process may take several minutes, depending upon the speed of your computer and the software installed on it. When ESET SysInspector has completed cataloging the system, it displays this information in its graphical user interface.
ESET SysInspector divides various types of information into several basic sections called nodes. If available you may find additional details by expanding each node into its subnodes. To open or collapse a node just double-click the name of the node or alternatively click or next to the name of the node. As you browse through the tree structure of nodes and subnodes in the Navigation Window you may find various details for each node shown in the Description Window. If you browse through items in the Description Window additional details for each item may be displayed in the Details Window.
ESET SysInspector assigns risk levels to objects (files, processes, registry keys and so forth) using a series of heuristic rules that examine the characteristics of each object and then weight the potential for malicious activity. Based on these heuristics, objects are assigned a risk level from “1 – Fine (green)” to “9 – Risky (red).” In the left navigation pane, sections are colored based on the highest risk level of an object inside them. By adjusting the slider you can filter items by their Risk Level. If the slider is set to the utmost left (Risk Level 1) then all items are displayed. By moving the slider to the right the program filters out all items less risky than current Risk Level and display only items which are more suspicious than the displayed level. With the slider on the utmost right the program displays only known harmful items.
All items belonging in the risk range 6 to 9 can “pose” security risk. It is recommended that you scan the files that poses a security risk with an antivirus or you can upload it to VirusTotal. However, since SysInspector is in BETA, there will be some of unknown applications such as shadowservice.exe from PowerShadow or even false positives which need to be corrected. There is also no way for you to add an application to a trusted or safe zone so SysInspector will not pick it up and flag it as security risk in future.
Currently, ESET SysInspector does not have any ability to make any changes to computers. It is “read-only” in that it is designed for analysis, not malware remediation. Perhaps when it is no longer in BETA, it might have the ability to make changes.