[KB7765] Does ESET protect me from the SolarWinds supply-chain attack?



Click to expand

On December 13th, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) announced the active exploitation of versions of SolarWinds Orion between March and June of 2020. SolarWinds published a Security Advisory announcing that malicious code, known as MSIL/SunBurst.A, had compromised its SolarWinds Orion Platform. 

Within a single day of CISA’s announcement, ESET added software that detects and blocks all known variants of this exploit. We also advised managed service providers and other channel partners so they could take the proper steps to protect their customers. On December 16th, 2020, ESET published a product support page informing our customers that ESET protects against the SolarWinds exploit code, known as MSIL/SunBurst.A


To maximize your protection, we recommend the following steps:

Apply hotfixes as soon as possible

As noted above, ESET products protect against all known variants of MSIL/SunBurst.A. However, we also recommend following the guidance from SolarWinds, CISA and others, which is to disconnect the affected products until you apply the hotfixes from SolarWinds that remove the vulnerability.

Keep ESET products updated

Keep ESET LiveGrid® enabled

In almost all cases, your ESET product with ESET LiveGrid enabled will respond faster to new threats than to module updates.

Learn more about ESET LiveGrid and make sure it is enabled in your ESET product.

Minimize the risk of malware attack

What can I do to minimize the risk of a malware attack?

  • Regularly back up your important data 
  • Do not change the default settings of your ESET products (unless instructed to do so by Technical Support)
  • Download and install the latest security patches for your OS and your applications

To see a list of all ESET security articles related to supply chain attacks, see supply-chain attack