Hello all

Total newbie to TDS-3, but loving it already :)

Just a quick question.

I have TDS-3 to startup with Windows and then to minimise to the System Tray.

Does this mean that TDS-3 can intercept a trojan, etc if its trying to download on my system or if it tries to execute thru a malicious attachment that is being opened?

Or does TDS-3 only finds Trojans, etc when I do a system scan? (ie after the trojan has downloaded, executed, etc)?

Thanks very much and keep up the great work :)

Infra-Greg

In the registered version of TDS you have Execution Protection, which scans a file before it's allowed to execute.
Dolf

Cool.

I had a trojan the other day...Byteverify that seemed to have installed and made itself at home. Some hacker from Denmark (checked my ftp stats) seems to have been responsible and consequently changed my first page of my website.

I ran a virus check and voila, up it came. Norton deleted it, etc and that seems to be the end of it.

Next step? I researched all the Anti-trojan programs and concluded TDS-3 was the best :)

So I bought it ;D

All seems good. Hopefully no more idiots hacking and cracking my computer.

Thanks for the prompt reply :)

I-G

Hi Infra-Greg and welcome!
TDS is for trojans and worms in the first place and a growing lot of other threaths except viruses.
So for a total protection you need a good antivirus besides a good firewall.
In TDS Network are several real nice functions and make sure you also grab the scripts pack for the registered version in which are very nice examples to do very nice things.
You will love to see realtime all your connections -including possible illegal ones and the software used for it on your system as well as datapackets transferred if you use Port Explorer.

I need more explanation about the execution protection.
I never use it, but, after to have evaluated my current security, even with having SSM i can allow something that shouldn't be allowed, and then TDS-3 execution protection sounds good :)

I have read the help which doesn't say a lot about it.
I have installed execution protection with TDS menu, it said me that it was installed successfully, but how can i see it ? how it works ?
The help file could mean that it's a kernel driver but i don't know exactly.
In addition, TDS3 executable should it be running for the protection working or not ? I didn't found any information about it, i can't even find where to set up this execution protection, i have read somewhere that there are (i hope!) an exclusion list but... help me pls :)

Hi, the exec protection is a sleeping giant: in this meaning it is all in the background and you won't see it working, as it only jumps up in case of malicious code is detected before it could execute.
There were quite some discussion threads here were it is mentioned.

i didn't found any thread with information i wanted, like the fact if TDS3 need to be running in order the protection works, i will search again.

thx you :)

i found that TDS needs to be running, but not very much other information.

I have seen thanks to SSM that every executable tries to launch the exec protection executable from TDS however, so i have noticed it Jooske ;)

Hm, i feel better with such protection enabled, until now i have used many TDS tools and plugins as well as of course customized on demand scanner, but the exec protection offer another layer of security :)

-{ Quote: " quoting: gkweb link=board=5;threadid=19069;start=0#msg117369 date=1073507901]
i found that TDS needs to be running, but not very much other information." }-

A tip: click the search button on top of the board > disable all > enable TDS (forum) > fill in exec ;)

Hi GK, When TDS does it's initial scans on start up and then you scroll up through the start up text you will see that EP is installed. ;D
EP only works whilst TDS3 is running or minimised.

19:56:42 [Init] • Exec Protection : OK. Installed

Form the search on exec in the TDS forum make sure you set at least 800 days and at least 100 finds as with the standard 50 the messages didn't show up yet.
Also in the home DCS forum it was mentioned and explained several times. In the Private TDS forum FanJ posted very interesting info about that exact subject.
The same info must be here somewhere, didn't find it that soon.

thx you all !

@Pilli
i didn't see that... :-[

@Jooske
yes, the number of days back by default is 60, with 360 i have a lot more results ;)

Ok now, i 'm a happy TDS exec protection user ;D

GK, here (http://www.wilderssecurity.com/showthread.php?t=19091#msg117348) you see a screenshot where in the upper half the line with telling exec protection installed.
Suppose you have it now?

yes indeed Jooske, all is right now :)

I tried with a "leaktest" which i know is seen as a potentially web downloader by TDS (but isn't harmfull in fact), and i wasn't able to launch it.
That point lead me to 2 questions :

First, i didn't have any popup, is this normal ? (it was however written in the TDS window log).
Second, is there any way to put this file in an exclude list ?

I have also noticed that on my XP at startup, TDS was both minimized on the systray and on the taskbar, blinking, whereas i set it up to only minimize to the systray. Is this normal too ?

From the TDS main screen click on "Configuration". On the "Startup" tab, right-hand side, check to see whether you have "Startup State" set to "Minimized" Or "Normal" ("Minimized" is what you're seeing if it's flashing in the Taskbar).

If you want to watch it do its' startup stuff, click the radio button for "Normal" (that's how I have mine set), then click "Save". HTH Pete

I notice also at times no warning popup and only a blockage message. Maybe because i tried to hammer the system tight for popups.
If we want a file excluded we must be sure the file is OK and it serves to submit it to Gavin to make sure and he can decide to exclude it from detection in the database if the file is really clean. submit@diamondcs.com.au

We can exclude areas from being scanned in the scan console, not sure if that would effect the exec protection too. If you need the file it serves to test if that works for you.

The TDS icon will be in both systray and tray/taskbar as long as the console is maximized, but will only remain in the systray when minimized if you configured it that way.

Even with the directory in scan exclusion i can't launch this executable.
About popup i have never had one even after trying some times, me too i disabled most windows services to avoid annoying popup, may be it's related.

And yes i'm sure the file is 100% OK, leaktests are legits tests to check your firewall strenght, and it would annoy me to send each file TDS falsely identify to Gavin, but i will do it this time, i have few leaktests falsely identifiy as well as another program.
Unfortunaly there is no way to add exclusion list for exec protection which should be the easiest way !
The exec protection could use the scan exclusion list but seems to not.

I am sending you a mail Gavin :)

EDIT : mail sent :

copycat.exe
leaktest1.1.exe
leaktest1.2.exe
smartupdate.exe

The last one is the updater of my coding environement "purebasic".
All are identied as potentially web downloader.