Hi,

I just installed a trial of A-squared Personal yesterday. Today, when I tried to run K-Meleon 0.9, I got two a2 Guard alerts. Anyone else run across this?

I was thinking that this is probably just a false positive, and that the behavior is normal for K-Meleon. If that's the case, then I figured that a Google search would turn up previous discussions about this. Well, I couldn't find any, so that has me wondering if the problem isn't with K-Meleon, but something else. In other words, something else is exploiting K-Meleon and that's what's triggering the alert.

Phil

I thought I would elaborate on this by posting some screenshots. Here's the first alert:

Here's the second alert, which I received after clicking the "Allow progam once" button:

IMHO, it's an FP. I am a long-time user of K-mel 0.9 as well as K-Ninja. I installed A² several months ago & got initial alerts on K-mel, same as you. After a scan of K-mel & K-Ninja with 3 different programs proved them to be clean, I simply instructed A² to exclude those programs.

A²'s Guard's IPS is aggressive, which I like. I'm pretty sure it's something K-mel does that seems *suspicious* to A² -- NOT a signature.

I like the a-squared IDS beeing aggressive, too. To avoid those "alerts" with K-Meleon (and Firefox) it should not be necessary to add them to the a-squared exclusion list. Just go to the a-squared Guard Configuration, open the General tab and in Malware-IDS mode choose "Activate intelligent false alerts reduction".

Regards,
qs

-{ Quote: "
Just go to the a-squared Guard Configuration, open the General tab and in Malware-IDS mode choose "Activate intelligent false alerts reduction".
" }-

That option does not exist in the version of A-squared Personal that I am using.

Phil

Its not a FP, its actually telling you the program attributes and letting you decide if you know/want the program to operate. Its like installing a new firewall and going though all the program access popups.

If you know K-Meleon and trust it then hit the "Always allow program" button and all will be fine.

Thanks for the replies. I should mention that I also tried that I also tried Mozilla Firefox and IE 5.5. The a2 Guard also alerted on Firefox, but not on IE. So I suspect that this is related to the server that the GRE (Gecko rendering engine) sets up. Even so, I don't like guessing when it comes to something like this, so I will probably submit the files for analysis.

Phil

The alerts suggest it is detecting suspicious network activity. LAN bypass trojans are those which connect OUT so as to establish a connection. It can't be ONLY alarming on that, and that was the second alert anyway not the first. You are right to send the file for analysis so they can look at what it does and what triggers the alert. Maybe they can make things work better and not detect this file

-{ Quote: "That option does not exist in the version of A-squared Personal that I am using." }-

Its a feature that is introduced with a-squared 1.7 which is currently flagged as beta.