Geswall Question

[trjam]

I have been wanting to ask this. Say you are using Geswall and visit some malware sites. The malware is on your PC but is encased in Geswall. I have 2 questions actually.

Say you suspend Geswall for a moment, what happens to the malware, is it let go?

And it is on your PC for how long. A reboot does not get rid of it like a program like ShadowDefender, nor does it roll those files back like Defensewall after a period of time.

It is there, waiting for what? I mean in the end, I could have a PC that is full of malware but cant do anything.

[dell boy]

its on your computer but isnt allowed access to your files, note why you see every now and then "C:/program/so and so REDIRECTED access" which means it was trying to access your files but geswall stopped it.
when you see lots of other things like stopping access to critical files the box will get redder, then you needa terminate it. watch mrizos review, he tests malware with it..

[trjam]

what I saw my friend dellboy, was a file he let run, and then went looking for remnants in task manager. He also looked elsewhere. Personally Matt does a good job, but not great. My point again is, what happens if you disable Geswall protection to download a file and other malware is already on your PC protected.

[Henk1956]

1. Say you suspend Geswall for a moment, what happens to the malware, is it let go?
If malware has been downloaded by an isolated application, it will be labeled as untrusted and run isolated. When running isolated, Geswall will prevent the malware from changing the registry and certain system files. This should prevent the malware to add itself to an autostart location, meaning that it will be present but dormant.
Of course, if you suspend or remove Geswall and deliberately start the malware yourself it will run unrestricted.

2. And it is on your PC for how long?
It will be there forever (unless see 3).

3. It is there, waiting for what?
For you to delete it manually or for an antivirus/antimalware doing this for you. In general Geswall is intended to be used together with an antivirus/antimalware application. Geswall will be protecting the system against zero-day exploits (by isolating them) until your antivirus/antimalware is updated and able to remove them. Alternatively, if your knowledgeable enough, you can take notice of the attack notifications provided by Geswall and take appropriate action yourself.

[trjam]

Quote:

Originally Posted by Henk1956

1. Say you suspend Geswall for a moment, what happens to the malware, is it let go?
If malware has been downloaded by an isolated application, it will be labeled as untrusted and run isolated. When running isolated, Geswall will prevent the malware from changing the registry and certain system files. This should prevent the malware to add itself to an autostart location, meaning that it will be present but dormant.
Of course, if you suspend or remove Geswall and deliberately start the malware yourself it will run unrestricted.

2. And it is on your PC for how long?
It will be there forever (unless see 3).

3. It is there, waiting for what?
For you to delete it manually or for an antivirus/antimalware doing this for you. In general Geswall is intended to be used together with an antivirus/antimalware application. Geswall will be protecting the system against zero-day exploits (by isolating them) until your antivirus/antimalware is updated and able to remove them. Alternatively, if your knowledgeable enough, you can take notice of the attack notifications provided by Geswall and take appropriate action yourself.

thank you sir. This one post answers more questions then 15 different threads. I thank you.

[Greg S]

Quote:

Originally Posted by trjam

..was a file he let run, and then went looking for remnants in task manager. He also looked elsewhere. Personally Matt does a good job, but not great..

I've watched and re-watched his video and am left still not fully understanding. When he terminated the bad app, did it delete everything except the desktop shortcuts which he deleted manually? I guess I'm not understanding because as you say, he looked elsewhere and didn't find anything but the desktop shortcut. Is the bad installation and crap in his temp internet file cache waiting for deletion?

[dell boy]

no it didnt have any installation files because it cant install anything, its just a running process and a desktop shortcut, its hard to get your head round i know.