Geswall problem

[overangry]

I recently ran a test (see screens).

I seem to have passed this test, and I just have a few questions.
All of my security applications were shut down, I assume this would be expected and normal, as this test is to see if you are protected after/during the shut-down process.

Prevx was able to reactivate its process after termination

To my question; I opted for termination using the shutdown tab on the SSS GUI, now this application is being run isolated, how was it able to disable all of my security apps except for prevx.

Above all, how was this isolated application able to terminate (Geswall),it effectively self destructed

No more the option, terminate isolated applications, no more Geswall

If I had of used start/turn off computer, I would have expected this behaviour.

[overangry]

Sorry for bumping
I may not have expressed myself correctly.

Firefox was isolated, the downloaded file was isolated, and was executed isolated.
All security applications were disabled. Prevx managed to restart.

I am only asking if this should be expected behavior

Shouldn't Geswall prevent this from happening? What if malware loaded after my AV's are disabled? I know I pressed shutdown computer but I may have just as easily clicked a link to this malware.(Yes, No, Collect Prize)

I had no option to terminate this process as Geswall was disabled. I find this behavior rather odd...

Any help in understanding why this happened would be appreciated

[aigle]

GesWall passes this test.

Test simulates a system shut down just like normal; system shutdown and geswall is not supposed to intercept it. So all applications are shutdown just like all applications are shutdown on normal system shutdown. GesWall GUI disappears too but protection is there. If u run test isolated. It creates a file Eicer that is isolated. It produces an auto-start reg entery that is not created infact( virtualized). Test goes for outbound that is allowed however as geswall doesn,t stop outbound unless u make a custom rule in which case geswall will stop that also.

[overangry]

Quote:

Originally Posted by agile

GesWall passes this test.

Test simulates a system shut down just like normal; system shutdown and geswall is not supposed to intercept it. So all applications are shutdown just like all applications are shutdown on normal system shutdown. GesWall GUI disappears too but protection is there. If u run test isolated. It creates a file Eicer that is isolated. It produces an auto-start reg entery that is not created infact( virtualized). Test goes for outbound that is allowed however as geswall doesn,t stop outbound unless u make a custom rule in which case geswall will stop that also.

Thank you agile, for your detailed explanation.
What I am unable to understand is that this application was isolated, Geswall had no way of knowing it was a test, as such I assumed my system would be safe and that any application I run isolated would not be able to do what this application did.

Other tests when run isolated, failed to start as I expected.

How did it access the required resources(running isolated) to do this?

[aigle]

I don,t know technical details. Test is a pass as I explained. U need to understand the test first, then it will be clear to u. It,s not just a system shutdown test.

[overangry]

Quote:

Originally Posted by aigle

I don,t know technical details. Test is a pass as I explained. U need to understand the test first, then it will be clear to u. It,s not just a system shutdown test.

Thank you aigle, I realise the nature of this test what it is meant to simulate and that geswall passed this test.
I just can't comprehend how it does this isolated.

Thanks all the same aigle, I'll post on the geswall forum and see if I can get some help understanding this.

[aigle]

U run the test. Reboot ur PC and then see the eicer file, u will find it isolated. See GW log, autorun reg entery was virtualized. That must be OK for u.

U can make a custom rule for network and can see that net acces will be blocked.