[bug] New Rule Path Distinction

Discussion in 'ESET Smart Security v3 Beta Forum' started by Meister, May 30, 2007.

Thread Status:
Not open for further replies.
  1. Meister

    Meister Registered Member

    Apr 8, 2007
    When adding new rules manually, ESS makes a distinction between

    c:\progra~1\*etc and c:\program files\*etc

    when in reality they are the same thing which leads to the creation of multiple "same programs" on the rules list.

    ESS Beta 1a
  2. Teazle

    Teazle Registered Member

    Apr 7, 2007
    well, thecnically they will be the same if there are no other folders in C:\ that starts with "progra" and are longer then 8 letters.

    for example you might (might) have 3 dirs:

    c:\programming -> c:\progra~1
    c:\programmable -> c:\progra~2
    c:\program files -> c:\progra~3

    so, c:\progra~1 is only the same as c:\program files\ if there are no other dirs with the 6 first letters being "progra" and they aren't longer then 8 letters.

    But if there would exist no such dirs, your assumption would be correct. But that also leaves a vector of attack: if a malicious program creates that dir, it would, by your words, be treated as safe.

    I hope I made myself understood



    edit: changed a word, I no longer sound so condecending...
  3. IcePanther

    IcePanther Registered Member

    May 28, 2005
    (nearby) Paris, France

    I agree with Meister, the problem is not that the DOS names can be separate folder, but that rules for a same app are created like DOS paths when automatically created by ESS, and "long" paths when you create rules manually (browse for the exe). So, bug I think Meister mentioned, is that if there is already an application, be it in long or short path,ESS shouldn't create the other version, because the apps are in fact the same, and that makes the list messy.
Thread Status:
Not open for further replies.