Geswall Question

Discussion in 'other anti-malware software' started by trjam, Aug 3, 2009.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I have been wanting to ask this. Say you are using Geswall and visit some malware sites. The malware is on your PC but is encased in Geswall. I have 2 questions actually.

    Say you suspend Geswall for a moment, what happens to the malware, is it let go?

    And it is on your PC for how long. A reboot does not get rid of it like a program like ShadowDefender, nor does it roll those files back like Defensewall after a period of time.

    It is there, waiting for what? I mean in the end, I could have a PC that is full of malware but cant do anything.
     
  2. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    its on your computer but isnt allowed access to your files, note why you see every now and then "C:/program/so and so REDIRECTED access" which means it was trying to access your files but geswall stopped it.
    when you see lots of other things like stopping access to critical files the box will get redder, then you needa terminate it. watch mrizos review, he tests malware with it..
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    what I saw my friend dellboy, was a file he let run, and then went looking for remnants in task manager. He also looked elsewhere. Personally Matt does a good job, but not great. My point again is, what happens if you disable Geswall protection to download a file and other malware is already on your PC protected.
     
  4. Henk1956

    Henk1956 Registered Member

    Joined:
    Dec 3, 2007
    Posts:
    55
    1. Say you suspend Geswall for a moment, what happens to the malware, is it let go?
    If malware has been downloaded by an isolated application, it will be labeled as untrusted and run isolated. When running isolated, Geswall will prevent the malware from changing the registry and certain system files. This should prevent the malware to add itself to an autostart location, meaning that it will be present but dormant.
    Of course, if you suspend or remove Geswall and deliberately start the malware yourself it will run unrestricted.

    2. And it is on your PC for how long?
    It will be there forever (unless see 3).

    3. It is there, waiting for what?
    For you to delete it manually or for an antivirus/antimalware doing this for you. In general Geswall is intended to be used together with an antivirus/antimalware application. Geswall will be protecting the system against zero-day exploits (by isolating them) until your antivirus/antimalware is updated and able to remove them. Alternatively, if your knowledgeable enough, you can take notice of the attack notifications provided by Geswall and take appropriate action yourself.
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    thank you sir. This one post answers more questions then 15 different threads. I thank you.
     
  6. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I've watched and re-watched his video and am left still not fully understanding. When he terminated the bad app, did it delete everything except the desktop shortcuts which he deleted manually? I guess I'm not understanding because as you say, he looked elsewhere and didn't find anything but the desktop shortcut. Is the bad installation and crap in his temp internet file cache waiting for deletion?
     
  7. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    no it didnt have any installation files because it cant install anything, its just a running process and a desktop shortcut, its hard to get your head round i know.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.