New Action Pack User....

Discussion in 'Trojan Defence Suite' started by ironwalker, Jan 15, 2003.

Thread Status:
Not open for further replies.
  1. ironwalker

    ironwalker Registered Member

    Joined:
    Jan 13, 2003
    Posts:
    11
    ...with some questions.

    First hi all,im a semi experianced user of TDS-3 from dsl reports forums.
    I have a question or three,

    Does TDS-3 need to be running in tray or is it scanning in background already?

    I dont see option to "ignore" files found in scan...like my Radmin(remote administrator) folder and its dll,s in \sys32 folder.I know there clean and need TDS-3 to not list it as trojan during full scan.

    I had more but ill start with this and when i remember the others ill ask here.

    Thanx in advance
    love this proggy :cool:
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello & welcome iron walker,
    You will find Scan exclusions in System testing - scan control - You can exclude the radmin directory.
    You are correct that Radmin is safe as I had occasion to use last year & even sent it to DCS foe analysis, it was clean but as you know Radmin does haveTrojanic capabilities :D
    Hope you remember the other questions soon which we will endevour to answer ASAP

    HTH Pilli
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    It's amazing how many trojan users seem to just send the RADMIN server and use that on unsuspecting users.

    Worse is the many posts there are around about a RADMIN dropper, which is very possible (drop the files, register the service for startup, make the program run hidden). TDS will detect a lot of binders used to create such a dropper, which is a head start in this sort of detection :)

    For TDS-4, I feel it will be best to have a warning on remote adminstration tools such as RADMIN, so those that use the program legitimately wont be alarmed by a detection, rather warned with a detailed screen about the program capabilities :D
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I never like to exclude files, at least i would scan all those at a regular basis too, to avoid possible infections.
    In fact it should be possible to toggle the exclusions list on and off without losing the exclusions we added before for a next time.
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    :D Thanks Gavin,
    I used Radmin between my pc's due to a broken monitor, it was very easy to use and fast, whereas remote desktop was clunky & slow.
    I can understand TDS3 seeing it as a Trojan &, at the time, was very pleased to see TDS3 recognising it as a possible nastie!
    J
    ooske, Another entry for the TDS4 wishlist! ;)
     
  6. ironwalker

    ironwalker Registered Member

    Joined:
    Jan 13, 2003
    Posts:
    11
    Thanx all!:)


    I actually found the exclusion list option.
    I am curious as to weather or not its necessary to keep port explorer and TDS-3 minimised to tray.


    I also run script sentry but wormguard actually over rides this.Now that doesnt bother me and i will most likely keep script sentry on and active as backup.
    One thing though...wormguard doesnt have "add to allow list" or similar to stop the window alert message from popping up on "known" scripts like my vbs files for coolmon.
     
  7. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi ironwalker.

    I presume Port Explorer has to be running to check on things, not sure, as don't have it yet, or just open it to use it.

    TDS. Yes, it must be "running" otherwise Execution Protection cannot operate in "Real Time" and it would only therefore be good for scanning "after the event" so to speak.

    Have it set to minimise to Sys Tray and just forget about it, as it checks in the blink of an eye, every executable you open, therefore checks hidden ones like trojans as well if they try to execute without your knowledge.

    Wormguard on the other hand runs in the background. Just "install" the protection then close it down. WG4 I believe will minimise to SysTray if wanted, as it apparently will be able to do other things so I have read in forums [or just a teaser].

    Cheers, TAS.
     
  8. ironwalker

    ironwalker Registered Member

    Joined:
    Jan 13, 2003
    Posts:
    11
    Thanx ok i have tds-3 minimised to tray and i knew wormguard works in background.
    Port explorer,i was just wondering if it alerts me to anything had it been minimised to tray but i found the PE forum and WG forum and have been reading,im sure ill find the answers to my questions.

    Thanx :D
     
Thread Status:
Not open for further replies.