Potential RegDefend Bug?

Discussion in 'Ghost Security Suite (GSS)' started by comma dor dash, May 12, 2006.

Thread Status:
Not open for further replies.
  1. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    I just performed tests with Armadillo 4.x protected malware (Optix Lite 0.4). Code splicing + copy mem II + debug-blocker was enabled.

    Incidentally, I noticed that RegDefend did not block or show an alert when the Optix server registered itself (autostart entry). That's why Regrun's alert was triggered.

    I did not investigate this issue in more detail. Therefore, I am unable to rule out that RegDefend was not correctly configured.

    But someone may want to have a look.
     
    comma dor dash, May 12, 2006
    #1
  2. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    After a reboot, RegDefend detected the creation of the autostart entry (when I started the Optix server again).

    Is it possible that RegDefend somehow "cashes" an allow-once rule until the computer is restarted?
     
    comma dor dash, May 13, 2006
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...