Prevent uploading files

Discussion in 'Returnil releases' started by tuatara, Oct 10, 2011.

Thread Status:
Not open for further replies.
  1. tuatara
    Offline

    tuatara Registered Member

    Of course i understand that it is handy to have suspicious or unknown files uploaded to analyse them with the AV.

    But whatever i select on the three relevant options, send,ask,never,
    Even disable the AV.
    It keeps uploading files and reporting a checkbox list with their progress ?!
    With all kinds of files i don't want to have uploaded!!!!
    The line under these checkboxes is hyper confusing, because it can mean several things.
    So,

    is it possible to use the last Pro version, without taking the risk of uploading files? Or do i need to make rules for it to block it in a firewall ?

    Thanks,

    Btw i am happy it ran on a test system
  2. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    First, there is no risk and it is even helpful to all users as the information is analyzed to update the black and white lists for all users. This information is only related to the suspicious or unknown files/behavior and nothing private/sensitive is ever sent or even required.

    As for turning this off however, simply change the Virus Guard > Settings > Data collection policy to "never" and you should be good to go.
  3. tuatara
    Offline

    tuatara Registered Member

    Hi Coldmoon,

    Just as i said, i understand the need for uploading samples.
    However instead of uploading the suspicious part of a file it is uploading complete files, for example lots of files of VMware (fresh install).
    This must be easy to reproduce.
    And i already had set it to Never.
    Is it possible that this setting is only activated after a reboot?
    There are a lot of companies that have a policy that no files may be uploaded.

    Anyway i will reinstall , and check if i am able to change it to never before files are uploaded.
  4. tuatara
    Offline

    tuatara Registered Member

    And about:" nothing private/sensitive is ever sent or even required."

    You were wrong here, complete files were uploaded, these could contain confidentional software.
  5. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    It shouldn't be uploading anything VMWare as that is well known and not reproducible here on systems in the lab. Which version of VMWare?

    As for a restart, the preferences should take effect immediately once you make the change. To investigate, can you PM me your installation ID (preferences > Advanced tab) so we can check our server side comm logs to investigate the traffic?

    thanks
    Mike
  6. tuatara
    Offline

    tuatara Registered Member

    Hi Coldmoon,

    First of all let me set things straight, i could NOT reproduce this problem.

    So, i am very happy with that, but lets explain in detail what i have done.

    When the above happened a few days ago, i did this:
    FEW DAYS AGO:
    1) reinstall a clean Windows with VMware and VNC (and their updates) from a image.
    2) installed Returnil RSS the latest version.
    3) and 'Do not collect' and are you certain? -> yes
    4) Rebooted the system
    5) Started scanning
    6) then i got the spreadsheet alike matrix with files and their upload progress
    And checkboxes
    So i decided to remove RSS

    TODAY:
    I follewed the same steps, (same image, same RSS installer) and making screenshots of every step i took.
    And ...... Nothing NOT 1 FILE UPLOADED!!

    So, i was beginning to doubt if i perhaps had made the wrong selection a few
    days ago regarding the upload of files.
    So i reinstalled the image, started the installer and
    So i set it to UPLOAD.
    And again .. Nothing !! No file was uploaded.?

    Hmm, Perhaps i had set it to ASK ME?
    Thus, reinstall the image, start the installer and set it to ASK ME
    Now i was convinced to see the files and their checkboxes...
    But again NOTHING !!!

    So, now i don't know what has happened, perhaps i made a mistake in my
    selection regarding uploading files, although i am quite precise in these things.
    And perhaps It doesn't upload things now, because the checksums/MD5's are known now?

    But anyhow, since i can not reproduce the problem, and it is working correctly now, this case for me is closed.

    POST READERS: i probably was too fast and made the wrong selection.

    But one last thing i like to know is, sadly i haven't got a screenshot of these,
    is: When will the list with files , checkboxes and transfer progress appear ?
    Last edited: Oct 12, 2011
  7. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    The upload queue will not show a progress bar, it will simply work in the background at low priority with items sent taken off the list as soon as the upload is completed. As the bandwidth is set by default at the lowest dialup speed by default, the user should have ample time to see the list.

    If you change the default option to not use your preferences for the upload, you would be asked to upload, but would not see a progress bar as described above because at 33.6 kbps, it may take a while to upload anything in the list and a progress bar would be distracting to most users.

    As for the non-reproduction, PM me your Installation ID regardless and we can check the server logs to so what (if anything) was uploaded and let you know.

    Mike
  8. tuatara
    Offline

    tuatara Registered Member

    The progress was visable not as a progress bar, but as a table in a spreadsheet
    For every file there was the file size and the file size size of the part that was uploaded
    A bit like this:

    [ checkbox] File-abc 1.75 MB 2.25 MB
    [ checkbox] File-def 3.25 MB 4.25 MB
    Etc.

    And a very unclear line with a cryptic question regarding my permission
    To upload these files.

    What was that about?

    Thanks that you are willing to investigate if private files were sent,
    but i know that i have prevented that in time.
    There were some vmware software files sent and some others were in progress.
    Last edited: Oct 12, 2011
  9. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Apologies - This option is checked by default and relates to your setting for the data collection policy. If you uncheck this, it would supersede your DCP setting.

    If you change the DPC to ask, you would have to authorize the sending of the data manually. Set to do not, it should not send any information.
Thread Status:
Not open for further replies.