Sigh....anothere exe_virus has bypassed SD v1.1.0.262

It's a logical reaction of the bad guys to write such malware. More and more users (+ companies) are using ISR.
ISR makes all their malware disappear during reboot, no matter how hard they worked on it. That must drive them crazy and I find that very amusing.
One thing they can't beat : Zero tool + Image Backup, which is usually done offline.

Like you I hope one day they create something that does protect certain areas of the disk, like MBR, etc. permanently in order to prevent low level changes.

 

Hi, folks:

Just learn that these so called build 260, 261, and 262 are merely SD's internal testing alpha versions, needing some tweaking/adjustments.

Failing to achieve some sort of protections is not unexpected.

The last available( bona fide official) version build IS 259.

Users(like myself) other than keen alpha/beta testers, do not need to be concerned.

when new build is ripe, it will roll out smoothly before you even know it.

 

Here is the GesWall log, stopping the malware form damage.

 

i think eqs has an option to monitor for low level disk changes..how well this works?any tests vs such threat families?

 

I am curious too. All HIPS like SSM, NG, CFP and PS have such filters. I expect them to work good as they had worked against KillDisk Virus etc.