Uses of WormGuard

Discussion in 'WormGuard' started by Jooske, Apr 25, 2003.

Thread Status:
Not open for further replies.
  1. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    In the DCS forum this question was asked by a user, and we like to continue this part of the discussion here:
    http://diamondcs.com.au/forum/showthread.php?s&threadid=1481
    Patrice, what was the message of the alert and was it maybe alarming on the email for a double extension or other risks?
    Could there have been suspicious code somewhere in the HTML text? Could it be you have HTML blocked in WG?
    Several possibilities, so please be more specific so we can see what to do next.
     
  2. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Jooske!

    Right, this is perhaps the right forum for this question... Well, the alert was as you said for a double extension. For me the reason is quite simple: www.pcflank.com -> as you see this is already a double extension... :doubt:

    No, there wasn't suspicious code or something like that in the HTML text. As I already mentioned, the email and the link were from a trusted sender and a trusted site! So, I was 100% sure, that there was nothing. You certainly begin to doubt and say to yourself, that no one can be 100% sure. But yes, because I sended a mail to myself (business account - private account), as I often do.

    And to be honest with you, I deinstalled Wormguard a while ago... But I reconsider of buying and installing it, because the reasons (see Wormguard Homepage) are quite obvious! ;)

    Best regards!

    Patrice
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hmmmmmmm i would not see www.domainname.com as a double extension in fact..........
    It would be if you have an email with an attachment with the URL in it for instance.
    You can also get alarms if you block all .com extensions
    ZoneAlarm for instance has the habit to add an URL as an attachment to an email and change the URL for instance into wwwdomainnamecom or change the "com" part into something different . The attached URL would have an extension like www.domainname.com.eml and WG could tell you there is a double extension and the real name is..... etc.
    In my settings it only alarms if i click on the URL via the attachment, not if i use the one in the email itself unless it would have anything suspicious in it.
    If the attached title has something in it like "infect" one could expect alerts too, but i think this is filtered for real alerts already.

    I would not like to be a moment without WG, as it saved my system's life several times! and i really love the possibility to look into files in the safe mode so i know why it was blocked and can decide to do something with it, including running it anyway or leave it or delete it even.
     
  4. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Jooske!

    Well, as soon as my wage arrives, I will buy it. :D If the error shows up again, I know where to come! ;)

    Best regards!

    Patrice
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If you still have the email you might like to try it again and see what happens, and play around with adding or allowing some extensions.
    Would not suggest to add the .exe though, as that would make all your system unworkable :)
     
  6. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Jooske!

    Damn, I'm really stupid... :p If I would read the help more carefully I would have found this issue:

    Dual extensions issue:

    Wormguard will report you are trying to run a file with dual extensions if you click Start > Run and type a web address such as www.diamondcs.com.au. You should allow this to run of course, we recommend you simply run Internet Explorer first and enter your web address into the address bar at the top of Internet Explorer.

    Grmpf... :oops:

    Regards,

    Patrice
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks Patrick for finding it in the helpfile for others quoted here to end all confusion! :D You've been really helpful for us all, hope you'll continue more testing and trying and tell your finds and concerns! You're really into trying out new products these days, aren't you?
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Patrice, You will not regret your purchase especially with WG4 on the horizon for which you will be entitled to a free upgrade! :cool:

    Pilli
     
  9. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Jooske & Pilli!

    Yep, I have bought it! :D

    Well, I have considered to buy this product for several months now. Let's say I'm too old for trying out every product which exists... :D But DCS has a special status, everything what they bring out will be tested from me. I believe in these guys! :D

    Best regards!

    Patrice
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    So do we dedicated mods, betatesters.
     
Thread Status:
Not open for further replies.