Wormguard and Proxomitron

Discussion in 'WormGuard' started by octogen, Jul 19, 2002.

Thread Status:
Not open for further replies.
  1. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    I have Wormguard running in the background and have had no problems except one peculiarity: Everytime I open the Proxomitron help file, Wormguard kicks in with a warning. What gives? Has anyone else experienced this?
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Octogen,
    can you tell which warning it is giving?
     
  3. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    Hi, Jooske. Thanks for the reply.
    A window pops up saying:
    "For security reasons, this program is temporarily blocked from executing."
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Octogen, did you go into the admin utility of wormguard and allow more options when a suspicious file is found?
    As WG always tells if it is highly dangerous or suspicious due to reasons mentioned in it's first lines.
    Can imagine virus, infect, such words in the text.
    After that you have options to look inside in the safe mode and decide to run it anyway or not.
    I don't like to exclude helpfiles from scanning as there are some worms or viruses which love to infect especially helpfiles. Deep scanning could tell you if there is something the matter with this helpfile. What makes it suspicious, your system will contain hundreds of helpfiles with programs, so if WG is only alarming on this specific one, and even stopped from running i would certainly look much deeper into that.
    Please keep us informed how it's going with all settings enabled.
     
  5. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    Thanks, Jooske. Your information is very useful as usual. Sorry it took a while to respond. I will try your suggestions once I get back to my computer. :)
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Mwahh.. i've a few thousands of support emails from the developers and other operators, two whole support forums, several helpfiles and a more or less good memory, even though the exact names of the helpfile infectors slip my mind this moment so lot of possibilities to dig for ideas.

    Hope the ideas are not just useful but also help(file)ful for you, please keep us informed once you tried!
     
  7. Gnostic

    Gnostic Registered Member

    Joined:
    Apr 17, 2002
    Posts:
    108
    Location:
    South Carolina, USA
    I had this same thing happen to me yesterday (twice). I let the helpfiles run. Later, I ran a/v and a/t and came up clean. I don't know enough to say why this is happening.
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I'm sure in teh upper part of the message screen it says something more. Like "medium" or "high" alert, or suspicious, or "a line telling it contains "infection" or "virus" or "write" or "install" something like that.
    When you look in the safe mode, do you recognize anything?
    Did you in WG allow all possible options from looking and running and all that?
    Any ideas if the helpfile is recently renewed?
    What does TDS say of it when scanning the file?
    Please try to remember or copy the first few lines of the warning message as also DCS lab will need such messages.
    Is the file very big?

    IO ask this as i never use proxo, although i ever unzipped it and at opening the helpfile (which is then also rather old) via windows explorer i don't get any warnings at all. So there might have slipped in something either in the helpfile or proxo seems to be doing something which WG doesn't really trust.
    but with all your options in WG on, and if you try via explorer, do you get warnings?
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Octogen,

    I have had emails flagged because they mention things like "Viral" & "infection"

    I have just re- installed WG on this PC & believe that it is a false positive.

    The following taken from the help is almost certainly the cause:

    Installation and Eradication


    None needed really. Well, at least not in the normal sense...

    Unlike many Windows programs which seem to insinuate their way into your system like some parasitic organism, the Proxomitron...

     
Thread Status:
Not open for further replies.