which is the best way to run a suspicious file?

Hi
I have a question

which the best way to run a suspicious file?

well i agree " don't Run "

but at work if i have to do it , to be safe what can i do ?

run under a virtual system?
or?
i would like if you want to share with me your skill

thanks

 

Re: wich is the best way to run a suspicious file?

Run it under VM or inside of Sandboxie.

 

Re: wich is the best way to run a suspicious file?

is there vm free?
or wich is the best virutal machine

 

Re: wich is the best way to run a suspicious file?

VirtualBox is free and also very good alternative to VMware.

 

Re: wich is the best way to run a suspicious file?

thanks and there is a short tutorial how use virtualbox?

what should i do?
create a new virtual machine (xp)
and the program inside the virutal machine

and how can i know if it's dangerous?

 

Re: wich is the best way to run a suspicious file?

or using Sandboxie i did understand how it works
but how can i know if it's dangerous?
have i a log of suspious operation?

 

Re: wich is the best way to run a suspicious file?

You can track what it do and of course scan it with some scanners.

 

Re: wich is the best way to run a suspicious file?

thanks Mike
is sandbox safe?
which scanners do u use?

 

Re: wich is the best way to run a suspicious file?

You can also scan the suspected file while sandboxed with a service such as Virus Total as well as with your on board tools.

 

Re: wich is the best way to run a suspicious file?

In my opinion a very safe way would be the following.

use an isr software with defensewall installed as well.

or

use an isr and also use a virtualisation software like returnil, powershadow or the like.

I'm sure there are many opinions but these are mine. As far as how you can tell if the file is dangerous or not after you have ran it with option 1 you could look at the logs in defensewall and see what actions the file took. option 2 there is no sure way.

Thanks,

Chris

 

Re: wich is the best way to run a suspicious file?

thanks!
what is a ISR?

 

Re: wich is the best way to run a suspicious file?

Instant system recovery. Like rollback rx http://www.horizondatasys.com/169614.ihtml or similar product.

Thanks,

Chris

 

Re: wich is the best way to run a suspicious file?

thanks well rollback is more the more dangerous program
to uninstall.. it can screep up your system so much that you can't recovery

 

Re: wich is the best way to run a suspicious file?

thanks !
but the way is there alternative to DefenseWall

 

Re: wich is the best way to run a suspicious file?

I have uninstalled and reinstalled rollback more times than i can count since Dec 2005 and never had it mess my system up. Where did you get that info?

As for alternative to defensewall GeSWall http://www.gentlesecurity.com/index.html . I have no experience with it but other users seem to like it.


Thanks,

Chris

 

Re: wich is the best way to run a suspicious file?

Hello,
Virtual machine ... or a dedicated test machine ...
Mrk

 

Re: wich is the best way to run a suspicious file?

Geshall for home use is free?

 

Re: wich is the best way to run a suspicious file?

Yes GeSWall is free.

 

Re: wich is the best way to run a suspicious file?

Scan at Virustotal, scan at an online sandbox and run the app in a VM loaded with tools (EULAliyzer, Process Explorer, TCPView, Process Monitor, debuggers, hex editors, Sandboxie, etc)

 

Re: wich is the best way to run a suspicious file?

How so

GeSWall is an excellant app.
I only wish SandBoxie and GeSWall got along, but it's kinda hard to sandbox a sandbox.

 

Re: wich is the best way to run a suspicious file?

i mean do the malware deceive sandbox?

you know i tried DefenseWall , but it need to install a service , and on work the pc doesn't let me to loadup in auto new programs
so i can't try defensewall , i will try home

 

Re: wich is the best way to run a suspicious file?

yes it's great but it runs at loadup and i can't shutdown

i would a program to launch seldom, rarely

 

Re: wich is the best way to run a suspicious file?

ProcessGuard 3.15 is death?
or is in vain , i liked it

 

Re: wich is the best way to run a suspicious file?

Pretty much PG is dead. Besides that you have to answer the prompts correctly or you will suffer damage. This is the same with any hips.

Thanks,

Chris

 

Re: wich is the best way to run a suspicious file?

thanks Chris
you are very kind

what's about a behavior blockers ?

i mean i tell you what i need , a program that i will use seldom, rarely for unknow program or documents that i have to run

i have nod32 and a firewall at home and at work , and i would like to have a program that i run only in seldom cases

did you understand?
because i don't run often such files
i don't download files by the net , but could happen that i have to do or home or at work , and i would like to be pretected

thanks have a nice day