confused, need help?

I'm running tds3 and it loads fine, just seems to sit there in the tray. I have NEVER seen any sort of tds3 related alert other than when performing a manual scan of my system. (these were removed but only double extensions)
What is tds3 supposed to do? should it pop up and alert me or identify a problem and wait for me to open the interface, furthermore, is there anywhere I can test tds to see if all is well?

mtia,

T.

 

Hi there,
TDS is on demand; in the registered version you can install the exec protection which quickscans every file before it is allowed or blocked from executing. This might or might not gie a popup warning or you see it in a new line in the GUI. To have that exec protection functioning TDS needs to be started, you can minimize it to the systray, still functioning.

 

Thank you for your help. So it seems that after tds has loaded and completed a scan, a trojan could infest my system (assuming exec prot is off) and tds would know nothing about it? Therefore, since I'm running process guard, there is no reason to run tds automatically at each startup? Instead, running it weekly for example?

Am I correct in my assumptions, or way off the mark?

mtia,

T.

 

Hi Tobamore.

First to use the test method outlined below with RTM [Real Time Monitoring] you have to have paid and registered the program and then have the RTM of Exec Protection installed, ok!!

Go to
THIS THREAD and see my posting/instructions on it.

Of course, if interested in a trojan simulator one GO HERE

You can follow the instructions of the trojan simulator one by doing the 'Install' and then doing an On Demand scan with TDS if you have not got the fully registered version with RTM.

I cannot even get it to download, Kaspersky keeps alerting and deleting it

Cheers, TAS

 

Yes you are correct if you do not have TDS running [even with Exec Prot installed] you can be infected. PG will stop an unknown Process from running until you either Allow/Deny.

By startup, are you talking Windows Startup, or just starting TDS itself if you do not run it normally as in Real Time Monitoring?

Vast majority here do not have it starting with windows, we start it manually once windows is loaded, as it can hang a bit, especially with Process Memory Space Scan checked.

Now, if you do not have TDS running with Exec Prot as a normal RTM app, then you want to do a full system scan, you may as well have the majority of the checks it does on startup turned off, as it will only go through all of those again when you select Full System Scan.

Hope that is clear.

Cheers, TAS

 

I registered the program about a year ago and until recently, only used tds to scan my entire system monthly.

I tried the trojan test you suggested and did the install, tds did nothing (with exec prot on and latest update!) This can't be right, surely?

 

okie dokie then.... have fun testing

TAS

 

Hello, let me explain, I'm running tds3 in my systray (registered with exec prot - on) I then downloaded the dummy trojan detailed in the above post, allowed it to run once (via process guard) and tds spotted nothing! I then shut down tds and re-started it, then and only then did it recognise the trojan and allow me to remove it, this is shutting the stable door AFTER the horse has bolted, surely?

 

*bump* Could someone please advise?

 

Hi tobamore, In scan control make sure that you have Scan Clients/edit servers enabled and all the other scan options. TDS should see it then.

 

Ahh, now that's more like it! Thanks. Why isn't this enabled by default? This is surely a loophole if left unchecked?

 

Hi, Pilli!

Now I'm a little confused. The only option in Scan Control that I have NOT selected was Scan Clients / Edit Servers. I got the impression that for a stand-alone PC like mine, that was not appropriate.

 

Hi Daisie, Yes when doing a full scan it is recommended to disable it but if you are running exec protect then it is better IMO to leave it on just in case.
As you can see
17:20:28 [ExecProt] WARNING: c:\docume~1\***\locals~1\temp\temporary directory 1 for trojansimulator.zip\tsserv.exe has been blocked from executing
17:20:40 [ExecProt] WARNING: c:\docume~1\*****\locals~1\temp\temporary directory 2 for trojansimulator.zip\trojansimulator.exe has been blocked from executing

As the help file explains the client/server by itself is not malware.

Scanning for Clients and Editservers is purely optional. We do recommend that home users have this feature disabled as it will slow down the scan that TDS-3 performs.

Clients and EditServers are programs that are used by the actual hackers themselves and would not necessarily be found on a victims computer. Many anti-virus and anti-trojan applications detect these programs as being actual trojans where as in fact this is incorrect. Victims are very unlikely to have these files on their systems. However due to demand by large corporations, TDS-3 now detects these applications used by hackers. The reason being is so that they can detect any employees that are using these tools on their networks to get onto other systems they are not supposed to.

However users have the option to detect these files and the database is separated from the primary signatures. Files that do get detected as Clients or Editservers are noted in the scan window as actually being a utility and not an actual trojan. This is to differentiate between the different types of files, and not to cause a false sense of insecurity to the user.

Home users should disable this when scanning for trojans.

 

It should read something like:
In normal circumstances normal home users could leave it disabled.....
but in testing conditions any user should enable this option.

 

to me this is a bit strange:

Because i read it here in all the treads that if you've missed a Trojan:

(Like Pilli wrote

So to me it seems as it is NOT a good idea to DISABLE this option.

Is this because of the newer Trojans(kits/Packages)?

Perhaps that was the case (history) but not now i guess.

And why would you scan without it?

 

Hi tuatara, The TDS is help file is probably out of date now as work on TDS4 is more important, so I guess in the light of new malware this could be altered somewhat. Having said that the client/servers are, as the help file states, not usually Trojanic in themselves.
Obviously doing a full scan with all options selected will have a detrimental effect on scan speed so it is better to do it when you are not using the computer much.

 

Thanks for that clear answer Pilli,

And i don't want to refer DCS to update the helpfile if they can work on TDS-4
instead :>)

And on PG version 2.xx ..... ('within 2 weeks') ...

It is good that this forum answers a lot of questions for them,
let them do,what they do best .... making great programs !

:>)

 

Not V2.xx it will be Version 3 and yes hopefully it will be out in the next couple of weeks.

Thanks for your kind words. Pilli

 

phew..... I left last night and did not see this reply, sorry tobamore, but I see it's been fixed, thanks Pilli.
and Yes, I should hav told you to make sure that was enabled in configuration

That's why I recommended the simple Leaktest option, as it's already like a trojan 'would' be and not in the Client/EditServer state.

Cheers, TAS

 

One of my reasons to recommend to have ALL options checked and the sensitivity slider on highest.

 

PG version 3 ....... wow ...can't wait ...

 

Agreed. As a side comment, I would suggest some strong wording somewhere in the user guide that instructs users what do when installing software (turn learning mode on). Can really make a mess if you don't.