DriveSentry, Comodo D+ and ntvdm.exe

Discussion in 'other anti-malware software' started by s23, Feb 22, 2009.

Thread Status:
Not open for further replies.
  1. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    Hey folks... sorry if this is a dumb question, but i have a doubt about this executable and if is necessary attention to configure his execution. I'm testing this 2 softwares and with some DOS malware that virus signatures doesn't catch, the HIPS feature simply don't alert what they are trying to do. In DefenseWall i see this executable in the untrusted category. In DriveSentry this exec. is trusted (think through the whitelist) and in Comodo (I create a rule to "ask") they alert that the ntvdm.exe is executing HIMEM.sys and command.com, but don't alert to any malware behaviour and the malware execute. I try with Avira and one alert to the malware is triggered. I try make a rule for control his execution but without success. If today the applications that need this behavior are low, if you are navigating in some pages and you are alerted with his execution is a bit strange right? should I care about it?


    Sorry for my poor english


    Duplicated post... my ISP connection is a ****, come down much times - Sorry
     
    Last edited: Feb 22, 2009
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    That is a component of Windows (NT Virtual DOS Machine in full).It's no surprise that it's showing up when playing with DOS malware.
     
    Last edited: Feb 22, 2009
  3. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    But the thing is the DriveSentry don't alert me! (I put the whole Windows partition to monitor and enable lockdown mode). If this is a path for malware execution so it not be in the whitelist right? Through this, if the fingerprint not is in the database, they are allowed to run?
     
  4. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I don't use DriveSentry so I wouldn't like to comment on any alerts you may or may not get but from my understanding it isn't like a full-blown HIPS in respect of coverage.You'd be better asking Katie in the dedicated thread.

    https://www.wilderssecurity.com/showthread.php?t=209764
     
Loading...
Thread Status:
Not open for further replies.