DW question

Discussion in 'other anti-malware software' started by Dregg Heda, Dec 12, 2009.

Thread Status:
Not open for further replies.
  1. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Im using Defensewall with Srware iron browser and DW has just informed me that iron.exe, my browser is reading keystrokes via GetKeyState. Is this natural? How should I respond? Thanks.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    same happened here in one of my computers:) just terminate:D
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Unlike other HIPS, DW makes most decisions for you. In some cases DW can not determine whether something is illegal or not. That is when you see this message. It happens sometimes when you not enter something in the search bar and Iron (or chrome) starts a second Chrome/Iron process and parses the search string to this second process. In most situations you can allow this without choosing remember. When you are uncertain just choose kill without remember.

    Regards Kees
     
  4. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    I clicked terminate and one of my browser pages which was playing a youtube video had a shockwave plug-in crash. Is this natural? Was my flash spying on me?
     
  5. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Also can someone tell me what the automatically remove items from rollback list does? Thanks.
     
  6. pidbo

    pidbo Registered Member

    Joined:
    Dec 25, 2006
    Posts:
    198
    Last edited: Dec 12, 2009
  7. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Thanks Pidbo!
     
  8. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Can someone please answer post 4 for me? Thanks.
     
  9. darthsideous666

    darthsideous666 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    202
    Location:
    Secret Hideout on Coruscant
    I take it that when you say terminate you mean "stop attack"? If so, your browser is running as untrusted so when you "stop attack" it terminates the untrusted programs running. Not sure that you were being spied on though, but if you were, it worked!
     
  10. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Yes when you "stop attack" it terminates the browser and addons. I have Kaspersky AV that adds whitelist and blacklist (klwtblfs.exe) to Firefox. Both Firefox and the KAV addons are both terminated when I press the "stop attack" button in DW.
     
  11. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    No I had a pop-up informing me of the keylogging by what was my browser executable. The pop-up had two options: OK and Terminate. When I chose terminate one of my browser pages running youtube stopped working and informed me that a shockwave plug-in had crashed.
     
  12. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Okay, Not familiar with that one. Maybe someone else here as an explanation.
     
  13. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Alright thanks anyway for your help G1111. Hopefully Ilya pr someone else can shed some light.
     
  14. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Also Id like to know if virtualbox can be run untrusted? I want to try out some linux distros. TIA.
     
  15. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Just ignore that notifications. Looks like, it's about one of the plugins or even SRWare itself.
     
  16. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Ilya after installing virtualbox can I then run it untrusted for extra protection?
     
  17. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Added regedit, taskmanager and MBAM.exe (Malwarebytes Antimalware) along with MBAM's folder to the resource protection list but they are all still terminated after running an exe killing malware?

    Firefox is in there by default but won't start either.

    Installed DW into an XP VM recently and don't know much about it as yet.

    Protect.JPG
     
  18. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Resource Protection is about resources used by concrete programs in order to do not allow untrusted malicous software to get access to that places and steal passwords.

    I just don't get the point- can you run FireFox as untrusted or not? Maybe, it's right about Resource Protection settings you did change?
     
  19. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Those tubeperu exes I PM'd you, run the 3.exe and check for yourself. I will PM newer morphed versions I picked up the other day.

    I ran the 3.exe malware neither trusted nor untrusted and Firefox won't start at all.

    IE starts but is hijacked to some music site.

    I am working on the premise that the system is already infected by 3.exe and installed DW to protect MBAM which can clean up the infection if it can run but it seems I don't understand the function of the resource protection.

    Tried Process Guard to protect some exes but that is shutdown.
     
  20. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Sorry, it's impossible. Just impossible. Only two zones- trusted and untrusted. There is no "neither/nor" zones there.
     
  21. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    What about just double clicking to execute without going through the right click context menu - run untrusted/trusted.
     
  22. Brent Hutto

    Brent Hutto Registered Member

    Joined:
    Dec 1, 2007
    Posts:
    72
    Location:
    South Carolina
    I'm brand new to DefenseWall but if I double-click on something it has on the "Untrusted" list then it runs untrusted. If I double-click on something not on the list it runs trusted, no?
     
  23. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Ilya you still havent answered one of my questions: Can Virtualbox be run untrusted by DW successfullly? Thanks.
     
  24. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Brent, I posted the following in another thread:

    All you have to do is install it, and nothing more.

    If you have an 'odd program' that needs to run with protection, you search in windows explorer and right-click on the executable and select 'change status to untrusted'. Do this for all the programs, messengers, anything you use that connects to the internet and is unsafe (defenswall will do this automatically, but some obscure programs might not be listed in its untrusted list - but there is no harm in you selecting a file and highlighting it as 'untrusted', even though defensewall already did).

    If you want to install a file that's safe, once the download file has finished, you can then right-click, and select 'change status to trusted'. You can then install the file properly.

    Remember that and you're fine. Also, if you want to update firefox for example, you can right-click, and select 'run as trusted', so it'll run once and be able to update. Do that say once every couple of weeks.
     
  25. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    If you didn't load it with untrusted browser- it will run as trusted.
     
Thread Status:
Not open for further replies.