EQS starts before Online Armor

Discussion in 'other anti-malware software' started by faenil, May 4, 2008.

Thread Status:
Not open for further replies.
  1. faenil

    faenil Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    88
    Hey guys I installed both and now, when I start the machine, EQS asks if I want OA server to start...

    isn't that funny? I think it means that if EQS were a malware, Online Armor wouldn't have stopped it as it ran before OA service started...

    LOL
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep,

    EQS implemented with the latest official version early startup and late shut down protection. I am convinced malware shifts to drive by infections, system logon/shutdown and the user kernel space. So there is where you should focus on when choosing your layered defense. D+ of Comodo also does a good job at shut down, have not tested it with startup.

    Regards Kees
     
  3. wrongway67

    wrongway67 Registered Member

    Joined:
    Apr 5, 2008
    Posts:
    45
    this reminds me when I changed the startup order of Process Guard service

    I had changed its driver's startup from "automatic" to "system"

    then in the registry, in the key

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DCSPGSRV

    I created a new string value I named Group with data ProcessGuard

    then in the key

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder

    I edited the data in the value List adding ProcessGuard between PNP_TDI and NDIS:

    Code:
    PlugPlay
    PNP_TDI
    ProcessGuard
    NDIS
    TDI
    so when I rebooted ProcessGuard started before Sygate

    these attached are very very old screenshots
     

    Attached Files:

    • pg1.JPG
      pg1.JPG
      File size:
      145.1 KB
      Views:
      147
    • pg2.JPG
      pg2.JPG
      File size:
      141.5 KB
      Views:
      147
  4. faenil

    faenil Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    88
    so any malware can put itself before any security app just by editing those keys?...
     
  5. wrongway67

    wrongway67 Registered Member

    Joined:
    Apr 5, 2008
    Posts:
    45
    that was I did, and seeing that worked (at the following startup PG's security tab showed the "new entries") I did the same with the symantec services (some of them already had the value "Group") so nearly the whole norton's services started before the spooler and after the sygate, because I placed them in the List just before the "SpoolerGroup"

    about the malwares, I can only guess...
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Not really funny, not really a big deal if you stop and think about it. You are running OA, so how did EQS get on your system. You allowed it. Would you have allowed Malware on. If you were browsing with OA's Run safer the malware coming in on your browser wouldn't have been able to install.

    Same is true if it were SSM or Prosecurity or whatever. For anything to start that early it has to be installed, and OA or any of the others would block it unless you permitted the install.

    Faenil, try this. Uninstall both, reinstall OA. Then start the EQS install but block everything it does. Bet it wouldn't start earlier then.

    Pete
     
Loading...
Thread Status:
Not open for further replies.