Discussion in 'Trojan Defence Suite' started by ontherun, Jul 18, 2003.
Is there a way to Excused just a file and not the whole folder where it resides?
Hmmm welcome ontherun,
looking at it doesn't really look like it, but to be honest i never tried! I like every file scanned, even "trusted" ones, to be very sure never any nasty infected them.
Can only advise to try the full pathname to the file and see what happens......
From the description in the Helpfile it's directories only..
Well I like all the files to be scaned but you get the popup, Alarm window and it stays there untill you tell it to Ignore the alarm.
Im running a remote admin program, and it sets the alarm off everytime I reboot or use the program.
Remote Anything is the program.
What is the alarm TDS is showing?
Here is a screen shot
The slave.exe is the client side of the Remote Anything program, Which is a remote administration program.
- Localized the image and shrunk by converting to GIF
Well I suppose when the people of TDS think this is a trojan, there should be something wrong with that. If you completly trust it, for the time being, you can exclude the progam directory from scanning. If this is a "promoted" trojan I suppose it will be deleted from the database
TDS sees of course such things as a trojan code!
Seeing several versions in the primaries list, so no need to submit it, sorry, they have them by long. Can imagine, as it can be installed without user's knowledge at all and running completely invisible.
Maybe something in the description could be added or just accept it or exclude the directory if you like as Dolllefie says.
Can't exclude the winnt folder, and this is where the program places the slave.exe file. And I use the program on the workstations and Server on my home network.
From what I found out from the developers website you can move the program to any directory you like.
Allthough you still have to disable memory scan and execprot as well, and I don't know if that is what you want
You might have a look at this site:
It's a program like pcAnwhere and it's free, but most of all, you don't hurt TDS's feelings
Does pressing the "ignore alarm" not help for not coming back next time?
I had an alert like that on a kind of connection aware program, which didn't show up anymore after i pressed that button. Now it can be --as i wrote Gavin about it-- it has changed in the detections, i'm not sure, anyway it doesn't alarm anymore, while i'm sure all is scanned.
For the TightVNC i'm very much interested in "how to" and how to do it secure for helpdeskfunctionallity among others.
If you care to educate me and others in this it might be interesting to open a thread for that in "Other Services" (guess that's the best place?)
I don't use it myself. I'm comfortable with pcAnywhere for remote support, but what I did understand is that on the server side you have to set a sessionpassword. Optional settings are disabling mouse and keybord of the client (view only mode) and communication port settings.
You can set the server to have connections with multiple clients
So if there is a help asking user, they should have to install the program and set as a server, so i can view on their screen and if they give me rights to do things on their system to put things right, etc.?
If i would run a server myself people can connect and look or do things on my system; the look if i want to show something is ok, but i suppose you take over their functionallity on your support asking customers as well?
I'm honestly always confused about who is server and who is client in such actions.
To make it even more confusing: TightVNC has the option of a listenig client....
The server is the computer which will be served, the client has the remote control. With a listening client a connection will be established when the server has started
For excluding this file, you could install it to a separate folder or just ignore the alarm - turn off the Object Memory Scan at startup if it is coming up then. Apologies for the delay, wasn't well this weekend
For TDS-4, I think we may have a set of programs (such as Remote Anything) which are marked in the database as Remote Admin tools - their use can be legitimate, and it can also be malicious. There is also a grey area with patched versions of servers around, and server droppers and such - and with VNC for example, there is of course source available.
There could then be an option to ignore detections of such files, which would need to be used very carefully of course. Also, detections will be marked with a warning, not a positive ID as a trojan.
Separate names with a comma.