Exclusions

Discussion in 'Trojan Defence Suite' started by ontherun, Jul 18, 2003.

Thread Status:
Not open for further replies.
  1. ontherun

    ontherun Registered Member

    Joined:
    Jul 18, 2003
    Posts:
    4
    Is there a way to Excused just a file and not the whole folder where it resides?
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hmmm welcome ontherun,
    looking at it doesn't really look like it, but to be honest i never tried! I like every file scanned, even "trusted" ones, to be very sure never any nasty infected them.
    Can only advise to try the full pathname to the file and see what happens......
    From the description in the Helpfile it's directories only..
     
  3. ontherun

    ontherun Registered Member

    Joined:
    Jul 18, 2003
    Posts:
    4
    Well I like all the files to be scaned but you get the popup, Alarm window and it stays there untill you tell it to Ignore the alarm.

    Im running a remote admin program, and it sets the alarm off everytime I reboot or use the program.

    Remote Anything is the program.
     
  4. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Hi ontherun,
    What is the alarm TDS is showing?
    Dolf
     
  5. ontherun

    ontherun Registered Member

    Joined:
    Jul 18, 2003
    Posts:
    4
    Here is a screen shot

    The slave.exe is the client side of the Remote Anything program, Which is a remote administration program.

    - Localized the image and shrunk by converting to GIF
     

    Attached Files:

  6. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Well I suppose when the people of TDS think this is a trojan, there should be something wrong with that. If you completly trust it, for the time being, you can exclude the progam directory from scanning. If this is a "promoted" trojan I suppose it will be deleted from the database
    Dolf
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    TDS sees of course such things as a trojan code!
    Seeing several versions in the primaries list, so no need to submit it, sorry, they have them by long. Can imagine, as it can be installed without user's knowledge at all and running completely invisible.
    Maybe something in the description could be added or just accept it or exclude the directory if you like as Dolllefie says.
     
  8. ontherun

    ontherun Registered Member

    Joined:
    Jul 18, 2003
    Posts:
    4
    Can't exclude the winnt folder, and this is where the program places the slave.exe file. And I use the program on the workstations and Server on my home network.
     
  9. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    From what I found out from the developers website you can move the program to any directory you like.
    Allthough you still have to disable memory scan and execprot as well, and I don't know if that is what you want
    You might have a look at this site:
    http://www.tightvnc.com/
    It's a program like pcAnwhere and it's free, but most of all, you don't hurt TDS's feelings :D
    Dolf
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Does pressing the "ignore alarm" not help for not coming back next time?
    I had an alert like that on a kind of connection aware program, which didn't show up anymore after i pressed that button. Now it can be --as i wrote Gavin about it-- it has changed in the detections, i'm not sure, anyway it doesn't alarm anymore, while i'm sure all is scanned.


    For the TightVNC i'm very much interested in "how to" and how to do it secure for helpdeskfunctionallity among others.
    If you care to educate me and others in this it might be interesting to open a thread for that in "Other Services" (guess that's the best place?)
     
  11. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    I don't use it myself. I'm comfortable with pcAnywhere for remote support, but what I did understand is that on the server side you have to set a sessionpassword. Optional settings are disabling mouse and keybord of the client (view only mode) and communication port settings.
    You can set the server to have connections with multiple clients
     

    Attached Files:

  12. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    adv.config
     

    Attached Files:

  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    So if there is a help asking user, they should have to install the program and set as a server, so i can view on their screen and if they give me rights to do things on their system to put things right, etc.?
    If i would run a server myself people can connect and look or do things on my system; the look if i want to show something is ok, but i suppose you take over their functionallity on your support asking customers as well?
    I'm honestly always confused about who is server and who is client in such actions.
     
  14. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    To make it even more confusing: TightVNC has the option of a listenig client.... :D
    The server is the computer which will be served, the client has the remote control. With a listening client a connection will be established when the server has started
    Dolf
     
  15. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    For excluding this file, you could install it to a separate folder or just ignore the alarm - turn off the Object Memory Scan at startup if it is coming up then. Apologies for the delay, wasn't well this weekend :blink:

    For TDS-4, I think we may have a set of programs (such as Remote Anything) which are marked in the database as Remote Admin tools - their use can be legitimate, and it can also be malicious. There is also a grey area with patched versions of servers around, and server droppers and such - and with VNC for example, there is of course source available.

    There could then be an option to ignore detections of such files, which would need to be used very carefully of course. Also, detections will be marked with a warning, not a positive ID as a trojan.
     
Thread Status:
Not open for further replies.