Identity Shield weird behavior

Discussion in 'Prevx Releases' started by m00nbl00d, Jun 12, 2012.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'm using a relative's computer, to whom I offered my beta key, and I noticed something rather odd with the Identity Shield component.

    First of all, my relatives uses two web browsers, Google Chrome and Chromium. Both are installed in C:\Program Files. Chromium is updated by manual means; my relative downloads the installer, then extracts the contents to the Desktop and gets a folder named Chrome-bin. After that, it renames it to Chromium and places it in C:\Program Files.

    My relative added chrome.exe (Chromium's exe) to the Identity Shield Protected Applications, and for some reason Webroot SecureAnywhere adds c:\users\username\desktop\chrome-bin\chrome.exe instead of c:\program files\etc.

    There's something similar happening with Google Chrome, and that being that it adds chrome_new.exe, instead of chrome.exe. Whenever Google Chrome updates I believe it temporarily creates a new exe named chrome_new.exe.

    This results in Identity Shield not protecting these web browsers... I believe this to be a bug? I doubt it's by design... lol

    -edit-

    For some reason, WSA is associating Chromium with c:\users\username\desktop\chrome-bin\chrome.exe instead of c:\program files\chromium\chrome.exe, because in Execution History, I can see c:\users\username\desktop\chrome-bin\chrome.exe, but not c:\program files\chromium\chrome.exe? This is odd.
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is normal - it just depends on the last file seen and the last location. The protection is applied on the file's hash rather than the filename, which is why it appears to "move" in some cases.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I suppose it make sense. But, what's confusing is why WSA doesn't detect C:\Program Files\Chromium\chrome.exe as being both the last file seen and last location? Why C:\Users\username\Desktop\Chrome-bin\chrome.exe? And, why would Execution History show C:\Users\username\Desktop\Chrome-bin\chrome.exe? Chromium has never been executed from there; it's executed from Program Files, but for WSA is executed from the Desktop? lol
     
  4. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    WSA doesn't keep track of the location more than once though. So if it sees "chrome.exe" as hash "12345", it stores
    12345 : <Last place I saw this hash>

    Execution History uses this data based on the hash, otherwise it would be Slow. Since the scan sees it on the desktop, that's the location stored in the hash table.
     
Thread Status:
Not open for further replies.