Ignore Alternate Data Steams

Discussion in 'Trojan Defence Suite' started by Snook, Oct 5, 2004.

Thread Status:
Not open for further replies.
  1. Snook

    Snook Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    182
    I have TDS-3 configured to ignore Alternate Data Streams smaller than 89k. When I perform a scan TDS-3 does not ignore them.

    Comments/suggestions...?
     
  2. kwesi

    kwesi Registered Member

    Joined:
    May 18, 2004
    Posts:
    82
    Location:
    London
    Hi, Snook. I had a very similar problem. Unfortunately, I'm at work, so I can't give you the exact workaround that I finally settled on, but I know that it was to do with unchecking an ADS button/field of some kind (Hidden Data streams? Alternate Dat streams?).

    If you can't find a similar thread in these forums by searching for ADS, I'll try & update you when I get back home. It was a bit of a reluctant compromise on my part, I recall, so perhaps someone knows a better solution.
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Snook, when you tick the Ignore streams smaller than say 90 bytes (not kilobytes BTW) close the AdStream box. You then need to press the "Save configuration" button shown in the scan control window to save the settings.

    HTH Pilli
     
  4. kwesi

    kwesi Registered Member

    Joined:
    May 18, 2004
    Posts:
    82
    Location:
    London
    If that doesn't work, then my workaround was - Go to 'Scan Control' and under Advanced Scan Options, uncheck 'Show all NTFS ADS Streams' , but have 'Scan NTFS ADS Hidden Streams' checked.

    People can see why this was a reluctant compromise for me, but I'm trusting that TDS-3 is scanning the streams, and will flag up any problems in the warning window.
     
  5. Snook

    Snook Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    182
    Thanks for the replies. I'll try all the suggestions and post what worked later.
     
Thread Status:
Not open for further replies.