Jurnaling and updated applications

How does jurnaling work on updated applications?

Let's say:

1. PC is infected with an "not clasified yet" virus
2. The virus is changing 1 registry on an application
3. After 1 hour the application would update itself and the affected registry is replaced with new good /updated one (for updated application)
4. After 2 hours the virus is clasified as "Virus" ,deleted, and old registry restored

In this scenario, the virus is gone, but the jurnaling just made the updated application unusable.

Now imagine that the application is part of boot sequence for Windows ........

 

Is there a problem all you do is hit and disappear and don't reply to the answers for a noobie to the forums?

TH

 

WSA repairs the boot sequence of Windows and replaces registry entries with known good values. If malware has modified the values for some application (a third party program, not the OS) WSA will restore it to its previous known good state. There wouldn't really be any reason for malware to just change random application registry values, but in this case, it would be no worse off as you would now have legitimate values rather than malware-modified values.

 

Also stands again that this kind of damage would not be "fixed" by any other antivirus either. Either the updated valid program broke the malware, or the malware would re-break the updated application. So either the malware is broken or the application is broken with another AV anyway.

Either way, since the last change is made by a trusted application (the updated application), the journalling wouldn't change it since it was already "repaired" by a trusted application.

That being said, the case you describe is what is known as a nonsensical theoretical. It describes a case that has never happened in reality and that there is no reasonable likelihood of happening in reality and there is no reasonable manner by which it could legitimately be induced to happen.

 

TH:
After a feeling surfaced, a quick forensic analysis across existing internet presence shows that it's just cladiu's new account, so it's not much to worry about.

 

That was my thought by the hit and run!

TH

 

LOL, I was thinking the same. I guess he can start all over again bashing Webroot with a different name.

 

There's no proof at this time only an assumption.

TH

 

I think it's nice to have another WSA user on the forum, it's been pretty quiet around here recently anyway

 

Looking on the forum there is another thread regarding 'journalling', I think maybe topor might be having a bit of a wind-up & teasing us by deliberately misspelling it 'Jurnaling', on both threads - Still he/she is new to Wilders so no offence intended ~