Kraken botnet bypassed NG, Defence Plus

Ok, I installed OA free latest version 2.1.0.130.

OA seems to be bypassed. Creation of executable in system32 folder not detected by OA. Can anyone confirm with free version? I am not sure about results. I tested under Sahdow mode of SS.

Thanks

 

127 passed it fully. 130 also passes. I just do not want to post the same pictures once again. May be she just do not like you and this is why she fails intentionally ?

BTW, did you wait at least a minute after install when she exits learning mode ?

 

Sure, even rebooted.

I will try it again. Did u try it with free version?

 

Will try. Run Safer is there in free version.

 

No, I use full version, but HIPS should be the same in full and free.

 

I think there is no need to run it safer. I tried it with admin account w/o runsafer and OA intercepted everything. I'd just like to know basing on what does he say "seems failed". It blocked autorun, memory tampering and internet access. Nothing wrong after reboot. Just retested once again (to be sure). Passed again.

 

Well, I decided to take a look myself, and I have to say that TF really needs to start giving better alerts, I mean, adding something to "Windows System Startup" is not something to get worried about.

 

Remember that behav. blockers don't analyze individual/isolated behaviours. They correlate the observed behaviours and then make a decision about a certain process. So, maybe, you're seeing an alert about one of the behaviours observed or the one that finally triggered the alarm.