hi guys,just been doing some maintenence on my lists and noticed i have net.exe and a net1.exe. I scanned net1.exe at jottico's and came up clean,i then noticed net.exe launches net1.exe,is this normal/anything to worry about? if it is normal,do we treat net1.exe the same as net.exe (permit once)? Thanks guys
Hi, tonyjl, If net.exe & net1.exe are in the folder "C:\WINDOWS\system32", I guess, it's normal. If not, it's maybe a trojan. Regards
NET can be used for commands such as "net stop firewalldriver" I'd remove them from the RUN list, so if they do try to run, you can examine the command line on the alert
Gavin/Wayne, Has the enhancement request to allow command line parameters for PG executions been considered yet ? If so is there a timeframe or a target version in which it might be delivered ? I just did a quick search in the suggestion/wishlist thread and found some comments directly related to the readability of the alerts (that we currently need to read because of the inability to specify command line parameters) That is directly related to "reading the command line on the alert" See https://www.wilderssecurity.com/showthread.php?p=346856&highlight=command+line#post346856 P2K makes a comment in post #135 (in the same thread a post later) asking for "Permit with these parameters" which of course would simplify handling of net.exe (and several other situations)