net.exe

Discussion in 'ProcessGuard' started by tonyjl, Nov 27, 2005.

Thread Status:
Not open for further replies.
  1. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    hi guys,just been doing some maintenence on my lists and noticed i have net.exe and a net1.exe. I scanned net1.exe at jottico's and came up clean,i then noticed net.exe launches net1.exe,is this normal/anything to worry about? if it is normal,do we treat net1.exe the same as net.exe (permit once)?
    Thanks guys
     
  2. Dryopithecus

    Dryopithecus Registered Member

    Joined:
    Sep 26, 2005
    Posts:
    22
    Hi, tonyjl,

    If net.exe & net1.exe are in the folder "C:\WINDOWS\system32", I guess, it's normal. If not, it's maybe a trojan.

    Regards
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    NET can be used for commands such as "net stop firewalldriver"

    I'd remove them from the RUN list, so if they do try to run, you can examine the command line on the alert
     
  4. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Gavin/Wayne,
    Has the enhancement request to allow command line parameters for PG executions been considered yet ?
    If so is there a timeframe or a target version in which it might be delivered ?

    I just did a quick search in the suggestion/wishlist thread and found some comments directly related to the readability of the alerts (that we currently need to read because of the inability to specify command line parameters)
    That is directly related to "reading the command line on the alert"
    See https://www.wilderssecurity.com/showthread.php?p=346856&highlight=command+line#post346856

    P2K makes a comment in post #135 (in the same thread a post later) asking for "Permit with these parameters" which of course would simplify handling of net.exe (and several other situations)
     
Thread Status:
Not open for further replies.