Potential RegDefend Bug?

Discussion in 'Ghost Security Suite (GSS)' started by comma dor dash, May 12, 2006.

Thread Status:
Not open for further replies.
  1. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    I just performed tests with Armadillo 4.x protected malware (Optix Lite 0.4). Code splicing + copy mem II + debug-blocker was enabled.

    Incidentally, I noticed that RegDefend did not block or show an alert when the Optix server registered itself (autostart entry). That's why Regrun's alert was triggered.

    I did not investigate this issue in more detail. Therefore, I am unable to rule out that RegDefend was not correctly configured.

    But someone may want to have a look.
     
  2. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    After a reboot, RegDefend detected the creation of the autostart entry (when I started the Optix server again).

    Is it possible that RegDefend somehow "cashes" an allow-once rule until the computer is restarted?
     
Thread Status:
Not open for further replies.