real time protection?

Discussion in 'Trojan Defence Suite' started by infra-greg, Jan 7, 2004.

Thread Status:
Not open for further replies.
  1. infra-greg

    infra-greg Registered Member

    Joined:
    Jan 7, 2004
    Posts:
    6
    Hello all

    Total newbie to TDS-3, but loving it already :)

    Just a quick question.

    I have TDS-3 to startup with Windows and then to minimise to the System Tray.

    Does this mean that TDS-3 can intercept a trojan, etc if its trying to download on my system or if it tries to execute thru a malicious attachment that is being opened?

    Or does TDS-3 only finds Trojans, etc when I do a system scan? (ie after the trojan has downloaded, executed, etc)?

    Thanks very much and keep up the great work :)

    Infra-Greg
     
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    In the registered version of TDS you have Execution Protection, which scans a file before it's allowed to execute.
    Dolf
     
  3. infra-greg

    infra-greg Registered Member

    Joined:
    Jan 7, 2004
    Posts:
    6
    Cool.

    I had a trojan the other day...Byteverify that seemed to have installed and made itself at home. Some hacker from Denmark (checked my ftp stats) seems to have been responsible and consequently changed my first page of my website.

    I ran a virus check and voila, up it came. Norton deleted it, etc and that seems to be the end of it.

    Next step? I researched all the Anti-trojan programs and concluded TDS-3 was the best :)

    So I bought it :D

    All seems good. Hopefully no more idiots hacking and cracking my computer.

    Thanks for the prompt reply :)

    I-G
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Infra-Greg and welcome!
    TDS is for trojans and worms in the first place and a growing lot of other threaths except viruses.
    So for a total protection you need a good antivirus besides a good firewall.
    In TDS Network are several real nice functions and make sure you also grab the scripts pack for the registered version in which are very nice examples to do very nice things.
    You will love to see realtime all your connections -including possible illegal ones and the software used for it on your system as well as datapackets transferred if you use Port Explorer.
     
  5. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I need more explanation about the execution protection.
    I never use it, but, after to have evaluated my current security, even with having SSM i can allow something that shouldn't be allowed, and then TDS-3 execution protection sounds good :)

    I have read the help which doesn't say a lot about it.
    I have installed execution protection with TDS menu, it said me that it was installed successfully, but how can i see it ? how it works ?
    The help file could mean that it's a kernel driver but i don't know exactly.
    In addition, TDS3 executable should it be running for the protection working or not ? I didn't found any information about it, i can't even find where to set up this execution protection, i have read somewhere that there are (i hope!) an exclusion list but... help me pls :)
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi, the exec protection is a sleeping giant: in this meaning it is all in the background and you won't see it working, as it only jumps up in case of malicious code is detected before it could execute.
    There were quite some discussion threads here were it is mentioned.
     
  7. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    i didn't found any thread with information i wanted, like the fact if TDS3 need to be running in order the protection works, i will search again.

    thx you :)
     
  8. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    i found that TDS needs to be running, but not very much other information.

    I have seen thanks to SSM that every executable tries to launch the exec protection executable from TDS however, so i have noticed it Jooske ;)

    Hm, i feel better with such protection enabled, until now i have used many TDS tools and plugins as well as of course customized on demand scanner, but the exec protection offer another layer of security :)
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    A tip: click the search button on top of the board > disable all > enable TDS (forum) > fill in exec ;)
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi GK, When TDS does it's initial scans on start up and then you scroll up through the start up text you will see that EP is installed. :D
    EP only works whilst TDS3 is running or minimised.

    19:56:42 [Init] • Exec Protection : OK. Installed
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Form the search on exec in the TDS forum make sure you set at least 800 days and at least 100 finds as with the standard 50 the messages didn't show up yet.
    Also in the home DCS forum it was mentioned and explained several times. In the Private TDS forum FanJ posted very interesting info about that exact subject.
    The same info must be here somewhere, didn't find it that soon.
     
  12. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    thx you all !

    @Pilli
    i didn't see that... :oops:

    @Jooske
    yes, the number of days back by default is 60, with 360 i have a lot more results ;)

    Ok now, i 'm a happy TDS exec protection user :D
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    GK, here you see a screenshot where in the upper half the line with telling exec protection installed.
    Suppose you have it now?
     
  14. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    yes indeed Jooske, all is right now :)

    I tried with a "leaktest" which i know is seen as a potentially web downloader by TDS (but isn't harmfull in fact), and i wasn't able to launch it.
    That point lead me to 2 questions :

    First, i didn't have any popup, is this normal ? (it was however written in the TDS window log).
    Second, is there any way to put this file in an exclude list ?

    I have also noticed that on my XP at startup, TDS was both minimized on the systray and on the taskbar, blinking, whereas i set it up to only minimize to the systray. Is this normal too ?
     
  15. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    From the TDS main screen click on "Configuration". On the "Startup" tab, right-hand side, check to see whether you have "Startup State" set to "Minimized" Or "Normal" ("Minimized" is what you're seeing if it's flashing in the Taskbar).

    If you want to watch it do its' startup stuff, click the radio button for "Normal" (that's how I have mine set), then click "Save". HTH Pete
     

    Attached Files:

  16. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I notice also at times no warning popup and only a blockage message. Maybe because i tried to hammer the system tight for popups.
    If we want a file excluded we must be sure the file is OK and it serves to submit it to Gavin to make sure and he can decide to exclude it from detection in the database if the file is really clean. submit@diamondcs.com.au

    We can exclude areas from being scanned in the scan console, not sure if that would effect the exec protection too. If you need the file it serves to test if that works for you.

    The TDS icon will be in both systray and tray/taskbar as long as the console is maximized, but will only remain in the systray when minimized if you configured it that way.
     
  17. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Even with the directory in scan exclusion i can't launch this executable.
    About popup i have never had one even after trying some times, me too i disabled most windows services to avoid annoying popup, may be it's related.

    And yes i'm sure the file is 100% OK, leaktests are legits tests to check your firewall strenght, and it would annoy me to send each file TDS falsely identify to Gavin, but i will do it this time, i have few leaktests falsely identifiy as well as another program.
    Unfortunaly there is no way to add exclusion list for exec protection which should be the easiest way !
    The exec protection could use the scan exclusion list but seems to not.

    I am sending you a mail Gavin :)

    EDIT : mail sent :

    copycat.exe
    leaktest1.1.exe
    leaktest1.2.exe
    smartupdate.exe

    The last one is the updater of my coding environement "purebasic".
    All are identied as potentially web downloader.
     
Thread Status:
Not open for further replies.