Stinger McAfee

Discussion in 'other anti-virus software' started by GuyD, Apr 12, 2009.

Thread Status:
Not open for further replies.
  1. GuyD

    GuyD Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    9
    Location:
    Belgium
    I DL'd the latest Stinger Virusscanner from April 9.

    At the end of the full PC scan my Outpost Firewall gave me a warning that the stinger app'n wanted to change a critical file 1394bus.sys within my driver folder in Windows\system32\drivers.

    I blocked it.

    Afterwards I looked in my event viewer from my Outpost firewall and found other app'ns that had changed that 1394bus.sys driver (well changed apparently from what it said in my outpost firewall event viewer)

    What is this 1394bus.sys driver and why did I get a warning from my firewall "only" for the stinger scanner ?

    Screenshot

    http://img175.imagevenue.com/img.php?image=71414_ScrSh011_122_492lo.jpg
     
  2. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    1394bus.sys in a ms system file for accessing IEEE 1394 serial bus (FireWire). I am guessing Stinger wanted to scan for any attached USB/Firewire drives for malware.
     
  3. GuyD

    GuyD Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    9
    Location:
    Belgium
    Thank you for the valuable reply. So in fact I might have allowed it for the Stinger app'n ? If you look at the screenshot where the other app'ns also got access to that driver and where there was no warning from my Outpost firewall. So maybe the fact that it said trying to change that driver was a misinterpretation from my outpost firewall all the time ?
     
  4. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I think it would be same to allow McAfee Stinger access to sys file.
    My guess as why only Stinger generated a prompt is : since Stinger is AV app, it may need exclusive access to file (as its already in use by other apps like Takedown.exe & ICACLS.exe) or trying to do a low level read/scan of the IEEE 1394 devices.

    The other apps are MS applications (takedown and icacls) and Outpost by default allows MS apps access to system resources.
     
Loading...
Similar Threads
  1. Ibrad
    Replies:
    24
    Views:
    2,400
Thread Status:
Not open for further replies.