strange firewall alert

Discussion in 'other firewalls' started by jima, Sep 10, 2004.

Thread Status:
Not open for further replies.
  1. jima

    jima Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    94
    Hi,
    I have a question regarding something I read on another forum. It did not happen to me, but I did not understand the response given to the poster. It seems he was concerned about his antivirus program when he received this warning from his firewall as he was running a virus scan:

    Application Hijacking has been detected
    The application: C:\Program Files\Alwil Software\Avast4\ashSimpl.exe try to launch another application: C:\Program Files\Internet Explorer\iexplore.exe to go to remote host sa.windows.com

    He didn't say what firewall he had.

    I do not understand exactly what was occurring here but I have this antivirus program and am somewhat concerned. Any response would be appreciated. Thank you
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    I know what is going on, and I don't even run that firewall that assumed it was malicious. He launched the manual scanner, and it launched a help window, well the program automatically connected to that site on its own, the scanner didn't tell the program to goto that site.

    This is a false positive.

    On the launch of IE to display the help file, it went to sa.windows.com which means search assistant.... Its a default behavior.
     
  3. jima

    jima Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    94
    thank you very much for your concise reply.
     
  4. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I think it is tiny firewall hence the sentence:

    Application Hijacking has been detected
    The application: C:\Program Files\Alwil Software\Avast4\ashSimpl.exe try to launch another application: C:\Program Files\Internet Explorer\iexplore.exe to go to remote host sa.windows.com
     
  5. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    You're wrong, I know that alert is by Sygate Personal Firewall. (www.sygate.com )
     
  6. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    that is why I said: "I think" maybe you should have said that too. because now you sound a little..ah forget about it.

    the problem here is tiny firewall uses practically the same warnings when some process is spawning another process. and the only two firewalls I remember can control spawning are Tiny and Zonealarm.

    But if you say it is sygate then OK, no prob.

    it could be :D
     
  7. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    these are one of the million warnings regarding spawning etc


    Application:IEXPLORE.EXE
    Access:Injecting code into other processes
    Object:SetWindowsHookEx(MsgFilter,ThreadId=0,Modul
    e=C:\WINDOWS\system32\SHELL32.dll)


    it looks like the same structure a bit...
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.