Strong Monitor of Panda

I have used Panda Titanium 2006 more than three months. Panda is very stronger. I don't know whether or not Panda is still using Sygate Firewall. Maybe Panda firewall is a "Application Gateway", because in Tcpview I find that all connections are established through an Internet resident proxy, Panda's "WebProxy.exe". It makes surfing speed a little slow down, because the proxy need to check each connection.

In addition, Panda warns BOClean perform a "Dangerous action"
I downloawed a trojan simulator to test my BOClean. It is a zip file. I extracted it then Panda pop up showing it is a trojan and asked to delect it. I chose exclusion. Then I run the trojan simulator. BOClean caught it and asked to remove. I clicked OK, A message showed me that "BOClean has encountered a problem and needs to close."
The following is Panda's log:

Tracking program detected 05/26/06 13:12:40
Notified Location: c:\documents and settings\xxxxxx\trojansimulator\tsserv.exe

Tracking program detected 05/26/06 13:12:43
Notified Location: c:\documents and settings\xxxxxx\trojansimulator\trojansimulator.exe

Suspicious operation 05/26/06 13:13:10
Blocked Application: C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOC421.EXE - Operation: Deny if some application try to modify Winlogon Shell Application

Suspicious operation 05/26/06 13:13:15
Blocked Application: C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOC421.EXE - Operation: We deny modification of HOSTS file (C:\WINDOWS\system32\drivers\etc\hosts). We have blocked an attempt to modify hosts file.

Suspicious operation 05/26/06 13:13:20
Blocked Application: C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOC421.EXE - Operation: We deny modification of HOSTS file (C:\WINDOWS\system32\drivers\etc\hosts). We have blocked an attempt to modify hosts file.

Suspicious operation 05/26/06 13:13:25
Blocked Application: C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOC421.EXE - Operation: The Disable registry Tools, and Windows File Protection keys can't be modified by any applications. Some Malware use this key to avoid delete the keys created or modified by them.

Suspicious operation 05/26/06 13:13:30
Blocked Application: C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOC421.EXE - Operation: The Disable registry Tools, and Windows File Protection keys can't be modified by any applications. Some Malware use this key to avoid delete the keys created or modified by them.

 

Since August 2004 Panda has TruPrevent technologies - behavious analysis technologies which are much inproved in 2006 and may be they are Panda's greatest feauture. In 2006 TruPrevent not only analysis the behaviour but it also has another components . It includes:
1) Heuristic scan
2) Behaviour analysis
3) Kernel policy rules

As you can see one of the many Kernel policy rules is connected to fully protecting Windows HOSTS files . You received an error message (the program needs to close) because TruPrevent killed the process

 

I know that very well . Don't worry

 

Thanks for your demonstrate.

 

You're welcome