TDS-3 and BOClean

I have recently downloaded a licensed version of TDS-3. I currently have BOClean running resident as my AT. Would I be able to run TDS-3 execution protection as well, or will this cause a conflict? Will this cause a problem on a 1.2 GHz AMD Athlon with 256Mb RAM running Win98SE? Thanks in advance.

 

I have had success with this combination on Windows ME and Windows XP systems. And I don't see there would be a conflict (although if you throw your anti-virus into the mix, it might cause the issues - NOD32 and Norton don't seem to cause problems, however, with both of those ATs running resident).

Best regards,

-Javacool

 

TDS-3 does not have a file system filter driver so it should not be a problem.

As i know or better guess it uses shell extensions (exefile->command->load) in the registry.

If this is true (i assume this)
Then it acts like a filter at application level.
That means TDS gets called with each EXE File which is executed.
TDS Scans the file and if it is clear it starts a new process with the given path+file -> this is then your process/program which should be clean.

Hope this helps
Michael

 

TDS's execution protection is a shell extension, yes (or at least a main component of it is). The dll is set-up up as an administrator approved shell extension (based upon its CLSID) and then is placed under the ShellExecuteHooks key in the registry (again with its CLSID). Since it IS a shell extension based on my tests (or again, at least part of it is), I'm fairly sure it doesn't scan the file then start a new process - it probably just simply scans the file and either tells the system to "pass it on" or to "stop execution", and it won't go any further down the chain (which is a required function or the system can get hung up over that file - shell execute hooks have to return a value).

Best regards,

-Javacool

 

If it's a hook (in your case) or a kernel mutex / spin (driver) you have only to pass the handles as success or failed.
Means for instance you return the value "ACCESS_DENIED" if a backdoor was found - all ok.

 

Thanks to all who have responded and will respond.

 

Octogen, severaql people are using BOClean beside TDS-3 with no problems, being BOC the resident scanner and TDS-3 on demand with the exec protection as a permanet extra.

 

lol yup thats a newbys best combo hmmm will i have had problems with boclean v4.9 tds with windows me

4.10 seems to work fine except in cases of low ram when tds scans boclean it sta;;s for long time in many times it dosent freeze it just seeme like it does cause it takes forever but if you wait it keeps going.

ram seems to be a big issue with tds and boclean working all at once.

but there really no excuse for low ram

for old machince you can get a stick of 256 sd ram for 30 bucks for 60 bucks you can max out your pc

i think at best buy i saw 512 ddr ram or what ever that new rams called for like a 120 bucks that means for like 249 you can have 1024 ram or something crazy like that

of course i see no practicle use for that kind of ram to the max lol

 

Hi,

W 98 SE here.
No problems with BOClean and TDS-3.
Pentium 3, 600 MHZ, 512 MB RAM (and when I had lesser RAM in the past (384 MB): no problem too); motherboard Asus P2B.

PS1: on W98 SE you can have no more than 512 MB RAM.
PS2: be carefull with the kind of RAM you buy; there are lots of different kinds out these days; you have the buy the right kind of RAM for your motherboard.
PS3: Blaze, did you manage to get your RAM problem solved? I really do hope so!!! If you like to tell us, do so in that thread at TenForward which you started not so long ago about it.



Quote from the TDS-3 Helpfile:
[hr]
Execution Protection

Execution protection is a unique system exclusive to TDS-3 and DiamondCS WormGuard that uses a non-resident hook which allows TDS-3 to intercept and scan files as they are executed (but before they are loaded) and actually prevent infection by blocking/aborting the execution if the file was deemed harmful. As the hook is non-resident it uses no extra memory or resources, and it isn't susceptible to the TerminateProcess issue that virtually all other hook mechanisms are susceptible to.

How does it work? When you execute a file, the operating system - before it even loads the file - asks the DiamondCS execution hook "Allow this file to continue processing?", and then waits for a Yes/No response from the hook. This allows TDS-3 to scan inside the file and abort the execution if the file is deemed dangerous or has been identified as a trojan.

 

And to add some more:

right this moment while posting running BOClean, TDS-3 Execution Protection and AMON from NOD32.

 

Thanks again, javacool, Gladiator, Jooske, MrBlaze and FanJ. I now have TDS-3 up and running with exec protection installed. No problems with programs running resident (Kerio, NOD32, IEClean, BOClean and Proxomitron). I look forward to learning more about this powerful tool. Thanks again!

 

well what you want to know where all here now lol

 

Blaze,

If BOClean keeps giving you problems, you could try the following. Kevin once told it me, and I just saw it mentioned again in a thread at the GRC-forum where someone posted the same trick which Kevin told him.


1. Shutdown BOClean.
2. Open the file boclean.ini (located in the directory C:\windows ) in NOTEPAD
3. Under the [Prefs] heading add the following new line:
Memtiming=200
4. Then hit SAVE (instead of "Save as" in the file item up top) and then stop.
5. Restart BOClean.

This will make BOClean to wait 200 milliseconds.

 

Hey Octogen, looking forward seeing you in the private DCS forum too then soon! Lots to learn there too!

 

Häh ?

Don't make me nervous,man.Thought,my TDS-3 is the tornado-deluxe-defender.
What do you mean by "permanent extra" ?

Hank

 

Ah yes - like Norton AV in the morning,Kaspersky at high noon and in
the evening all together now.Makes sense - especially for the ram-sellers.

- Hank-

 

Hi hank and welcome.

Yes, Paul is correct. Even though a lot may run an extra app for AT, I consider TDS to be the Primary, Secondary and Back-up for AT's.

I do not run a secondary app for AT's at all, but that's me.

In conjunction, I also run Wormguard. No other anti-worm there either. [Apart from the overlap that AV's provide]

However, I do run a primary AV plus a secondary one [new, in Alpha stage, GladiatorAV ~ GAV] as it specialises in getting deeeep into unpackers, compressors, etc. and "DeCrunches" them no end.

Feel free to ask any questions you like re TDS, WG, etc. as there are many talented people in here to help you in any way they can.

Do not be afraid to ask a "foolish" question, as Paul's [and my] motto is: The only "Foolish" question is the UNASKED one, lol.

EDIT ~ ALSO: If you are looking for more security/cleanup/nice apps [FREE] go to:
https://www.wilderssecurity.com/showthread.php?t=5970;start=30

and read my post. Also javacool has just realeased a great new proggy as well called SpywareGuard [stops installation of spyware in conjunction with SpywareBlaster] available also in download section of this site.

Cheers, TAS

 

Thanks, Jooske. Look forward to visiting that forum!