WG: Right Click function

Discussion in 'WormGuard' started by A884126, May 25, 2004.

Thread Status:
Not open for further replies.
  1. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    Hello.

    I just bought WG and I found out there is a right click command line. Unfortunately when I click "Scan with WormGuard" nothing happens.

    Did I do something wrong?

    Thanks
    Pete
     
  2. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, A884126

    No you did nothing wrong.

    WormGuard scans in the back ground and you will only get a warning if WG finds something suspicious.

    TheQuest :cool:
     
  3. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    So why the need to add a command into the mousse right click menu? This is pretty confusing...
     
  4. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, A884126

    I think you misunderstand or I did explain right.

    WormGuard work on a Hook, if a Program, file or script tries execute which is suspicious.

    WormGuard POP with a Warning.

    Other than that it sit there do nothing [untill what ever] it is not a running process.

    But if you would like it to scan a file [On demand] that is what the Right Click is for.

    It has no Scan Sceen.

    I hope you fine this of better help.
    TheQuest :cool:
     
  5. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    Got it ! Thanks for your kindly help.

    Cheers
     
  6. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, A884126
    Good glad you have it now.

    It kind of Confusing to understand. o_O

    And even more confusing trying to Explain. [well to me it is :( ]

    PS: Did you find yours it Registered

    Take care now,
    TheQuest :cool:
     
  7. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    You bet my friend!
     

    Attached Files:

    • WG.GIF
      WG.GIF
      File size:
      2.2 KB
      Views:
      173
  8. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Quest - Hello!

    I guess this explains why I could find nothing from WG in my system tray, and no running process. If it's not a running process, then how does it keep a worm from executing? Or does it just detect that something is a worm if I manually scan it with a right-click in Windows Explorer? o_O
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi D & C, It works by hooking into program etc as it starts or is opened, if there is anything suspicious WG will alert you. I believe it heuristically parses the opening file /code and will stop the file from opening before any damage can occur.

    DCS might add a more technically correct response :D

    HTH Pilli
     
  10. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks Pilli!

    I read a number of other threads. I think I understand now: Apparently before a file executes, it asks WG if it's OK to run. WG then scans the file, and responds to the OS. If it responds with an OK, the process is allowed to run; if not you get a warning message.

    I'm assuming that WG scans each and every file the OS tries to run. Sounds impressive to me! :cool:
     
  11. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hello A8 and Dazed and Confused.

    There was a thread I did a long time back about testing WG.

    You guys want to test it?

    1: Open Notepad/or Text Editor you use.

    2: Type anything at all, does not matter in it. Type your name will do.

    3: Now save it, BUT, look at the little Option window [usually at bottom] something like "Save as Type" and select from the drop down menu the "Any file (*.*) option.
    4: For the file name type in [without the quotes] "test.jpg.reg" to any location, Desktop will be fine.
    5: As long as WG Protection has been installed, simply double click to try to open, see what pops up.
    6: You should see a bloody big WG warning window telling you the file has double extension and the 'real' extension is .reg [registry entry].

    You can experiment all you like with it to test.

    Do as above, but this time when saving the file name call it "test.jpg [in here type in a LOT of spaces] .reg

    You will get the same warning, but this time it will also tell you it has excessive spaces.

    That's how a lot of people are caught out with a file. They simply see "test.jpg" think it's a pic, open it but the real extension could be whatever the author named it .com .bat .bin .reg etc.

    You would not see that as the "excess" spaces usually runs the last part of the extension out of the viewing window.

    That's why you should become familiar with YOUR system's Icon images, [diff OS usually slightly diff Icon images]. A jpg image is vastly diff from a .reg one.

    see example of mine. double extension / excess spaces.

    PLUS in my blocked editor's list I have VBS, WSH etc added and I also created a test file with one of those extensions which gives a different warning. See post below with pic.

    Cheers, Adrian.
     

    Attached Files:

  12. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Warning window you get when trying to run a "Blocked" file listing in "BLocked List Editor" section.

    Oh, I changed the wording on mine, LOL....

    Adrian.

    Edit: NOW you can also simply rightclick on any test file, choose Scan with WormGuard and it also will warn you. So you will know your RightClick Context Menu option is also working ;)

    Have fun.
     

    Attached Files:

    • 066.JPG
      066.JPG
      File size:
      36 KB
      Views:
      147
  13. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks, Tassie! I will give it a test tomorrow and let you know! ;)
     
  14. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    No prob D&C :)

    Note the Edit I put in my last post about testing right click option on the test files.

    Cheers, Adrian
     
  15. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Tassie_Devils

    Glad to see you again Tassie, long time no see. [may be it my eyes :D ]

    Very good post and easy for people to understand and test.

    Brilliant at graphics, and a test setter such talent. :eek:

    keep well and take care mate,
    TheQuest :cool:
     
  16. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi TheQuest.

    Thanks, I have been a tad busy, working at my favourite past-time, graphics. :D

    Cheers, TAS/Adrian
     
  17. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Tassie: I don't think it worked. When I clicked on the file, after I got a warning from Process Guard (about allowing RegEdit to run for the first time), I got the message below, which tells me WG didn't work. I then opened WG to ensure protection was enabled, and it was (see second post). :'(

    PS. At least PG is working. :rolleyes:
     

    Attached Files:

    Last edited: Jun 3, 2004
  18. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    See post above...
     

    Attached Files:

    • WG.gif
      WG.gif
      File size:
      13.3 KB
      Views:
      133
  19. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Tassie: More... When I tried the right-click test, it did give me the correct warning (see below). :)
     

    Attached Files:

    • WG2.gif
      WG2.gif
      File size:
      10.6 KB
      Views:
      127
  20. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi D&C:

    That is a mystery. :doubt:

    OK, In my original posts I said to simply save to Desktop as an option and I thought that *maybe* that was the reason it failed to work [very long shot], so I dragged my tests out onto the desktop, but WG 'Warned' me in each case, *but* maybe try putting it into a Folder, although I cannot see any reason, as by your Right Click test warning you already seem to have the file located within a folder?

    But the Right Click context menu works, correct? Good. :)

    I see also in your warning window you did name the file with correctly using double extensions.

    How about you actually change the name of the file to something harmless other the a Registry entry like to "test.jpg.bmp" or .gif being the last extension, simple image formats. See if that works.

    Also, did you add say VBS and WHS to your Blocked List Editor listings and then simply dbl clicking on a "test.vbs" and see if that works and then tring the Right Click context option?

    It's a mystery at the mo which I cannot figure out.

    I will try some more tests personally here.

    Cheers, TAS
     
  21. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    There are my "test" files.
     

    Attached Files:

  22. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    I also tried again. This time on desktop and in folders but with triple extensions... all worked fine.

    Maybe one of the DCS guys can help you out there, in meantime I will continue tring to see if I can duplicate it.

    TAS.
     

    Attached Files:

  23. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Tass: Here is a look at my files. When I double-clicked on the files, WG did NOT warn me at all. Here are the results of the right-click tests:

    • test.jpg.bmp - no warning message :'(
    • test.jpg.reg - warning message :)
    • test.jpg.vbs - warning message, but only because I added .vbs files to the restricted list.
    @#$%^&*()_+!@#$%^&* :mad: o_O
     

    Attached Files:

    • WG7.gif
      WG7.gif
      File size:
      3 KB
      Views:
      115
  24. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    OK, try this...

    Open main GUI, "Remove" the Protection and then re-Install it again.

    Maybe a glitch with that.

    Cheers, TAS.
     

    Attached Files:

  25. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks for trying, Tassie. Same results. :'(
     
Thread Status:
Not open for further replies.