WG: Right Click function

Hello.

I just bought WG and I found out there is a right click command line. Unfortunately when I click "Scan with WormGuard" nothing happens.

Did I do something wrong?

Thanks
Pete

 

Hi, A884126

No you did nothing wrong.

WormGuard scans in the back ground and you will only get a warning if WG finds something suspicious.

TheQuest

 

So why the need to add a command into the mousse right click menu? This is pretty confusing...

 

Hi, A884126

I think you misunderstand or I did explain right.

WormGuard work on a Hook, if a Program, file or script tries execute which is suspicious.

WormGuard POP with a Warning.

Other than that it sit there do nothing [untill what ever] it is not a running process.

But if you would like it to scan a file [On demand] that is what the Right Click is for.

It has no Scan Sceen.

I hope you fine this of better help.
TheQuest

 

Got it ! Thanks for your kindly help.

Cheers

 

Hi, A884126

Good glad you have it now.

It kind of Confusing to understand.

And even more confusing trying to Explain. [well to me it is ]

PS: Did you find yours it Registered

Take care now,
TheQuest

 

You bet my friend!

 

Quest - Hello!

I guess this explains why I could find nothing from WG in my system tray, and no running process. If it's not a running process, then how does it keep a worm from executing? Or does it just detect that something is a worm if I manually scan it with a right-click in Windows Explorer?

 

Hi D & C, It works by hooking into program etc as it starts or is opened, if there is anything suspicious WG will alert you. I believe it heuristically parses the opening file /code and will stop the file from opening before any damage can occur.

DCS might add a more technically correct response

HTH Pilli

 

Thanks Pilli!

I read a number of other threads. I think I understand now: Apparently before a file executes, it asks WG if it's OK to run. WG then scans the file, and responds to the OS. If it responds with an OK, the process is allowed to run; if not you get a warning message.

I'm assuming that WG scans each and every file the OS tries to run. Sounds impressive to me!

 

Hello A8 and Dazed and Confused.

There was a thread I did a long time back about testing WG.

You guys want to test it?

1: Open Notepad/or Text Editor you use.

2: Type anything at all, does not matter in it. Type your name will do.

3: Now save it, BUT, look at the little Option window [usually at bottom] something like "Save as Type" and select from the drop down menu the "Any file (*.*) option.
4: For the file name type in [without the quotes] "test.jpg.reg" to any location, Desktop will be fine.
5: As long as WG Protection has been installed, simply double click to try to open, see what pops up.
6: You should see a bloody big WG warning window telling you the file has double extension and the 'real' extension is .reg [registry entry].

You can experiment all you like with it to test.

Do as above, but this time when saving the file name call it "test.jpg [in here type in a LOT of spaces] .reg

You will get the same warning, but this time it will also tell you it has excessive spaces.

That's how a lot of people are caught out with a file. They simply see "test.jpg" think it's a pic, open it but the real extension could be whatever the author named it .com .bat .bin .reg etc.

You would not see that as the "excess" spaces usually runs the last part of the extension out of the viewing window.

That's why you should become familiar with YOUR system's Icon images, [diff OS usually slightly diff Icon images]. A jpg image is vastly diff from a .reg one.

see example of mine. double extension / excess spaces.

PLUS in my blocked editor's list I have VBS, WSH etc added and I also created a test file with one of those extensions which gives a different warning. See post below with pic.

Cheers, Adrian.

 

Warning window you get when trying to run a "Blocked" file listing in "BLocked List Editor" section.

Oh, I changed the wording on mine, LOL....

Adrian.

Edit: NOW you can also simply rightclick on any test file, choose Scan with WormGuard and it also will warn you. So you will know your RightClick Context Menu option is also working

Have fun.

 

Thanks, Tassie! I will give it a test tomorrow and let you know!

 

No prob D&C

Note the Edit I put in my last post about testing right click option on the test files.

Cheers, Adrian

 

Hi, Tassie_Devils

Glad to see you again Tassie, long time no see. [may be it my eyes ]

Very good post and easy for people to understand and test.

Brilliant at graphics, and a test setter such talent.

keep well and take care mate,
TheQuest

 

Hi TheQuest.

Thanks, I have been a tad busy, working at my favourite past-time, graphics.

Cheers, TAS/Adrian

 

Tassie: I don't think it worked. When I clicked on the file, after I got a warning from Process Guard (about allowing RegEdit to run for the first time), I got the message below, which tells me WG didn't work. I then opened WG to ensure protection was enabled, and it was (see second post).

PS. At least PG is working.

 

See post above...

 

Tassie: More... When I tried the right-click test, it did give me the correct warning (see below).

 

Hi D&C:

That is a mystery.

OK, In my original posts I said to simply save to Desktop as an option and I thought that *maybe* that was the reason it failed to work [very long shot], so I dragged my tests out onto the desktop, but WG 'Warned' me in each case, *but* maybe try putting it into a Folder, although I cannot see any reason, as by your Right Click test warning you already seem to have the file located within a folder?

But the Right Click context menu works, correct? Good.

I see also in your warning window you did name the file with correctly using double extensions.

How about you actually change the name of the file to something harmless other the a Registry entry like to "test.jpg.bmp" or .gif being the last extension, simple image formats. See if that works.

Also, did you add say VBS and WHS to your Blocked List Editor listings and then simply dbl clicking on a "test.vbs" and see if that works and then tring the Right Click context option?

It's a mystery at the mo which I cannot figure out.

I will try some more tests personally here.

Cheers, TAS

 

There are my "test" files.

 

I also tried again. This time on desktop and in folders but with triple extensions... all worked fine.

Maybe one of the DCS guys can help you out there, in meantime I will continue tring to see if I can duplicate it.

TAS.

 

Tass: Here is a look at my files. When I double-clicked on the files, WG did NOT warn me at all. Here are the results of the right-click tests:

• test.jpg.bmp - no warning message
• test.jpg.reg - warning message
• test.jpg.vbs - warning message, but only because I added .vbs files to the restricted list.

@#$%^&*()_+!@#$%^&*

 

OK, try this...

Open main GUI, "Remove" the Protection and then re-Install it again.

Maybe a glitch with that.

Cheers, TAS.

 

Thanks for trying, Tassie. Same results.