What does EULAlyzer do with System?

Discussion in 'other firewalls' started by sofarsogood, Aug 28, 2006.

Thread Status:
Not open for further replies.
  1. sofarsogood

    sofarsogood Registered Member

    Joined:
    Aug 28, 2006
    Posts:
    6
    Location:
    Beijing, China
    EULAlyzer sounds like a great idea. I just downloaded and installed it from the javacool site, but when I started it up my firewall (Jetico) identified it as a dangerous process:

    Suspicious process activity : attacker writes to application's memory : System : C:\Program Files\EULAlyzer\eulalyzer.exe

    Suspicious process activity : attacker injects own code into application : System : C:\Program Files\EULAlyzer\eulalyzer.exe

    I can't see any reason why a program like EULAlyzer should be mucking with System. Can anyone suggest what is going on here? I assume EULAlyzer is not a viruso_O?

    rwy
     
  2. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I think as long as your system is clean before you install that program it's just ok. Sometimes firewall alerts you for that, just allow coz you know that a program is trusted. ;)

    Eulalyzer is used to analyze the eula or agreement before you install any programs. :cool:
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hello sofarsogood,

    As you can see I have moved your thread to our firewall forums in hopes that our knowledgeable jetico folks can possibly assist with why jetico is flagging Javacool's EULAlyzer and help explain what it means by "attacker writes to application's memory"

    Bubba
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi sofarsogood,
    I am just downloading the EULAlyzer now to see what Jetico is flagging,.....

    Edit/update:
    The EULAlyzer is executed, then starts a second instance of itself, and then (from my quick check) writes to that (its own) applications memory location. You can/need to allow this for the program to function correctly.

    I will make further checks later, but you need not worry about this (for this program).
     
    Last edited: Aug 30, 2006
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have checked on this. Jetico is not being specific on what system memory is being changed. On further checks,... eulalyzer.exe writes to "eulalyzer.exe" (own application). it then injects msvbm60.dll(mouse monitor).

    So I can confirm, there is no problem with this from this application.

    ____
    Stem
     
Loading...
Thread Status:
Not open for further replies.