Windows Management Instrumentation

Discussion in 'other anti-virus software' started by bellgamin, Oct 4, 2019.

  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,840
    Location:
    Hawaii
    An option on Stinger (one of my on-demand AVs) is to have it scan WMI (Windows Management Instrumentation). That option is unchecked by default.

    Here is the introductory part of Wikipedia's definition of WMI...

    Hmmm -- should I check-mark this option thereby causing Stinger to scan WMI --- or NOT?
     
  2. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    205
    Location:
    Bulgaria
    WMI can be used for FileLess attacks so in order to detect such entries it is recommended to enable it. MBAM scan for suspicious WMI entries as well.

     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,904
    Location:
    U.S.A.
  4. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    205
    Location:
    Bulgaria
    It seems that TrendMicro moved their PDF to a new location. It is a good read as well:

    The old location is no longer working => https://www.trendmicro.com/media/misc/understanding-wmi-malware-research-paper-en.pdf

    Here is the new location => https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp__understanding-wmi-malware.pdf
     
  5. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,053
    Location:
    Serbia
    The question that needs answering here is why is it deselected by default if it's recommended to have it on?
    This is often the case with rootkit scans as that needs a driver and is time/resource demanding.
    Without trying it out myself, is it the same with WMI scan?
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,840
    Location:
    Hawaii
    I do not know. GOOD question!!!
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.