WSA Keylogging me attempts, Plus

Discussion in 'Prevx Releases' started by CloneRanger, Oct 11, 2012.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    According to these alerts from Zemana anyway. Yesterday i got this one around the same time WSA asked me to type in my password to allow a "supposed" malware www

    narod.png

    Fair enough i thought, but out of curiousity to see what happened, i clicked BLOCK, but did NOT create a Rule. WSA accepted my PW & i perused the www with no ill affects. So i "presumed" the Zemana alert was for "something" else & the timing was "perhaps" a "conincidence!

    On booting up this evening, with no internet conection, i received a Different WSA KL attempt from Zemana.

    wsa -z.png

    Once again i clicked BLOCK, & did NOT create a Rule. A few seconds later the alert reappeared, & i did the same.

    As soon as went online i now got this alert !

    inject.png

    WSA updated yesterday to V8.0.2.20, & before this i don't recall having the same issues. Any clues why these should now be occurring ? I'm "presuming" it's related to the update ?
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Nothing that significant has changed in the last update - these are just FPs from Zemana. WSA has to inject code/monitor keystroke reading to protect the system.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ PrevxHelp

    FP's ! i'll keep my eyes on things.

    Funny thing though, before the update i didn't get the Inject alert ?
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It's probably just because the hash changed from it being a new version.
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Ahh, yes, never thought of that ! I suppose it could be.

    Thanks for your quick replies ;)
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Hi CloneRanger,

    FWIW, I am running ZA, but I have WSA allowed, automatically, so I guess that is why I don't get those popups. ;)

    ScreenShot_WSA_ZA_01.jpg
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Tarnak

    Hi, thanks for your reply :)

    I found that i had allowed CI from an earlier version after all !

    ci.png

    So PrevxHelp is correct :thumb: it's due to a new Hash value ;)

    Still watching out for the KL alerts, none today, so far :thumb:
     
Thread Status:
Not open for further replies.