Jump to content

fiveover

Members
  • Content Count

    14
  • Joined

  • Last visited

Posts posted by fiveover


  1. Well well :shock:

    Have just done a full clean install onto new HW XpSP3 fully updated

    Mindful of IE hole as announced ;; they are shite !!

    Very careful re updates: installed scanners, made images etc etc etc

    One of the last things I did, ( maybe should have been earlier ) was install and register my SAS.

    Updatyed and ran a scan: HEART ATTACK... F@@K ME.

    Then read a bit and looked a bit closer...

    Scanned with all the second tier products...all clear

    Could not find any of the files mentioned in the log.

    Application Version : 4.23.1006

    Core Rules Database Version : 3677

    Trace Rules Database Version: 1656

    Scan type : Quick Scan

    Total Scan Time : 00:05:30

    Memory items scanned : 419

    Memory threats detected : 0

    Registry items scanned : 351

    Registry threats detected : 0

    File items scanned : 4645

    File threats detected : 1137

    Rescanned = same :shock:

    Looks like every detection in the db ?? scanned the db itself ??

    OK will reboot and try again and get back to you..

    Regards


  2. Yes.

    It's a hips notification as 'suspicious' on run and can be authorized per event which takes it out of Quarantine.

    Does not stop install/updates.

    Full scan does not show any 'malware'

    I have no idea how their hips is specifically configured: (there are only very general options for user) : reg modification ?? as notifier

    I have Sophos @ home as part of company deal: not really sure if Sophos is ideal for home user: famous (?) for false positives.

    Not sure if I'll get any response.

    Not a major problem here, just thought it could go in the kb.

    Regards.


  3. We are taking it into serious consideration to detect the keyloggers but set them to notify/warning and not auto-remove. The user can then make the choice what to do with the keylogger.
    I think that would be great.
    The explanation for the detected KL would have to be very informative, otherwise it's just going to confuse the average user.

    Agree, but not necessarily too verbose; if 'you' didn't put it there it ain't a good thing. Correct me if I am wrong but there is no reason to have KL like functions in any regular utility, although some may have similar functions.

    Fifficult not to confuse a real beginner, but they could always post here.

    Maybe add a little warning: "if you aren't sure about this then; Quarantine and check with the forum"

    If the SAS detector found something like Hoversnap or snagit or other screen capture type proggie doing its' thing by name; that should be no problem; if it's something you dont know :x .

    I am not smart enough to know how to do this stuff, but I have come to have great faith in SAS.

    Regards.


  4. Nick et al

    I know KL's are many and difficult and many might be regarded as legitimate commercial tools and applications for same even going to security of home systems ....but....as per here:

    http://www.wilderssecurity.com/showpost ... stcount=11

    I think if its not too difficult, that an "detect/exclude/remove" option would be nice.

    There seems to be many KL mals with identical methods to legit tools.

    I assume that the any "dropper' app for the KL would be detected and we could reasonably expect out HIPS type tools to stop unauthorised outbounds.

    I would be happier leaving it to you to detect these rather than trust other tools as default. :D

    Thanks

×
×
  • Create New...