Is ISR Programs safe to use?

[Spirit]

Program which modify mbr like EAZ-FIX, RollbackRx are safe to use on banking computer?
This types of Program generally flagged as malware by many av so can we trust these types of programs.

Your opinion are welcome.

You can provide links for your agree/non agree comments.

 

[Deleted member 178]

Program which modify mbr like EAZ-FIX, RollbackRx are safe to use on banking computer?
This types of Program generally flagged as malware by many av so can we trust these types of programs.

They are flagged because they modify the MBR , which is a sensible place monitored by AVs.

just set your firewall to block their outbound connections, if you have doubts.

 

[HeffeD]

I voted other, because you can't categorically state that a type of program is safe.

However, RollbackRX is safe. I've never used EAZ-FIX, but I haven't seen any mention of it having questionable attributes.

But as Umbra says, anything that modifies your MBR is going to be considered suspicious by any AV that is able to scan for rootkits, as this is how rootkits operate.

 

[loveboy_lion]

I voted "NO" Since due to some reason if the MBR on the computer running ISR program is modified by some other legit program or dangerous program or due to infection detected in MBR by antivirus in most situation this would make the computer not bootable
I may be wrong but in my personal experience most of the time the computer does not boot ( thats the reason i dont use ISR program cause always had bad experience with them at one point or other)
Thanks

 

[madyrocksin]

Well it depends on a case to case basis, there can't be just a "Yes" or "No"
I used RBR and EAM showed it as a Rootkit/Bootkit, well yes many of us know that's a FP but i tried searching further, basically EAM says its a bootkit because RBR's behavior is very similar to a bootkit/rootkit,
EAM knows that its a FP but still they don't correct this in there database just because it has a similar behavior!!
If you are still not sure about it being safe or not, try uninstalling the program and scan again if your security suite still shows an infection i would suggest not to use that program, the idea is that an unsafe application won't uninstall its infection!!
In RBR's case the FP was removed as soon i uninstalled it !!
BTW thanks to Umbra and Biozfear for telling me that it was a False Positive
Just my experience i may be wrong, plz correct me

 

[bitbizket]

I voted "NO" Since due to some reason if the MBR on the computer running ISR program is modified by some other legit program or dangerous program or due to infection detected in MBR by antivirus in most situation this would make the computer not bootable
I may be wrong but in my personal experience most of the time the computer does not boot ( thats the reason i dont use ISR program cause always had bad experience with them at one point or other)
Thanks

I have the same reason. You may one to check out Keriver 1-Click Restore it's free. I have it as a simple solution if i have a problem in rolling back my system partition but you'll need another drive to create an image or a bootable disk. There isn't a MBR protection software that is free that i can think of but AppGuard does provide a good MBR protection as one of its component.

 

[HeffeD]

EAM knows that its a FP but still they don't correct this in there database just because it has a similar behavior!!

That's because it's potentially exploitable by malware. Most AV's would classify this type of software as a Potentially Unwanted Program. (PUP)

 

[madyrocksin]

had a scan with eset and comodo neither of them showed anything!!
btw could you plz elaborate

potentially exploitable by malware

i mean are you trying to say that after RBR its potentially vulnerable or you mean vulnerable in general

 

[HeffeD]

i mean are you trying to say that after RBR its potentially vulnerable or you mean vulnerable in general

Vulnerable in general. I'm not aware of any malware that specifically targets any rollback software, but if it could, it would have its foot in your MBR.

So basically, many AV's will flag these types of software just because of the potential. Not because they are unsafe.

 

[tipo]

i voted as safe because i really trust rollback rx. it doesn`t matter what av in this world i have in the pc, if i scan the pc after a rollback to a clean state my pc is sure to be secure.from what i know eaz-fix is just a rebranded version of rollback rx so i guess it`s clean too..