Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="Deleted member 65228" data-source="post: 699906"><p>Only thing is that multiple products using kernel-mode callbacks, one has to intercept fast. so there's a queue system (e.g. based on altitude). so when using VoodooShield and this app, one of them will get notifications first than the other... but both will still get them to function, just one will be able to do it before another one. After the callback ends for PsSetCreateProcessNotifyRoutineEx, if the CreationStatus entry in a pointer structure passed to the routine is STATUS_SUCCESS, then the operation continues further down the queue and it only gets blocked if the status code is changed (e.g. STATUS_ACCESS_DENIED,, etc.).</p><p></p><p>Assuming this app uses this technique from its driver but I don't see why it wouldn't be because thats the standard documented way for x64 support as well, and this app uses a driver. soooo</p><p></p><p>compatibility issues with products with behavioural detection only tends to show up when both products are doing things like code injection & API hooking, emulation of system service dispatch routines (e.g. KiSystemCallXx with virtualisation) and alike. not for kernel-mode callbacks only if its handled properly... for example F-Secure DeepGuard uses hooks and so does Emsisoft so both Emsisoft BB and F-Secure DeepGuard is likely to conflict. but only if they target the same functions, or if one flags injection attacks from the other AV</p></blockquote><p></p>
[QUOTE="Deleted member 65228, post: 699906"] Only thing is that multiple products using kernel-mode callbacks, one has to intercept fast. so there's a queue system (e.g. based on altitude). so when using VoodooShield and this app, one of them will get notifications first than the other... but both will still get them to function, just one will be able to do it before another one. After the callback ends for PsSetCreateProcessNotifyRoutineEx, if the CreationStatus entry in a pointer structure passed to the routine is STATUS_SUCCESS, then the operation continues further down the queue and it only gets blocked if the status code is changed (e.g. STATUS_ACCESS_DENIED,, etc.). Assuming this app uses this technique from its driver but I don't see why it wouldn't be because thats the standard documented way for x64 support as well, and this app uses a driver. soooo compatibility issues with products with behavioural detection only tends to show up when both products are doing things like code injection & API hooking, emulation of system service dispatch routines (e.g. KiSystemCallXx with virtualisation) and alike. not for kernel-mode callbacks only if its handled properly... for example F-Secure DeepGuard uses hooks and so does Emsisoft so both Emsisoft BB and F-Secure DeepGuard is likely to conflict. but only if they target the same functions, or if one flags injection attacks from the other AV [/QUOTE]
Insert quotes…
Verification
Post reply
Top
