Results 1 to 14 of 14
  1. #1
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    379
    Thanks
    1
    Thanked 29 Times in 24 Posts

    How to fully test your malware defenses


    On Security

    How to fully test your malware defenses


    By Fred Langa

    Here are some safe and easy ways to find out if your PC's anti-malware tools are actually protecting you.

    Do-it-yourself anti-malware testing consists of two parts: proactively probing your PC's defenses using simulated malware attacks, and performing routine verification tests to ensure that your PC remains free of real malware.

    The full text of this column is posted at windowssecrets.com/top-story/how-to-fully-test-your-malware-defenses/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Aug 2016
    Posts
    5
    Thanks
    0
    Thanked 1 Time in 1 Post
    Tried COMODO as recommended. Terrible - very invasive. Tried to uninstall but it leaves remnants such as icon in system tray. COMODO refuses to help even after offered to pay. I am a paid subscriber and followed Windows Secrets and its previous versions all the way back to Infoworld. First time you let me down.

  3. #3
    New Lounger
    Join Date
    Aug 2016
    Posts
    5
    Thanks
    0
    Thanked 1 Time in 1 Post
    After 20 minutes and talking to people at three different phone numbers I found out how to get rid of the COMODO icons and popups. In addition to COODO, the installer creates a GeekBuddy. This shows in the Control Panel >> Uninstall. Removing this apparently gets rid of the rest of the program. Whew!

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    Northern California
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts

    VirusTotal anti-malware engine updates

    I installed Process Explorer and ran the VirusTotal.com test. The test identified a false positive (1 of 43 engines thought there was a problem with a process I had).

    HOWEVER, the file/process in question looked like it was last analyzed, and the engines updated, over 5 years ago (Dec 29, 2010). In reading the VirusTotal FAQs it appears that VirusTotal scans for new updates every 15 minutes.

    My post is to give a heads up to people who, like me, run VirusTotal and think that the test is not current. (At least I hope I made the correct supposition).

  5. #5
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Quote Originally Posted by gbgolfer View Post
    ... the file/process in question looked like it was last analyzed, and the engines updated, over 5 years ago (Dec 29, 2010).
    Can you supply the Virustotal URL for that file please, I'd like to check the description/data given on it?

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    Northern California
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by satrow View Post
    Can you supply the Virustotal URL for that file please, I'd like to check the description/data given on it?
    Here it is:
    https://www.virustotal.com/en/file/d...97ce/analysis/

  7. #7
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Thanks. In this instance, it's because you chose to view the saved data on the file, for scan of your file, there was an alternative rescan function offered just before this result was shown. Try it again and watch the screens carefully for the option.

    The file appears to a daemon process for GConf, an open source system for storing user preferences, ported from Linux to Windows, commonly part of GnuCash.

  8. #8
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Bozeman, MT
    Posts
    328
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Ran virus total once via Process Explorer and many process were recognized. Since then PE has crashed every time I try virus total again.
    Last edited by highstream; 2016-10-15 at 01:28.

  9. #9
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    AppCrashView, from Nirsoft, should give details on the crash, which you could post here or create a new Topic for.

    I suspect it might be related to your existing (or old!) security software, or possibly some errant .dll from an uninstalled software behind it. (I have a similar issue when trying to run Process Monitor but that's a no show - instacrash.)

  10. #10
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Bozeman, MT
    Posts
    328
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Text file of Process Explorer crash with AppCrashView from a couple of hours ago attached. Strange that my runs just now didn't register. Oh well...Thanks,
    Attached Files Attached Files

  11. #11
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Looks like it was a stack-based buffer overrun:
    0xC0000409: STATUS_STACK_BUFFER_OVERRUN
    The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    I can't see what's causing it, nor do I know how to change the VT setting to off, there's no ini configuration file that I can see. Assuming you're using an installed, not Live, version, can you uninstall it, reboot and test again? If it's a Live version, try installing and running it.

    What security software/Anti-Mal/Ransom/ware and firewall are you using? Were you running it as Administrator?

  12. #12
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Bozeman, MT
    Posts
    328
    Thanks
    2
    Thanked 3 Times in 3 Posts
    I'm running virus total from within PE. The first time, which I mentioned ran ok, it took me to VT's site to confirm agreement to terms, although it looked like just showing the page was sufficient because there was no confirmation button. Run as Admin crashes too. I'm running Comodo CIS and MBAM Home Premium.

  13. #13
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    I think MBAM would be more likely to block browser sites, CIS, on the other hand... check their forum for similar issues? Uninstall CIS (using their tool/method) temporarily to test, use Defender + the built-in Windows firewall whilst testing.

  14. #14
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Bozeman, MT
    Posts
    328
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Nothing on Comodo forums. I'm not sure the scan isn't actually running before the crash. In any case, thanks you. I'm not seeing where this little extra is worth the time and trouble relative to the whole process of uninstalling and reinstalling Comodo, plus set up (scans, exceptions, etc.).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •