pallino

Behavior blocker - monitoring files

54 posts in this topic

2 hours ago, pallino said:

In general, why check for reputation if then nothing is done with it?

 

Because it makes sense to display the reputation in an overview screen.

2 hours ago, pallino said:

In the case above, why did BB check in "background"for reputation and after getting the bad reputation didn't do anything with it, alert nor block the malware?

1

It didn't. If it had, it would have blocked it. We reworked the overview screen to display processes that finished checking already immediately. That is why processes now pop up over time instead of the screen being empty for a minute and then populate all at once. Your process was simply checked as one of the first.

 

0

Share this post


Link to post
Share on other sites

Fabian,

In the case above BB checked for the reputation since when I disconnected from internet and checked the protection tab BB showed the bad reputation.

BB didn't block it as the malware was still in memory.

Emsi firewall alerted and outbound connectios were blocked.

Why did BB check but not block the file?

It seems something went wrong, or?

 

Thank you

0

Share this post


Link to post
Share on other sites

We do cache results. So if you ever had the file checked before, the returned verdict will be remembered, internet connection or not.

0

Share this post


Link to post
Share on other sites

I didn't, it was a fresh image, but it's not important now since time passed.

Thank you anyway.

 

 

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now