Jump to content

OA starts blocking multiple Windows OS drivers


Baserk
 Share

Recommended Posts

L.S.

Since 2 weeks, Online Armor (free edition) has started blocking Windows OS drivers (Vista x86 SP2) randomly when booting up.

Drivers like mrxsmb.sys, mrxsmb10.sys, mrxsmb20.sys, srv2.sys and srvnet.sys have been blocked when starting the computer.

In the GUI, I have the option to block, allow, run safer etc.

All files have been uploaded to VirusTotal.com and were found clean by 30+ AV/AM scanners, and found clean aswell when scanned with MBAM and HitmanPro3.

What's going on here? No updates have been installed since 14 or 15 november so nothing has been updated regarding the OS.

Also, all of a sudden today, a 'Trusted website' has been added under Main Menu\Web sites.

Are these added automatically by OA?

If so, why and based on what analysis is decided by OA that these sites are safe?

Can I stop this automatic adding of safe websites or am I forced to use this feature?

A recommendation from OA would be nice (with perhaps an explanation why the website is deemed safe) but I don't like it much forced on to me.

I'm using Vista x86 SP2 updated, OA free, Prevx SOL free and Avast free. Prevx and Avast are running with default config.

Regards, Baserk

Link to comment
Share on other sites

^I've understood the explanation from the old OA help pages;

"Domains that resolve to the IP of an existing Trusted entry in the Websites list (or on Online Armor's built-in Trusted list) are also added as Trusted automatically."

After you've cleared the entire list, it checks it's build-in list, f.i download.windowsupdate.com and then also adds mscom-wui-any.vo.msecndnet f.i., right? Has something been changed recently how this works or is it still the same?

For the OS, a whitelist is easy but how are other safe sites defined?

Can that whitelist be edited or disabled to keep the 'Trusted Sites' list limited?

Too late with editing, so an addendum.

Link to comment
Share on other sites

The built in white list of Trusted sites only consists of sites that the Online Armor team has marked as safe :) This list is mostly made up of known safe bank sites. You can disable this white list by ticking "Ignore OA web sites list" in Websites -> Options. Disabling this white list only affects the automatic adding of white listed sites; domains that resolve to the IP of an existing Trusted entry in the Websites list will still be Trusted automatically.

Link to comment
Share on other sites

The built in white list of Trusted sites only consists of sites that the Online Armor team has marked as safe :)

...

Thanks for the reply Catprincess.

Do you know of any bugs that have ever been reported regarding the "Ignore OA web sites list"?

Is it possible to configure/edit the list yourself (or does OA want to prevent possible user errors)?

Any idea about the 'blocking/asking' GUI warning at boot-up of OS files like mrxsmb.sys etc. mentioned in the 1st post?

Regards, Baserk

Link to comment
Share on other sites

Do you know of any bugs that have ever been reported regarding the "Ignore OA web sites list"?

Is it possible to configure/edit the list yourself (or does OA want to prevent possible user errors)?

I'm not aware of any bugs having been reported regarding the "Ignore OA web sites list". If you have "Ignore OA web sites list" ticked and have no other sites listed as Trusted or Protected in Web sites, and are still getting entries added as Trusted automatically, then it could possibly be a bug. There may also be other explanations though. Just as one example, IP's can be also be added as Trusted if they resolve to your DNS server, gateway or a trusted computer from the computers list (in Firewall -> Computers).

I'm not sure I understand your question about configuring the list. It's not possible to configure the internal white list; only to disable it. I'm unsure if that's what you were referring to though?

Any idea about the 'blocking/asking' GUI warning at boot-up of OS files like mrxsmb.sys etc. mentioned in the 1st post?

Unfortunately, I don't really have any ideas to explain this if an OS update hasn't occurred or you haven't restored some saved OA's settings from an earlier time before they were allowed perhaps. Occasionally people have reported this behaviour occurring with these particular files when they have been previously allowed and trusted but I don't know what may cause it to happen.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...