Jump to content

Malware add a VPN, OA Free don't inform me


TMA86
 Share

Recommended Posts

Hi all,

I test sometimes some malwares on a VM (VMlite, xp pro sp3 up) to see how OA is working.

I have seen that more and more malwares are adding a VPN and OA Free (don't known for ++ and premium)

seems to do not inform the user about that...

A soft adding a VPN without my knowledge is a very suspicious activity.

I known OA protect the host but, someone can answer me if some version of OA protect the VPN area? Same for DNS area, OA protect modification of DNS server on my network?

thanks :)

Link to comment
Share on other sites

I have seen that more and more malwares are adding a VPN and OA Free (don't known for ++ and premium)

seems to do not inform the user about that...

A soft adding a VPN without my knowledge is a very suspicious activity.

Can you explain a little more what you mean? You are executing some malware and when OA asks you, you Allow it to run? It may help if you could provide screenshots indicating exactly what you are allowing and what exactly it is that OA isn't prompting you about.

I known OA protect the host but, someone can answer me if some version of OA protect the VPN area? Same for DNS area, OA protect modification of DNS server on my network?

I am not sure if you are referring to a VM or a VPN here. If you are running VM's, you would need to install OA inside the VM if you want the VM to have protection.

OA doesn't protect your Windows DNS settings from being changed. However, the paid versions of OA offers a DNS checker to ensure that you are not being redirected to phishing websites designed to look like your banking website.

Link to comment
Share on other sites

Hi,

1/ I allow only the samples to run and create .exe, i block only suspicious actions flagged by OA as red pop up (direct access disk, etc)

2/ After that i check the network properties and see that a local proxy was added silently without an OA hips alert (possibly by tweaking reg key)

So my question is: OA HIPS can alert when a soft is adding a local proxy or not???

Link to comment
Share on other sites

Hi,

1/ I allow only the samples to run and create .exe, i block only suspicious actions flagged by OA as red pop up (direct access disk, etc)

2/ After that i check the network properties and see that a local proxy was added silently without an OA hips alert (possibly by tweaking reg key)

So my question is: OA HIPS can alert when a soft is adding a local proxy or not???

Hi TMA86,

Could you please send a sample of such malware to oasupport (at) emsisoft (dot) com with a link to this thread in the message body?

Thank you in advance,

Best regards,

Andrey.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...