Nick 10 Posted November 10, 2011 Report Share Posted November 10, 2011 Hello, Could you please tell me which of the following two files contains the Emsisoft's digital signature blacklist (digital signatures that have been used in connection with fraudulent or malicious activities in the past): a2trust.dat or a2wl.dat? Thanks, N. Quote Link to post Share on other sites
Fabian Wosar 390 Posted November 10, 2011 Report Share Posted November 10, 2011 a2trust.dat . Quote Link to post Share on other sites
blues 1 Posted November 10, 2011 Report Share Posted November 10, 2011 FWIW, I'm showing that "trust" was last updated on 11/1 whereas "a2wl" was last updated this morning. (Running XP Pro SP3) I hope that this is current? Quote Link to post Share on other sites
Nick 10 Posted November 10, 2011 Author Report Share Posted November 10, 2011 a2trust.dat . Thank you very much for your quick reply, Fabian. I've asked because (due to this recent issue) I'm temporarily disabling the following option: In addition, automatically trust programs signed with valid digital signatures. Unfortunately the file that contains the Emsisoft's digital signature blacklist it's also the one that is not being updated. Best regards, N. Quote Link to post Share on other sites
blues 1 Posted November 11, 2011 Report Share Posted November 11, 2011 Any further info regarding when the last time the "trust" file was updated? I'm still showing November 1 for "trust" though "a2wl" was updated again last night just after 11 pm. (As a result I've taken the same step as Nick has in disabling the option to automatically trust programs with "valid digital signatures".) Thanks in advance. Quote Link to post Share on other sites
dallas7 1 Posted November 11, 2011 Report Share Posted November 11, 2011 This is an interesting thread and now my curiosity is tweaked... Just to be clear, we're discussing the "Date Modified" date stamp. Right? I notice these dat files exist in two places in each of my OA++ and OAP installs: in the Online Armor root folder and the a2 subfolder. As of this posting the stamps for a2trust are respectively 9/27 and 3/25 in OAP and 10/19 and 10/24 in OA++. FYI, run and update Emergency Kit (a2emergencykit.exe) and that file is 10/24. I have had In addition, automatically trust programs signed with valid digital signatures always enabled since installing OA on my two systems for the first time early in October. Does that needed to be disabled in order for a2trust.dat to get updated? And is it my understanding that the blacklist is handled by a file named a2trust.dat? Cheers. Quote Link to post Share on other sites
blues 1 Posted November 11, 2011 Report Share Posted November 11, 2011 I did a clean install of OA (Free) three or four days back. It appears that a2wl.dat is being updated nightly around 11 pm local time. (If the a2trust.dat file has been updated I've seen no indication since the fresh install.) As of the time of this post, here is what I have for each: a2trust.dat: fcbaeda2193291712a7158f353052d87 a2wl.dat: 7c7643f82a675574d0c0f7396df60ce1 AFAIK, you don't need to disable the blacklist option for it to be updated, this should be automatic. Nick and I disabled it so as to not have OA make decisions based upon (possibly) obsolete data. Quote Link to post Share on other sites
catprincess 19 Posted November 11, 2011 Report Share Posted November 11, 2011 I don't think the blacklist updates are as frequent as the whitelist updates - they would only need to be updated when a certificate was found to be being abused and had to be added whereas new certificates to add to the whitelist would be occurring daily or thereabouts. This can be seen in the fact that the blacklist file (a2trust.dat) is much smaller than (the whitelist file (a2wl.dat). Quote Link to post Share on other sites
blues 1 Posted November 11, 2011 Report Share Posted November 11, 2011 Makes purr-fect sense, Cat. Hopefully we can get some confirmation on the md5 hash so we can verify whether we are up to date or not. Thanks for chiming in. Quote Link to post Share on other sites
catprincess 19 Posted November 11, 2011 Report Share Posted November 11, 2011 The details of the a2trust.dat file that is present on my installation of 5.1.1.1395 are as follows: File size: 28087 bytes MD5: fcbaeda2193291712a7158f353052d87 SHA1: cd5b68aaacfc1f6b996a97ee83e89a78604fa7b2 Quote Link to post Share on other sites
blues 1 Posted November 11, 2011 Report Share Posted November 11, 2011 Thanks, Cat, I too have the same MD5 and file size on my installation of 5.1.1.1395 Quote Link to post Share on other sites
Nick 10 Posted November 12, 2011 Author Report Share Posted November 12, 2011 We posted file details in this recent thread. However, having received no official confirmation, I assumed that I've been having an issue with the a2trust.dat file update. Quote Link to post Share on other sites
Rob R. 20 Posted November 12, 2011 Report Share Posted November 12, 2011 a2wl.dat and a2trust.dat updates are mentioned here: http://www.emsisoft.de/a2/changelog/antimalware/ Seems to me the last update for a2trust.dat was 2011-09-27 15:30 The Date Modified or Date Created is different on our systems If the file is replaced during an upgrade install or created during a fresh install of OA. Quote Link to post Share on other sites
Nick 10 Posted November 12, 2011 Author Report Share Posted November 12, 2011 Thanks, ctrlaltdelete. Could we infer that the a2trust.dat file ( 2011-09-27 15:30, MD5: fcbaeda2193291712a7158f353052d87) is up to date, or not? You may know about the recent DigiCert Sdn. Bhd. affair. Should we expect a file update soon? - I'm asking because I'd like to be sure that it's really working. Regards, N. Quote Link to post Share on other sites
catprincess 19 Posted November 12, 2011 Report Share Posted November 12, 2011 We posted file details in this recent thread. However, having received no official confirmation, I assumed that I've been having an issue with the a2trust.dat file update. In the thread you refer to, the hash you posted of your a2trust.dat matched the hash that Fabian posted for that file. I'm not sure I understand why you'd think there was a problem with that file in this case? Quote Link to post Share on other sites
Nick 10 Posted November 12, 2011 Author Report Share Posted November 12, 2011 Because originally there was an update issue that was fixed - see this post - so, after the fix, we confirmed that a2wl.dat was up to date but a2trust.dat was not (i.e. the file had never changed since my OP). At that point Andrey asked us about the MD5 of the file (MD5 after the update and MD5 after the upgrade) - see this other post - and we replied. No more info or confirmation at that point. This is the reason why I thought there was a problem with that file - and I was not the only one. Quote Link to post Share on other sites
catprincess 19 Posted November 12, 2011 Report Share Posted November 12, 2011 Referring to that thread, I don't see any evidence that there was ever an issue with your a2trust.dat file. The hash you posted matched the one that Fabian posted for reference. a2wl.dat was the file that wasn't up to date on your system - your hash did not match Fabian's. This issue is what I think was being referred to as now having been fixed. You should be receiving daily (or thereabouts) updates to a2wl.dat and would see this listed in History as two entries one after the other titled "Automatic update" - "New threat database has been downloaded and installed" and "New version of Online Armor components has been downloaded as installed". The same message occurs if there is an update to the blacklist though. Quote Link to post Share on other sites
stapp 153 Posted November 12, 2011 Report Share Posted November 12, 2011 When it says 'New version of Online Armor components has been downloaded and installed' most people will take this to mean that it is some kind of update to OA itself and not just a signature and rules update. If the bubble just said that a new threat database had been downloaded (as it says in history) it would not be so misleading to a user. The very fact that this thread exists and the confusion that surrounds both the files and the info given via OA popups shows, in my view, that it perhaps could be handled better. Quote Link to post Share on other sites
Rob R. 20 Posted November 13, 2011 Report Share Posted November 13, 2011 If the message "New version of Online Armor components has been downloaded an installed" would be changed to something like "Update installed successfully" there would be no confusion. Seems to me that's an easy solution. If other components are updated and a reboot is required another pop-up about the required reboot will appear anyway. To get rid of the extra message after the a2wl.dat update only, will require a lot of coding. Quote Link to post Share on other sites
Nick 10 Posted November 13, 2011 Author Report Share Posted November 13, 2011 Just to clarify - and sorry once again for my English - I've never had any problems with the interpretation of those messages. I thought that the update issue was not yet solved in my case, just because no one in the other thread has (officially or not) said: "Hey Nick, don't worry, your a2wl.dat file is up to date!". If other components are updated and a reboot is required another pop-up about the required reboot will appear anyway. Not sure if you get that reboot pop-up if OA is password-protected and the GUI still locked, though. I should check. Quote Link to post Share on other sites
catprincess 19 Posted November 13, 2011 Report Share Posted November 13, 2011 Just to clarify - and sorry once again for my English - I've never had any problems with the interpretation of those messages. I thought that the update issue was not yet solved in my case, just because no one in the other thread has (officially or not) said: "Hey Nick, don't worry, your a2wl.dat file is up to date!". Do you see daily entries in History with the messages I mentioned earlier? If you do, then your a2wl.dat file is definitely updating. Those entries in History only occur when updates were found and installed. The date modified time stamp of a2wl.dat (located in the root directory of the Online Armor folder, not the one located in the A2 folder) should also be changing approximately every day (depending on your update settings)- for example, at the moment mine is showing today's date as it just updated a hour or so ago. The blacklist (a2trust.dat) hasn't changed since I installed 5.1.1.1395 but the changelog that ctrlaltdelete posted earlier doesn't list any blacklist updates since then so I wouldn't expect the date modified to have changed on that file at this time. You can verify this by looking at the changelog http://www.emsisoft....og/antimalware/ and searching the page for "Trust check signatures" you'll see the most recent date and time for this phrase (which refers to a blacklist update) listed as: 2011-09-27 15:30:Trust check signatures (revised) Signatures to verify digitally signed files If you search the same page for "Whitelist signatures" you'll see the most recent date and time for this phrase (which refers to a whitelist update) listed as: 2011-11-13 00:58:Whitelist signatures (revised) Signatures for known good applications Quote Link to post Share on other sites
Nick 10 Posted November 13, 2011 Author Report Share Posted November 13, 2011 Do you see daily entries in History with the messages I mentioned earlier? If you do, then your a2wl.dat file is definitely updating. Those entries in History only occur when updates were found and installed. The date modified time stamp of a2wl.dat (located in the root directory of the Online Armor folder, not the one located in the A2 folder) should also be changing approximately every day (depending on your update settings)- for example, at the moment mine is showing today's date as it just updated a hour or so ago. I'm sorry for this but when I posted my latest message I accidentally wrote "a2wl.dat" instead of "a2trust.dat" (I'm not able to edit it). What I really meant to say was that unfortunately no one in the other thread told me (officially or not) my a2trust.dat file was up to date. The blacklist (a2trust.dat) hasn't changed since I installed 5.1.1.1395 but the changelog that ctrlaltdelete posted earlier doesn't list any blacklist updates since then so I wouldn't expect the date modified to have changed on that file at this time. Thank you very much for having clarified the matter. As stated earlier, I was simply waiting for a confirmation or alternatively for useful directions when I started the aforementioned thread and kept posting on it. Now I have both. Regards, N. Quote Link to post Share on other sites
catprincess 19 Posted November 13, 2011 Report Share Posted November 13, 2011 You're welcome Nick Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.