Jump to content

Recommended Posts

I just did a quick scan with Malaware.

1.) Online Armor did not know it. lol. (just want to report it)

2.) During scan, it try to create an executable

Created: 04/05/12 19:01:48

Summary: Program Guard: malaware.exe -> ProxyX64Process_18467.exe

Description: C:\Users\Standard User\Desktop\malaware.exe wants to create executable file C:\Users\POL DASMA\AppData\Local\Temp\ProxyX64Process_18467.exe

Event type: Suspicious file(13)

Event action: Blocked(3)

Is it normal? I found it weird so I blocked it.

Link to post
Share on other sites

1.) Online Armor did not know it. lol. (just want to report it)

Did you change any of the whitelisting and trust settings? Did you disable for example to trust digitally signed applications?

Is it normal? I found it weird so I blocked it.

That is normal. 32bit processes can't enumerate 64bit processes correctly. So a native 64 bit proxy process is created that does those jobs for Malaware.

Link to post
Share on other sites

Online Armor will recognize Malaware based on its digital signature. The reason for that is that a new Malaware binary is generated every few minutes so updating the whitelist file in Online Armor simply isn't a viable option. So if you disable the signature checks, Online Armor simply won't know the file.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...