kupo 0 Posted May 4, 2012 Report Share Posted May 4, 2012 I just did a quick scan with Malaware. 1.) Online Armor did not know it. lol. (just want to report it) 2.) During scan, it try to create an executable Created: 04/05/12 19:01:48 Summary: Program Guard: malaware.exe -> ProxyX64Process_18467.exe Description: C:\Users\Standard User\Desktop\malaware.exe wants to create executable file C:\Users\POL DASMA\AppData\Local\Temp\ProxyX64Process_18467.exe Event type: Suspicious file(13) Event action: Blocked(3) Is it normal? I found it weird so I blocked it. Quote Link to post Share on other sites
Fabian Wosar 390 Posted May 4, 2012 Report Share Posted May 4, 2012 1.) Online Armor did not know it. lol. (just want to report it) Did you change any of the whitelisting and trust settings? Did you disable for example to trust digitally signed applications? Is it normal? I found it weird so I blocked it. That is normal. 32bit processes can't enumerate 64bit processes correctly. So a native 64 bit proxy process is created that does those jobs for Malaware. Quote Link to post Share on other sites
kupo 0 Posted May 4, 2012 Author Report Share Posted May 4, 2012 The "Automatically trust programs that Emsisoft deem trustworthy" is left ticked. Although I did unchecked the digitally signed file.Thanks for the information. Quote Link to post Share on other sites
Fabian Wosar 390 Posted May 4, 2012 Report Share Posted May 4, 2012 Online Armor will recognize Malaware based on its digital signature. The reason for that is that a new Malaware binary is generated every few minutes so updating the whitelist file in Online Armor simply isn't a viable option. So if you disable the signature checks, Online Armor simply won't know the file. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.