Author Topic: admnfd.sys  (Read 4862 times)

Offline zOn3k

  • Comodo Family Member
  • ***
  • Posts: 51
admnfd.sys
« on: January 28, 2015, 04:29:11 AM »

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: admnfd.sys
« Reply #1 on: January 28, 2015, 08:42:22 AM »
Are you sure it was detected as a Trojan and not possibly unwanted program? It seems to be part of privdog, it's probably the driver that enables https support.
Because of the way that PrivDog enables HTTPS filtering I would agree with the PUP/riskware rating, but not Trojan.
I support privacy and freedom online - eff.org

Offline zOn3k

  • Comodo Family Member
  • ***
  • Posts: 51
Re: admnfd.sys
« Reply #2 on: January 28, 2015, 09:19:10 AM »
Yes detected as a trojan i am sure...
The Bitdefender engine detected it...
Look on Virustotal https://www.virustotal.com/el/file/18a974988a3c412b22dc25bff66e6a03e289b82db3fc42bc329d5d64a289d6a3/analysis/1422428861/

Is safe to use?

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: admnfd.sys
« Reply #3 on: January 28, 2015, 11:14:45 AM »
Ah, well I wouldn't say it's a trojan, unless they know something I don't.

It may be safe to use or it may not be safe to use, however due to the way PrivDog supports HTTPS filtering (messing with the certificates) I would personally say it's not worth it, there are other applications that does filtering as extensions in a less intrusive way.
I support privacy and freedom online - eff.org

Offline Netguy101

  • Comodo's Hero
  • *****
  • Posts: 1479
Re: admnfd.sys
« Reply #4 on: January 28, 2015, 11:29:25 AM »
Detection ratio: 22 / 57

If anything it's suspicious and should make you question Privdog.

Offline RandomPerson1000

  • Comodo Loves me
  • ****
  • Posts: 191
Re: admnfd.sys
« Reply #5 on: January 28, 2015, 12:07:06 PM »
Detection ratio: 22 / 57

If anything it's suspicious and should make you question Privdog.

Yep, something's fishy here. I wouldn't just discard this as a FP.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25157
Re: admnfd.sys
« Reply #6 on: January 28, 2015, 08:39:41 PM »
I believe that Comodo has no ill intentions and that when examining the activity of PD no rogue behaviour will be found.

To me that shows that detections like Trojan Generic are a bit too generic for their own good. Assessment that it is riskware, potentially unwanted or adware are closer to the truth.

Offline zOn3k

  • Comodo Family Member
  • ***
  • Posts: 51
Re: admnfd.sys
« Reply #7 on: January 29, 2015, 09:27:55 AM »
Can i use it without any risk for me?

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: admnfd.sys
« Reply #8 on: January 29, 2015, 09:44:57 AM »
I'd argue you can't use any program at all without risk, although in the case of PrivDog the risk may be bigger.
I support privacy and freedom online - eff.org

Offline captainsticks

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11198
    • Comodo Help
Re: admnfd.sys
« Reply #9 on: January 29, 2015, 06:07:21 PM »
I'd argue you can't use any program at all without risk, although in the case of PrivDog the risk may be bigger.
Hi Sanya,
I guess the question could be a bigger risk than what?
I am certain there are more dangerous programs than PD out there.

Kind regards.

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: admnfd.sys
« Reply #10 on: January 30, 2015, 02:22:13 AM »
Hi Sanya,
I guess the question could be a bigger risk than what?
I am certain there are more dangerous programs than PD out there.

Kind regards.

Iunno, figured bigger in general in contrast to software rated as safr, simply because it messes with the certificates, if a program can exploit PrivDog then it could potentially read HTTPS sites in clear text without replacing the certs itself and then we suddenly have two points of failure, the browser and PrivDog.
Now I can't prove that and don't actually know that if that can happen but I'd rather not find out by experience.

Off-topic I'd argue it's worth it to uninstall PrivDog if only to see the original certificates in the browser, but that's a subjective thing I guess.
I support privacy and freedom online - eff.org

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25157
Re: admnfd.sys
« Reply #11 on: January 30, 2015, 11:54:02 AM »
Iunno, figured bigger in general in contrast to software rated as safr, simply because it messes with the certificates, if a program can exploit PrivDog then it could potentially read HTTPS sites in clear text without replacing the certs itself and then we suddenly have two points of failure, the browser and PrivDog.
Now I can't prove that and don't actually know that if that can happen but I'd rather not find out by experience.
The same would be true for av scanners which also has adapted this technique.

Quote
Off-topic I'd argue it's worth it to uninstall PrivDog if only to see the original certificates in the browser, but that's a subjective thing I guess.
I haven't seen people advice to uninstall av programs because of this technique.

When having CIS installed, which may be true for a lot of PD users, it is hard to take over any program by malware.

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: admnfd.sys
« Reply #12 on: January 30, 2015, 12:45:00 PM »
The same would be true for av scanners which also has adapted this technique.
I haven't seen people advice to uninstall av programs because of this technique.

When having CIS installed, which may be true for a lot of PD users, it is hard to take over any program by malware.

I wouldn't use any av scanner that uses this technique either, again that's just my opinion.

I can only hope they don't add this technique to CIS or if they do they give us a clear way to disable it.
I support privacy and freedom online - eff.org

Offline zOn3k

  • Comodo Family Member
  • ***
  • Posts: 51
Re: admnfd.sys
« Reply #13 on: February 01, 2015, 03:59:01 AM »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25157
Re: admnfd.sys
« Reply #14 on: February 01, 2015, 11:39:07 AM »
Privdog is not a malware but an ad blocker which may also show selected ads.  It is not a trojan or otherwise malicious.

Most of the detections are now for Adware, Grayware GrayWare[NetTool:not-a-virus], potentially unwanted program (yontoo.c), heurtistic detection, Artemis, that could be a false positive. Making it something people may not appreciate but not malware.

Knowing Privdog is not a malware I am confident to say that the two detections that classify it under generic trojan signatures are false positives. Let's wait for people to report that to the av makers.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek