I am asking because I started a DOS program downloaded (it is free) from its site
http://www.adom.de/adom/download.php3
When I run it for the first time, no message pops up asking me if I want it to be run.
Neither it appears in “Waiting for review” list.
Is it normal?
My settings are in my signature :-TU
yes. i had also noticed that DOS programs are not checked by D+, Its agreat lapse.
given the fact many notorious virus are DOS programs written for 16bit though large no of virus are win32
D+ should raise a alert for DOS programs
Adi
What extension do these files have? You can consider adding to filter to check under Image Execution Control Settings.
They are .exe files
I wonder if with version CIS 5.0 RC this is fixed ???
You should first specify what you mean by “Dos program”: $Bill has killed Dos starting with Win NT, and if you try to run a real 16 bits Dos application in gui mode (including the command prompt), you shall receive the message “XXX is not a valid windows 32 application”.
I suppose we are therefore talking not of real Dos mode applications (note that the link of the OP has 2 links for the game, one under Windows and the other one for Dos), but of Windows dos emulation.
In order for these applications to run (and speaking of XP), they must be launched, depending of how they are written, either by ntvdm or wowexec.
Let’s make the test (i am running cis v3, proactive, firewall custom, defense+ paranoid with every parameter checked, xp pro sp3).
Launching the first dos executable i have found in my software collection partition: fdate is a time managing dos utility, running from the command line without whatever installation (other, of course, then specifying the path if not default). (http://www.ferg.org/fdate/index.html, http://brucine.perso.neuf.fr/logs/fdate.zip)
There’s therefore no sense in launching FDATE.EXE, as the correct handling is to use it in batch scripts, something looking like:
:SAVE
Fdate /Ff /Oddmmyy /VDDAY
PATH E:\SHARE\Powerarchiver
POWERARC -a -s -c4 I:\%DDAY%.zip F:\*.*
GOTO END
If, nevetheless, i click FDATE.EXE, it is intercepted by a defense+ request allowing explorer to run ntvdm.
But, you are right, and altough this click only returns informative stuff, the specific dos executable is not recognized as such, but only as a ntvdm generic request.
Now, let’s download the said game (adom_winbeta4).
Launching the game (i am not a gamer, but it’s the dumbest thing i ever saw, no gui, no action, no nothing…) now asks for explorer to execute Adom_winbeta4.exe, it is a normal behavior.
If wanting to run the Dos version (ADOM.EXE in adom111, but why would one want to do that?) i receive the same request than in the FDATE.EXE test.
Isn’t the “issue”, if any, in your CIS version and/or settings?
Even if I run fdate.exe right from my Desktop I get no message.
Any idea which defense+ setting deals with this?
set defense+ to paranoid, check everything in the monitoring settings of the paranoid item.
Even if I set Paranoid, when I click on fdate.exe the program starts and nothing is prompted ???
I have:
-paranoid mode and ALSO all its monitoring settings checked. Didn’t you forget?
-i also suppose that, like me, you have an executable group in your protected files, including exe
-last, my defense+ explorer policy is custom.
I can’t see anything else making this behavior difference (except that i am using cis v3 and not xp home but pro, but xp home also most certainly runs ntvdm, check for its existence under system32).
I tested a new time, running fdate still asks for explorer to run ntvdm: check if your explorer defense+ policy does not allow ntvdm from a previous game (or other dos application).
The only difference with you is that explorer.exe is “Windows System Application” and that such defense+ default setting, at the item “Run an executable”, has “*” among the “Allowed Applications” (see image).
So that can be the difference
http://img409.imageshack.us/img409/856/clipboard02n.jpg
Thanks :-TU
No, i have the same, also checked as “ask”.
Set explorer as “custom” (you shall have, in a first time, a lot of alerts to allow your usual offline applications).
I have at least 15 of them, and i am not a large software eater.
If paranoid, check everything to ask, but if you want to still have some comfort, asking for dns is enough to start with.
OK, thanks again :-TU