I have a small concern about buffer overflow detection would pop-up while un-installing a program.
In details, I was un-installing 3D mark Vantage on my Windows 7 64bit and just before uninstaller finishes, Defense+ warns me about explorer causing a buffer overflow.
I forgot which software but I did encounter a same behavior while finishing uninstall on other software as well. (Probably saw couple times in the past which made me curious)
I’m curious if this would be normal behavior or some glitch in CIS, tho I doubt it…
(Using, latest CIS 3.13.125662.579 64bit on Windows7 with no other antivirus/firewall installed.)
When you get the Buffer Overflow alert it found a BO and the alert gives you the opportunity to decide if you trust the program and allow or not. When you know the program is from a trustworthy source you can allow it as we can expect there will be no malware in it trying to exploit the BO.
It basically found a bug in the program that it alerted for.To make it even stronger, a software maker uses the BO protection as bug tester (among other tests I guess)…
funny, I had such an alert two days ago for the first time, while uninstalling a program in Win7/64 as well. At the contrary, no pop up at all while installing. I knew what it was so I just dismissed the warning. But I got no idea what triggered it.
So does it mean that even a trust worthy program may potentially cause BO which Defense+ detected?
My other concern is that Defense+ BO alert always gives me “explorer.exe” as an source application of the warning. I made sure that my OS is virus/malware free and 3D Mark Vantage was downloaded from legit source.
out_law
Hi, did it give “explorer.exe” as a source of BO? (which would be a same behavior to mine…)
Anyhow no biggy, just wanted to let the dev folks know about the behavior I’ve encounter not just once but in several occasions.
Hi, did it give "explorer.exe" as a source of BO? (which would be a same behavior to mine...)
[b]yes[/b], absolutely ;) ...too bad, I had a screen shot of the alert but I deleted it before I found this thread. I knew the program that triggered the alert and I thought it didn't matter after all. But since you got the same thing exactly, there must be something wrong going on with Def+ in a Win7/64 environment...but I've had this only once so far...
Exactly. The BO phenomenon is often used as an entry to install malware on your system without your consent. But because programs will have bugs you may incidentally trigger a BO alert. To know whether to allow it or not make sure you trust the source you downloaded the crashing program from and make sure your system is free of malware. When you know your system is safe you can let BO detection ignore the event.
My other concern is that Defense+ BO alert always gives me "explorer.exe" as an source application of the warning. I made sure that my OS is virus/malware free and 3D Mark Vantage was downloaded from legit source.
out_law
Hi, did it give “explorer.exe” as a source of BO? (which would be a same behavior to mine…)
Anyhow no biggy, just wanted to let the dev folks know about the behavior I’ve encounter not just once but in several occasions.
Even Explorer can have unresolved bugs. You might want to consider submitting the bug to Microsoft.
I have seen several BO alerts somewhere in the near past for Microsoft Excel on Win 7 32 bits. I am not convinced that this shows shortcoming of CIS.
