When I open Daemon Tools (Lite), Defense+ alerts DT is trying to execute shellcode injection.
I have used DTLite.exe many times before. And the file’s digital signature is still valid. I’ve always had CIS 5 installed. The exe file and the company signature are both whitelisted by Comodo.
I wonder why DT is only now trying to inject shellcode. Even when it is a false positive.
Installed DT is version 4.35, it’s not the latest. However, I downloaded the latest version 4.40 and when I tried to open the installer D+ gave the same alert.
I don’t dare to allow it to pass yet. What do you think? Anyone else using DT with CIS recently?
I can exclude it in D+, however I don’t want to do that for now since I didn’t have to before.
Some things must have changed very recently and I don’t know what. Might have been since a recent update to CIS 5.3? Because the shellcode injection alert also comes when I try the latest DT Lite installer (v4.40).
Have tried scanning with several antivirus scanners, and everything came up clean.
If anybody can help me test installing DT Lite on your PC with CIS 5.3, is there an alert? Thanks.
There is a Skip option, I haven’t done that though. I’m still thinking that there is something wrong.
Well, at this moment I don’t think Daemon Tools is a non well programmed program
And the fact is it was okay before, and it hasn’t changed. I mean my installation of DT hasn’t changed. I run it under limited user access, so I’m guessing that it cannot update itself (?). Signatures seem okay, and it is being ‘trusted’ by CIS (the online lookup).
Not sure what to do now. No day to day programs should be allowed to do shellcode injection, right?
Shellcode injection has nothing to do if DT is safe or not. WoW, Startcraft II and Battlefield are other safe programs that give buffer overflow which can cause the computer crash and CIS wants to prevent such event.
If I were you I would worry to much about it and just add it in exclusions; it’s safe program.
it’s hard to determine if a shell code injecting is bad or not. I therefore suggest that you make research before you install that certain application.
If you want some tips where to begin tell me and I will reveal my big secret ;D
No. A program that has a buffer overflow bug will not cause the computer to crash. And it’s probably not even a buffer overflow of any kind in the first place, since D+ cannot detect such things.
Since I haven’t got any buffer overflow I can’t attach a screenshot of what it says but I do know that it will says that buffer overflow can cause crashes (I might of course be wrong).
;D