I have Defense+ set to safe mode and i downloaded and installed “kryptos 2 professional.msi”
With Defense+ i have always been given some kind of alert with every program i have installed but this one installed without an alert. It seemed strange so checked “my own safe files” and there are five entries listed for this program. The program isn’t part of my trusted venders list and since it didn’t ask for permission i was just wondering how it was able to do it.
Does it have something to do with the .MSI extension because i tried the same file with an .EXE extension and got dozens on alerts.
Does the program have a digital signature? if so the vendor might be in the trusted vendors list if its not signed it is probably in the cloud whitelist. Check your defense + logs, if the program is in the cloud whitelist it will say scanned online and found safe then it will be automatically put in the trusted files list.
@wasgij6 thanks for the response.
The program does have a digital signature but it isn’t in my trusted vendors list. I only have Comodo, Mozilla, PeerBlock and Malwarebytes.
I switched Defense+ to paranoid mode and installed the program again. I got the same alerts that i had with the .EXE extension in safe mode. When i checked the process list it was listed as trusted but the online lookup says that it’s unknown. I guess since .MSI is a “Windows Installer Package” and Defense+ is trusting Windows it means that everything this program does is trusted by default.
As long as no one has figured out a way to fake a signature and pack it into a malware filled .MSI file i guess everything should be ok.