I thought defense+ could block a trojan...

I thought defense+ could block a trojan… :THNK

then I download a trojan in http://www.testantivirus.net/

I didn’t receive any alert and crashed my windows. :o

I’m using CIS 3.8 with proactive mode and d+ with all settings enabled.

I get a nice “Trojan Shutdowner” AV alert on it so AV catches it…
My Firefox alerts it would like to save a Kzhfpunr.exe…
I’m not gonna test the rest on D+ only at the moment on my production system :-))

Can you tell me what test procedure you used, step by step ?

I suspected my software a-squared real time was not working.

I just download and execute that file to test, and I thought d+ would ask me then I would block it.

It didn’t alert me and in few seconds my windows gonne. :stuck_out_tongue:

Neither a-squared nor superantispyware realtime got it.

Pops up fine here (I blocked both as I got a bit scared when you told me what this baddie does) ;)… (images attached)
Do you have the AV installed? :slight_smile: As it too finds it…

[attachment deleted by admin]

Okay, downloaded with what browser ? did you save it or chose run/open directly ?

Mmm looks like it’s attacking guard32.dll from CIS…

Firefox, and yes got a “would you like to run…”…

Ofc CIS would "probably and most likely pop a lot more if not clicking block to those… =)
But I didn’t feel like experimenting! :wink: :smiley: It died anyway, and could not run thanks to CIS.

So Defense+ did block it, right? It has to be either or.

I try to click “download” from the testing page http://www.testantivirus.net/ , and CIS realtime scanner popup a window detecting a “TrojWare.Win32.Trojan.Shutdowner.ayp[at]6614762”
And asking the action: “Quarantine” “Remove” or “Ignor” it.

I Select “Remvoe” it.

Therefore, CIS can catch it.

and thats the beauty of CIS…
World’s first Default Deny system utilising Layered Security…(layered security is the key…)
Why bother the user with HIPS alert if AV detects it already, hence making user experience more pleasant.