Is it safe to run a virus/spyware infected program if the program is configurated as an “Isolated Application” in Defense+?
An Isolated Program is not allowed to do anything, including run
That’s the whole point, it prevents malware from altering your system in any way.
I can run an “Isolated Application” in my computer with Defense+ set in Safe Mode.
Sorry, my bad 88)
I don’t usually test malware, so I’m not sure about this. I would assume that it would be safe, as long as you have a a backup image or something.
I’d wait for a answer from someone who actually knows for sure, first
I have just tried it. You cannot even run a blocked application.
My mistake, I was thinking of blocked application. An isolated application can run but do nothing that is protected.
I’ve set a text editor as “Isolated Application”.
I can run the editor, use it to open text file, edit the file and save the modified file.
Is it normal or expect behaviour for an “Isolated Application” ???
Who knows? The help file doesn’t actually mention what the policy for an isolated application is. (Not that I could find anyway)
If an application is trying to create a new file with a random filename e.g. “hughbasd.dll” then it is probably a virus and you should block it permanently by selecting Treat As Isolated Application (third down in the graphic below).
Quote from help file all I could find it appears this stops it creating new files.
This is normal. The editor will work as long as it does not do anything that is monitored by defence+. Then it will be blocked.
I’ve marked all to be monitored in defence+ monitor setting.
However, I can still create a new file with .dll file extension with the editor treated as an “Isolated Application” ???
Can anyone of you repeat this in your computer?
Have you got .DLL in the executables group in my protected files?
No, I don’t. But I’ve not changed anything in my protected files list.
It is really strange that an “Isolated Application” can access and change other files.
Is it a bug? ???
That seems to be a question only the developers can answer as there is no definition of ‘isolated application’ in the help file as I have already mentioned. I believe in that case, only they can say whether or not it is behaving as intended.
I now tend to think it is a bug as once I delete the editor from the computer security policy list, Defense+ start to monitor the program and pop me for actions.
However, even I block its actions, the program PROCEED as normal.
Defense+ may not be function properly in my PC .:o
Sorry for bother you all.
If the editor is isolated you will get no pop-ups. It will be blocked silently. I have just made my editor isolated and when I try to save xxx.dll it fails with no pop-up. I do have *.dll in my executables group.
It depends on what you block. If you block a direct disk read pop-up it will proceed as normal as the direct disk read is a false positive. This is a bug in direct disk read detection.
Is is NOT safe for sure. You never know when a malware is going to bypass CFP Defence Plus.