Why use Boclean?

I’ve been using boclean a couple of years. I’ve used kevin’s software many years. Boclean seems to do nothing for me. I used the setup instructions as listed on the setup page. I’ve had several trojans (or what ZA Suite says are trojans. Boclean seems to sit in the traybar quietly blinking and has never found anything. It has never asked me about anything so i don’t know if it works. I had one trojan (a keylogger) that ZA found so I went to the forum and the response was it was a commercial release so Boclean didn’t cover it. Someone put a keylogger on my machine (!) and boclean decides I don’t need to know? Do I have something set wrong? Am I not suppose to get some type of warnng at some point with Boclean?
I can’t figure out what it’s suppose to be doing. ZA is the only thing working?

Hi LOFYmOkr,

Are you sure that those “trojans” were real “wooden horses” of just FPs by ZA?
and then I hope you don’t believe in all ZA tells you… - it is not the best one (my personal opinion).
at least don’t remove straight away all those declared infected by ZA be careful

Actually when BOClean is silent it is good sign.
When rarely something was not detect or detected but turned to be FP…well it happens to any security SW.

And finally is you want to “hear” from BOClean… just ran known and new tests from time to time.

My regards

Not so sure of what ZA’s doing there … there’s only so many ways to do a kernel interrupt and intercept keystrokes before they’re passed up the chain. Tell me a bit more about this, promised I’ll be amused. :slight_smile:

When my buddy Marcus was deep in it, we had a lot of great time together. I won’t call FP here, but would like to hear a bit more in the details since pretty much every way of grabbing keystrokes from the kernel is well monitored. But if there’s something I’m missing, I can certainly blame it on “old age.” Heh.

Hi guys,
Good to see I can still count on you guys for help!
Here is the last scan item from ZA Security Suite.
Decription Anti-spyware found one or more spyware packages
Date / Time 2008/05/02 15:43:44-4:00 GMT
Type Scan
Category Trojan
Name Win32.Trojan.Dropper.Agent.hl
Action Found
Mode Manual

I scan once a week for vir and troj. This is the second time in a few weeks ZA ran across something. The time before this I looked the item up on this website and it said that it was a commercial keylogger so was not included in Boclean protection. I didn’t save the log file so can’t give anymore info about that one. I had ZA delete both times and went on about my business. Then started wondering why Boclean never gave me information about either one in real time. That is the reason for the post. I never shut it down so was looking for more info about the program.
By the way, what is the best firewall software in your opinion? Not being a smart a**. I’d like to think I have the best protection I can.


Hi LOFYmOkr :slight_smile:

Why use Boclean ? People who I recommand the little program to always ask me that, and the answer is very simple :slight_smile:

Most malware executables today are packed or obfuscated, so that means they are very hard - or even not readable for virus scanners. But BOClean continuously scans the memory, and as soon the malware unveals it self BOClean jumps into action and kills it. That is why it is a great back up for any virus scanner :slight_smile:

Greetz, Red.

Is there a simple way to explain the difference to a traditional AV? Why is the BOClean monitoring more accurate than the traditional monitoring? I thought AV monitoring was supposed to catch anything that revealed itself - just like BOClean is supposed to do.

Getting back to the original question, I guess one can say that BOClean is a great complement to AV software since not all programs can have all signatures. That’s why I’ve recommended BOClean.


Sorry that I’m a bit overloaded at the moment and don’t have time for the nuances, but best way to explain it is that antiviruses are designed to work at the FILE level … better antiviruses can examine files more deeply, have perhaps an “emulator” or other “heuristics” that may or may not help, but in the end EVERY AV (even ours) does its thing by stopping a file from loading, and then examining it in hopes of matching a signature of some sort TO that file before it is allowed to be loaded/run.

BOClean was always designed on a philosophy of “you already HAVE an antivirus” … if the FILE wasn’t detected as harmful, then BOClean will sit there like a bouncer inside the lobby and whatever gets past the front door is OURS. We do a MEMORY scan of a process which has already loaded and begun to execute. Once it’s actually started up, all of those obfuscations at the file level are no longer in use since a computer can ONLY execute a valid program. And to BE valid, any obfuscations must be completely disarmed by the program to allow it to run. So BOClean goes in at THAT level and gives anything which runs a “second opinion.” And yes, we also check associated files and connections after the fact as well … in case the AV misses it. That was ALWAYS the purpose of BOClean, and why it’s proven so useful for over ten years now. :slight_smile:

Thanks a lot Kevin, that’s a summary even I can understand. :slight_smile:


You’re MOST welcome! That was easy! Heh.

But yeah, that was the basis of the original design, and surprised that after 10+ years now it’s still needed.

Kev, I am not surprised because I have seen the difference it made for peepz I recommended BOClean. Nowadays AV’s are loosing the battle, and because HIPS solutions are not suitable for everyone, BOClean could make a difference :slight_smile:

Greetz, Red