"Real-time Infiltration Detection" in WinPatrol Plus

Started by fileless1, January 09, 2015, 12:46:03 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

fileless1

January 09, 2015, 12:46:03 PM
Does the WinPatrol Plus "Real-time Infiltration Detection" feature detect the malicious creation of an Autostart registry entry that contains javascript instead of file references; i.e., fileless persistent malware such as certain versions of Poweliks and Phase Bot?

I welcome responses containing factually supported answers of the question asked. 

*  *  *  * 
Poweliks information selected sources (links still correct at the time of this posting) --
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html
http://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-malware-hides-in-windows-registry/ 


Corrine

#1
January 09, 2015, 02:45:44 PM
Hi, fileless1.  Welcome to LandzDown Forum.

If you haven't seen it, information regarding the "Real-time Infiltration Detection" feature in WinPatrol PLUS is available here:  http://www.winpatrol.com/rid.html  All of the startup files listed are either .exe or .dll files.  I do not know if WinPatrol PLUS has been tested against an encoded autostart registry key.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Rednose

#2
January 11, 2015, 02:36:07 AM
Interesting :)

Maybe we can get some input from Bret, or ( forgive me, as I am a longtime user ) Bill here ?

Greetz, Red.
Print
Go Up Pages1
User actions