I feel I'm doing this correctly. I ran a scan and it lists the MD5 of the file(s) it sees. I choose the MD5 for the file I want to block or allow.
In this case I have 'ninja loader.exe' that kicks on at startup. It also appears to spawn chrome.exe multiple times as elevated.
The scan shows MD5 C57DB0EE407DE704004A48B93B3B58C3 for ninja loader.exe - adding this to the global list as 'bad' does nothing new.
I have now added 110 various files to the global bad list. I 'updated' the configuration on the client (set to a 15 min interval) and ran a full scan.
Same thing.
This is on a test VM, Windows 7 Pro SP1, no update or patches. I went to cnet and just started clicking on the adverts and installing whatever came up.
Thoughts or direction?
thanks,
John
Hello I work in the Enterprise Support Department. It sounds like you may be applying the override to a policy. I don't recommend choosing a policy when creating the override, if you do it will only apply to machines in that policy. If you don't select a policy it will apply it to all the machines in the console. Please try creating the Override without assigning it to a policy. Also note that override changes apply when you run a scan, so a scan will have to be run in order to detect these changes.
But the file you are worried about isn't malicious. Virustotal.com is a excellent file reputation database where you can submit file hashes or upload the files themselves.
If you think the machine may be infected I suggest opening a ticket at our support website so we can investigate properly.
But the file you are worried about isn't malicious. Virustotal.com is a excellent file reputation database where you can submit file hashes or upload the files themselves.
If you think the machine may be infected I suggest opening a ticket at our support website so we can investigate properly.
In the console, in the 'Global Settings' --> overrides and I have clicked add. I understand that the global settings override any policies. It seems this is broken to me.
I the MD5 is running, will it kill it off?
I see this a virus and want it to never run. A file that runs on startup, then spawns chrome.exe a ~dozen times over and chews up memory is a virus to me. I don't see what 'good' it does.
Thanks for the virustotal website, but I want this program to die. It does nothing good. I'm also testing to make it it works properly. It doesn't seem to.
I the MD5 is running, will it kill it off?
I see this a virus and want it to never run. A file that runs on startup, then spawns chrome.exe a ~dozen times over and chews up memory is a virus to me. I don't see what 'good' it does.
Thanks for the virustotal website, but I want this program to die. It does nothing good. I'm also testing to make it it works properly. It doesn't seem to.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.