I feel I'm doing this correctly. I ran a scan and it lists the MD5 of the file(s) it sees. I choose the MD5 for the file I want to block or allow.
In this case I have 'ninja loader.exe' that kicks on at startup. It also appears to spawn chrome.exe multiple times as elevated.
The scan shows MD5 C57DB0EE407DE704004A48B93B3B58C3 for ninja loader.exe - adding this to the global list as 'bad' does nothing new.
I have now added 110 various files to the global bad list. I 'updated' the configuration on the client (set to a 15 min interval) and ran a full scan.
Same thing.
This is on a test VM, Windows 7 Pro SP1, no update or patches. I went to cnet and just started clicking on the adverts and installing whatever came up.
Thoughts or direction?
thanks,
John
Userlevel 5
Hello I work in the Enterprise Support Department. It sounds like you may be applying the override to a policy. I don't recommend choosing a policy when creating the override, if you do it will only apply to machines in that policy. If you don't select a policy it will apply it to all the machines in the console. Please try creating the Override without assigning it to a policy. Also note that override changes apply when you run a scan, so a scan will have to be run in order to detect these changes.
But the file you are worried about isn't malicious. Virustotal.com is a excellent file reputation database where you can submit file hashes or upload the files themselves.
If you think the machine may be infected I suggest opening a ticket at our support website so we can investigate properly.
But the file you are worried about isn't malicious. Virustotal.com is a excellent file reputation database where you can submit file hashes or upload the files themselves.
If you think the machine may be infected I suggest opening a ticket at our support website so we can investigate properly.
In the console, in the 'Global Settings' --> overrides and I have clicked add. I understand that the global settings override any policies. It seems this is broken to me.
I the MD5 is running, will it kill it off?
I see this a virus and want it to never run. A file that runs on startup, then spawns chrome.exe a ~dozen times over and chews up memory is a virus to me. I don't see what 'good' it does.
Thanks for the virustotal website, but I want this program to die. It does nothing good. I'm also testing to make it it works properly. It doesn't seem to.
I the MD5 is running, will it kill it off?
I see this a virus and want it to never run. A file that runs on startup, then spawns chrome.exe a ~dozen times over and chews up memory is a virus to me. I don't see what 'good' it does.
Thanks for the virustotal website, but I want this program to die. It does nothing good. I'm also testing to make it it works properly. It doesn't seem to.
Userlevel 5
Was a scan run after the overrides applied?
Also, why not just delete the file? Is something else placing it?
I think it would be best to get a support ticket in on this.
Also, why not just delete the file? Is something else placing it?
I think it would be best to get a support ticket in on this.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.