I find a on polish website SpyShelter simulation for testing for example keyloggers:
link for this testing software - http://www.spyshelter.com/download/AntiTest.zip
It's rather strange that WR automatically add this app to "allow processes" under "system control"
and let this software to capture all traffic on the my keyboard.
Please let me know what you think about this guys and why this is trust app?
Best answer by PetrovicView original
"Please let me know what you think about this guys and why this is trust app?"
I know that this so called test didn't create any additional file and didn't try send this logs outside but still.
This file is not a threat.
In any case, you can set the option "monitor" or "block" via WSA
The testing tools are not simulating malware accurately.
JoeJ VP Endpoint Solutions Engineering :
"In any event, screen grabbers and keyloggers are almost irrelevant these days when it comes to real malware. Threats are using much more advanced techniques which is what WSA focuses on protecting: man in the browser attacks, memory injection, system call hooking, and a myriad of other approaches. They tend to not use the obvious ones like screen capture/keylogging because they generate too much data and are too easy to detect as malicious behaviors. WSA excels at blocking the most advanced techniques and has been doing so for years without any threats bypassing it."
Happy to help
Best regard, Petr.
What I read about that hack is that they used a vulnerability of unpatched version of MS Word, but also inserted key loggers and transmitted screen grabs about every 2 seconds.
B.t.w. I get no warning from WR when running key_sim from Zamana, that test just collects all keys I type and even macro generated inputs. The test does not collect Password inputs generated by LastPass.
What does happen though, is that after a boot I cannot run that test again. I wonder whether that somewhat late blocking is done by WR. The message I get is something like windows cannot find the path or you may not have access. Renaming the directory containg that test exe, enables running it again.