|
|
Rank: Newbie
Groups: Member
Joined: 11/3/2007
Posts: 5
Points: 15
|
Thanks for providing this comprehensive malware scanner. I have a couple of questions / suggestions:
- Is it possible to add additional entries into the built in white list? This would be really useful for fixing many computers where the same legitimate entries appear time and time again.
- Is it possible to run RunScanner from a bootable CD? This would be a really good way of dealing with rootkits and items difficult to remove in an online environment.
Thanks,
Matthew Green.
|
|
Rank: Member
Groups: Member
Joined: 3/15/2007
Posts: 33
Points: 99
|
I have not tried running RS from a bootable CD but have run it from a flash drive with no problems, so it should run fine from the CD. I thought it was brought up before about the user-added whitelist but I can't find it right now. I think GeertM said that was something he would work on for a future release.
Steve
|
|
Rank: Administration
Groups: Administration
Joined: 2/16/2007
Posts: 141
Points: 192
Location: Belgium
|
An internal list of whitelisted startpages/search engines would be a good addition. I'll open a sticky thread where everybody can post the items they want whitelisted.
 Lansweeper : free software and computer inventory
|
|
Rank: Newbie
Groups: Member
Joined: 11/3/2007
Posts: 5
Points: 15
|
I think it would be really good if legitimate drivers and services could be collectively stored in local white list. When the whitelist option was enabled, drivers and services that had already been validated as being OK would not show up. Maybe this whitelist could also be uploaded to a server so that the whole community could benefit from the validation of existing drivers and services. On an average PC there are dozens of files that aren't imediately obvious as to whether they are legitimate or not and checking them all manually takes a long time. What do others think?
I would be interested to know how people have been able to use RunScanner in an offline environment. What operating system was used and how did you acomplish this?
Thanks,
Matt.
|
|
Rank: Administration
Groups: Administration
Joined: 2/16/2007
Posts: 141
Points: 192
Location: Belgium
|
Quote:What operating system was used and how did you acomplish this?
I don't understand the question.
Lansweeper : free software and computer inventory
|
|
Rank: Member
Groups: Member
Joined: 3/15/2007
Posts: 33
Points: 99
|
I am just guessing, but I think he is wondering how someone can use RunScanner and have it check signatures when not connected to the internet.
Steve
|
|
Rank: Administration
Groups: Administration
Joined: 2/16/2007
Posts: 141
Points: 192
Location: Belgium
|
The internet connection is used for the certificate revocation list (to see if certificates are revoked). I don't use it anymore in the next version.
Lansweeper : free software and computer inventory
|
|
Rank: Newbie
Groups: Member
Joined: 11/3/2007
Posts: 5
Points: 15
|
What I meant was: Has anyone had success running Runscanner from a bootable CD / flash drive and if so how did they do it?
Thanks,
Matt.
|
|
Rank: Member
Groups: Member
Joined: 3/15/2007
Posts: 33
Points: 99
|
As stated before, I have run RunScanner from a flash drive. All I did was copy it to the drive and run the program.
Steve
|
|
Rank: Newbie
Groups: Member
Joined: 12/30/2007
Posts: 4
Points: 12
|
@ Steve (dahli)
There is big difference between running a program from a CD or UFD on the active operating system and running a program from a bootable live system on CD or UFD.
AFAIK, current version of RS can scan only the active system so if you can make it run from bootable CD, it will scan the live system, not the remote system.
JM
|
|
Rank: Administration
Groups: Administration
Joined: 2/16/2007
Posts: 141
Points: 192
Location: Belgium
|
joem wrote:
AFAIK, current version of RS can scan only the active system so if you can make it run from bootable CD, it will scan the live system, not the remote system.
This is correct. If the program gets more popular (wait and see) I'm thinking about the following improvements: - Bart PE support (target a drive for scanning other than the current system drive) - Remote support (for administrator, scan remote system and give back a run file as a result)
Lansweeper : free software and computer inventory
|
|
Rank: Member
Groups: Member
Joined: 3/15/2007
Posts: 33
Points: 99
|
I must have misunderstood what you were asking. RunScanner (as stated) can be run from a bootable cd or flash drive BUT will scan the active system and not the remote system.
Steve
|
|
Rank: Newbie
Groups: Member
Joined: 11/3/2007
Posts: 5
Points: 15
|
It would be absolutely brilliant if Runscanner did support remote scanning. It would be an extremely effective method of dealing with root kits. I have found quite a few instances lately where malware did not show up when running Runscanner within Windows, but was definitely present when booting from a WINPE based O/S and checking the files and registry entries manually. The problem with checking manually is it is extremely difficult to sort the good from the bad, especially since a lot of malware now seems to be present in the form of device drivers rather than entries that load from the the LM-RUN or CU-RUN registry keys.
|
|
Rank: Newbie
Groups: Member
Joined: 12/30/2007
Posts: 4
Points: 12
|
cnfcomps wrote:It would be absolutely brilliant if Runscanner did support remote scanning. It would be an extremely effective method of dealing with root kits. I have found quite a few instances lately where malware did not show up when running Runscanner within Windows, but was definitely present when booting from a WINPE based O/S and checking the files and registry entries manually. The problem with checking manually is it is extremely difficult to sort the good from the bad, especially since a lot of malware now seems to be present in the form of device drivers rather than entries that load from the the LM-RUN or CU-RUN registry keys. What live system do you use? I use UBCD4WIN and there is remote registry program that works most of the time, so I can modify registry on the offline system and also delete bad files that are usually locked by the malware. I am also concerned with rootkit registry keys. I hope that Runscanner makes a big error message is a startup location is hidden from the Windows API. JM
|
|
Rank: Newbie
Groups: Member
Joined: 11/3/2007
Posts: 5
Points: 15
|
Is this the registry redirector program also called RunScanner (http://www.bootcd.us/BartPE_Plugin_Details/235/RunScanner-registry-redirector.html)? It is meant to get programs like HijackThis working in a WINPE environment but I couldent get it working for RunScanner.
|
|
Rank: Administration
Groups: Administration
Joined: 2/16/2007
Posts: 141
Points: 192
Location: Belgium
|
This runscanner has nothing to do with the BartPE plugin. I chose the runscanner name because the domain was still free. I only found out later about the BartPE plugin called "runscanner"
Lansweeper : free software and computer inventory
|
|
Rank: Newbie
Groups: Member
Joined: 12/30/2007
Posts: 4
Points: 12
|
cnfcomps wrote:Is this the registry redirector program also called RunScanner (http://www.bootcd.us/BartPE_Plugin_Details/235/RunScanner-registry-redirector.html)? It is meant to get programs like HijackThis working in a WINPE environment but I couldent get it working for RunScanner. Now I see that the tool I used on the live system is called RunScanner too. Actually it seems it is just a front end to load the standard Windows Registry Editor but using hives from the remote registry. I did not install the plug-in myself, it is all automatic when you build UBCD4WIN live system. The author of UBCD4WIN has license to redistribute BartPE. This live system is a very good tool to have when cleaning Windows XP system.
|
|
|
Guest |
