Events Not Functional For Avc And Ids

coolcool1227
coolcool1227 ✭✭✭
in General

IDS and AVC detected some software executables as malicious and I allow them, but there is no indication in Events of both.

Comments

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Could you please provide me more details about the application? A download link would be great.


    Thank you.

  • coolcool1227
    coolcool1227 ✭✭✭

    Kindly see the attachments.

    post-31288-1330103760_thumb.jpg

    post-31288-1330103823_thumb.jpg

    post-31288-1330103846_thumb.jpg

  • rootkit
    rootkit ✭✭✭

    Hello ONT :)


    For processes that are added to the Exclusions lists, the Event module will not generate entries.


    Please send me a download link so I can test this to see if it is reproducing.


    Thank you.

  • coolcool1227
    coolcool1227 ✭✭✭
    edited February 2012
    Hello ONT :)


    For processes that are added to the Exclusions lists, the Event module will not generate entries.


    Thank you.


    Don't you consider this an Event? What if I falsely added malicious process to Exclusions list?


    Hello ONT :)


    Please send me a download link so I can test this to see if it is reproducing.


    Thank you.


    All softwares were downloaded from their Official Websites.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    You can send me any suspicious files so I can send them to our labs.


    If the verdict is INFECTED for that file and you want to add it to the Exclusions list, it's your risk.


    That's we recommend users not to add any file that is flagged by the product to that list.


    Thank you.

All Time Leaders

Categories

Defenders of the month