Is it possible to say that there is a virus in this program? #1914
-
|
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 1 reply
-
Beta Was this translation helpful? Give feedback.
-
Its not malicious, everything in that screenshot is things that are needed to do what SystemInformer supports doing. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
The setup is an executable and writes an executable into the This project is 15 years old. How does someone abuse Gitnub and Sourceforge for 15 years and nothing ever done about it? We don't write anything into \System32? We don't write anything into \Windows? We don't use ThreadHideFromDebugger? You can't hide from the debugger. We absolutely enumerate storage devices. Windows Task manager shows performance information for disk devices and we have the exact same feature. How are we expected to show disk statistics without first enumerating disk devices? I have no idea what this is. We don't modify the registry or query system information from the registry - All system information gets queried from NtQuerySystemInformation because that's where system information is located. A task manager querying processes is exactly what a task manager should be doing. Since when did improving security become 'suspicious? a) A task manager should be reliable, and this feature is great for preventing legacy software from crashing the application. b) All downloads from the Windows Store are signed by Microsoft and every security product and kernel driver are also signed by Microsoft (including our binaries) - the policy does nothing to stop security products or third party software and is only effective with legacy software predating attestation signing. c) Anyone can enable/disable/override the policy using powershell: https://learn.microsoft.com/en-us/powershell/module/processmitigations/set-processmitigation?view=windowsserver2022-ps Windows doesn't allow Task Managers to manage processes or query process information without various privileges - you've added privileges to your user account for programs to enable and they'll use them because they're enabled.
These sites leave out critically relevant data and get abused to spread misleading information. We've had hundreds of threads and issues full of garbage produced by these websites over the last 3 years and all they've done is mislead people and cause problems. |
Beta Was this translation helpful? Give feedback.
-
Like I said, they are good at what they do (not great, because they tend to misconstrue random actions as entirely different things), but without knowledge of how to read what it tells you, its literally just fear mongering r us |
Beta Was this translation helpful? Give feedback.
The setup is an executable and writes an executable into the
\Program Files\SystemInformer
directory. They could show the exact filename and directory where these files were "dropped" but they don't because these detections are broken and always incorrect.This project is 15 years old. How does someone abuse Gitnub and Sourceforge for 15 years and nothing ever done about it?
We don't write anything into \System32?
We don't write anything into \Windows?
We don't use ThreadHideFromDebugger? You can't hide from the debugger.
We absolutely enumerate storage devices. Windows Task manager shows performance information for disk devices and we have the exact same feature. How are we expecte…