what we can do there? i have seen some ransoms that are able to start in safe mode. so, if not catched by BB how EAM will behave in that scenario. I have read that some malware uses the debugger function like for example [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionĪnd that entry is able to prevent the AV from running next time system reboots. Last time i got a sample that it was spreading via USB in the campus, i almost got infected but BB saved my life but when trying to clean my mates pc i noticed that the malware was preventing EEK from running. but it uses to happen a lot that on infected machines EEK for example will not run, thanks god that there are tools like combofix or rkill to solve the issue. If you have an Enterprise version of Windows you can also use the Windows To Go feature that comes with Windows 8 and 8.1 Enterprise. The report file location is listed beneath this option.
EEK supports most of the Windows Live disks out there like for example Bart PE. Generate report file: enables Avast to create and store a report file automatically. You can create your own boot disk relatively easy though. A solution based on Linux would require us to port our entire code base to Linux first. A solution based on Windows PE is too expensive to offer officially.
0 kommentar(er)
