Author Topic: AnalogX Script Defender  (Read 6874 times)

0 Members and 1 Guest are viewing this topic.

Beaky

  • Guest
AnalogX Script Defender
« on: June 29, 2004, 11:06:14 PM »
A few weks ago I downloaded AnalogX Script Defender, a test script is also downloaded with the program. So I ran the test script  from its location on C drive and sure enough Script Defender successfully detected it.  At this point I thought it would be a good idea to try emailing the file to myself, to see how Script Defender would react when I tried to open it!

Well I was surprised with what happened next, before I could send the file as an email attachment  Avast 4 Home Edition, popped up and warned me that the file I was trying to send was suspect.  I sent the email to myself anyway, and again when it arrived back in my mail box Avast 4 sent me another warning about the attachment content being suspect!

I didn't expect Avast to react at all, so it just goes to show there is lot more protection built into this program than you might first think!  ;D

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:AnalogX Script Defender
« Reply #1 on: June 30, 2004, 12:00:18 AM »
You're feeling the email heuristic protection of avast!

Thorough check of attachments: if the attachment's name has an executable extension (EXE, COM, BAT etc.), a warning will be displayed.  ;)
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re:AnalogX Script Defender
« Reply #2 on: June 30, 2004, 03:26:12 PM »
AnalogX script defender only activates when you click the file, so it doesn't matter how you receive it or where it is located, script defender will act the same.

Script Defender works by changing the windows file associations, so when you click on file types protected by SD, first script defender is executed. When you allow it to execute the file, it will then be opened by the program usually associated with it (before it was changed by SD).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Beaky

  • Guest
Re:AnalogX Script Defender
« Reply #3 on: June 30, 2004, 11:11:15 PM »
DavidR,

If I am understanding you correctly, I think you are politely trying to tell me that sending the AnalogX test file by email was a waste of time, because Script Defender will always activate exactly the same way when the file is opened.

Okay thanks, I understand this, no problem!

At least it was not a complete waste of time for me as I learnt something new about Avast. ;)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:AnalogX Script Defender
« Reply #4 on: June 30, 2004, 11:17:55 PM »
Sending the AnalogX test file by email was a waste of time, because Script Defender will always activate exactly the same way when the file is opened.

I think not... At least, depends on which file you are talking about: the email message (.eml) or the attached files...  8)
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re:AnalogX Script Defender
« Reply #5 on: July 01, 2004, 12:44:39 AM »
Sending the AnalogX test file by email was a waste of time, because Script Defender will always activate exactly the same way when the file is opened.

I think not... At least, depends on which file you are talking about: the email message (.eml) or the attached files...  8)

Opening the attachment.

It would be valid test if in the body or headers of the email it were possible to run the attachment when view in the preview pane of say O.E.

In that case if the email tried to automatically run the attachment then script defender would intercept any file types it is protecting.

Simply attaching a file to an ordinary email that didn't trigger auto running (and sending it to yourself) of the attachment wouldn't.

Avast may warn about a suspicious email (file type) when you receive it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Beaky

  • Guest
Re:AnalogX Script Defender
« Reply #6 on: July 01, 2004, 12:48:58 AM »
Now I am getting confused, surely there is only one file (the AnalogX test file) whether this is attached to an email or not?

As I understand it, Avast email monitor read the test file when attached to the email and warned me before I was able to open/run it on my computer.

AnalogX cannot read the test file until it is open on my computer and an attempt is made to run the test script.  

So if I have got this right, Avast will protect me from email attachments containing scripts, but as I am currently running the Home Edition will not detect other scripts downloaded directly from the Net ..... for this I need AnalogX, yes? :)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:AnalogX Script Defender
« Reply #7 on: July 01, 2004, 03:06:58 AM »
Got it! Yeah!  :D
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re:AnalogX Script Defender
« Reply #8 on: July 01, 2004, 04:05:25 PM »
Quote
Now I am getting confused, surely there is only one file (the AnalogX test file) whether this is attached to an email or not?

This is a complex issue and without a greater understanding of how scripts/programs are executed would take a bit more explanation. I will try to explain it better.

There is only one file (test.vbs for example), one that has an extension that script defender intercepts or rather it intercepts the command (your double click is a form of but not the only command) to execute/open/run the file.

The analogx test.vbs file is simply a file with an extension (file type) that it checks that it's ok to execute, e.g. you iniatiated the execution/opening or running of the file and not some other program/person/malicious code, etc.

Test it yourself, create a notepad .txt file with some lines of text and save it, change the file type from .txt to .vbs;  now double click on the file and analogx script will ask do you want to 'Execute the Script' or 'Abort'.

Quote
As I understand it, Avast email monitor read the test file when attached to the email and warned me before I was able to open/run it on my computer.

Avast doesn't read the test file (attachment) when you receive it. Avast simply points out the attachment's file type could be suspicious/dangerous; so unless you are expecting it and know who it's from it is a warning not to open the email/attachment.

Quote
AnalogX cannot read the test file until it is open on my computer and an attempt is made to run the test script.  

Script defender doesn't read/examine/look inside of the file at any time, all it does is confirm that you give permission, to execute the script or deny, abort (because you probably didn't initiate the script). Script defender is a simple intercept and confirmation program, it doesn't attempt to check the code for malicious code/intention, that would be far to complex.

Quote
So if I have got this right, Avast will protect me from email attachments containing scripts, but as I am currently running the Home Edition will not detect other scripts downloaded directly from the Net ..... for this I need AnalogX, yes?  

No, avast home doesn't protect against scripts (pro version only), if the script is contained inside and attachment with a suspicious fyle type it will warn about the suspicious attachment, not its content.

Yes to a degree. Script defender intercepts the call/command to run the script, scripts are usually no more than text files, they require an other program to compile and execute the instructions, without that other program running the test.vbs file it is just a text file, but when executed/run dangerous.  

Check in file association in windows for .vbs and you will see that it is associated with script defender and not the program that would usually run the .vbs file (CScript.exe )
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:AnalogX Script Defender
« Reply #9 on: July 01, 2004, 04:53:32 PM »
Check in file association in windows for .vbs and you will see that it is associated with script defender and not the program that would usually run the .vbs file (CScript.exe )

You can tweak this file assocition.
Really, .vbs file could be opened (run by double-click) into Notepad and not executed.
Hope this help to increase security.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re:AnalogX Script Defender
« Reply #10 on: July 01, 2004, 07:05:15 PM »
Check in file association in windows for .vbs and you will see that it is associated with script defender and not the program that would usually run the .vbs file (CScript.exe )

You can tweak this file assocition.
Really, .vbs file could be opened (run by double-click) into Notepad and not executed.
Hope this help to increase security.

Yes, that would open with notepad, but would stop any legitimate .vbs script from running.

By allowing script defender to intercept it and have you confirm it is ok to execute the script and script defender handing it off the the CScript.exe to be run.

If you want to examine the contents of the script (.vbs) file you can press the Shift key and Right click on the file, This will usually give you the Open With option, from here you can select your text editor of choice.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Beaky

  • Guest
Re:AnalogX Script Defender
« Reply #11 on: July 01, 2004, 07:14:53 PM »
DavidR & Technical,

Wow isn't life complicated?

Thanks both of you for taking the time to educate me about scripts!

DavidR, I appreciated your patience and comprehensive answer, you really have helped me to understand how AnalogX works!  

Cheers,

Beaky :D

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:AnalogX Script Defender
« Reply #12 on: July 01, 2004, 08:04:14 PM »
Wow isn't life complicated?

Well, do you remember old and good DOS without dll's?  ;D
The best things in life are free.

Beaky

  • Guest
Re:AnalogX Script Defender
« Reply #13 on: July 01, 2004, 10:48:14 PM »
Yea, now you mention it I do...... and all those lovely glowing valves ;)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:AnalogX Script Defender
« Reply #14 on: July 02, 2004, 03:59:38 AM »
Yea, now you mention it I do...... and all those lovely glowing valves ;)

And a tape recorder playing the role of a floppy  ;D
The best things in life are free.