12 replies to this topic

[swagger]

Someone help me out, what is the term when one scanner hijacks another scanner's detection when scanning files? For the life of me, I cannot think of the term used. I believe exile once told me about it.

Thanks in advance

[srtools1980y]

Why can't you pm exile?

[yardbird]

@ swagger

great!!!!! now I forgot also

[sho-dan]

.

[swagger]

srtools1980y, on Sep 23 2009, 03:18 PM, said:

Why can't you pm exile?

Because I'm not certain it was him and it would be educational for all to know the term.

yardbird, on Sep 23 2009, 03:38 PM, said:

@ swagger

great!!!!! now I forgot also

Haha, sorry! Hopefully someone will remember

[Marcus]

swagger, on Sep 23 2009, 09:48 PM, said:

Because I'm not certain it was him and it would be educational for all to know the term.




Haha, sorry! Hopefully someone will remember

swagger, you don't mean a more general term like "piggybacking" or a short phrase which includes that word, like "piggyjackbacking" do you?

PS. I've just invented that last term!

[swagger]

I think it was more technical... but it was definitely access hijacking. When one scanner accesses/scans the file, the other hijacks the scan and detects the file

[exile360]

I've referred to an AV having a file locked in memory before. That could be it. It's sort of like the ultimate "Access Denied" approach used by AV's when a detection is made to stop the nasty from escaping while it's taking action or waiting for the user to tell the AV what to do with the detection (ie Ignore, Quarantine, Delete etc).

[swagger]

Nope that's not it... Maybe I'm explaining it wrong... I thought I was pretty clear though. One scanner is scanning with one active protection scanner in the background... The scanner that is scanning accesses the files and as it does, the active protection scanner detects those files when it wouldnt have before.

[exile360]

Ah, the way that my MBAM does when Kaspersky scans something because it executes any files it checks in realtime inside an emulator. Yes, I remember now, but can't for the life of me recall the terminology I used .

[yardbird]

I'm trying to google what swagger posted & I can't find it???

[swagger]

Haha strange... But it was you exile who used the term. I thought so. I believe it was via PM but I can't be sure. It was early this year and my memory isn't the greatest these days. Well if anyone thinks of it, please let me know!

[Marcus]

swagger, on Sep 24 2009, 01:12 PM, said:

Haha strange... But it was you exile who used the term. I thought so. I believe it was via PM but I can't be sure. It was early this year and my memory isn't the greatest these days. Well if anyone thinks of it, please let me know!

...Let's see if I can help... it's called "co-operation" if you're on one side of the fence or "nicking the enemy's info" (otherwise known as "dancing with the enemy") if you're on the the other side.

For all you current or former college lecturer-types think "byte-plagiarism".

At this point hot, strong filter coffee is needed to sort out a decaffeinated brain - and then I might talk some sense later.