Skip to main content
mhe
mhe
Explorer II
January 17, 2005
Question

Grayware

  • January 17, 2005
  • 5 replies
  • 9295 views
Hi! Does anyone know how the grayware protection in 2.8 works? I tried to download a BHO to a VirtualPC and nothing was blocked/logged. I never saw something like " grayware" in the logs... Regards from switzerland, martin

    5 replies

    UkWizard
    UkWizard
    New Member
    January 17, 2005
    What do you mean, by a ' virtualpc' . The unit checks smtp,ftp and http traffic for files that have signatures matching known grayware files. (same as the av). So unless it was covered over those services, it wont be detected.
    mhe
    mheAuthor
    Explorer II
    January 17, 2005
    VirtualPC is just a tool from Microsoft (like VMWare). I don' t want to install such a BHO on my PC... I downloaded this BHO by http, but there' s nothing in the logs so I think that our FG hasn' t detected it.. Do I have to enable it somewhere? What actions are taken when grayware is detected? Has anyone ever detected grayware???? martin
    A
    Anonymous_User
    Contributor
    January 20, 2005
    Yes, I have. Grayware is logged (in purple) in the Anti-Virus logs. To enable Grayware go to: Anti-Virus->Config and then the Grayware-tab. Enable all categories you want to check for.
    A
    Anonymous_User
    Contributor
    January 21, 2005
    We have just started a evaluating a demo unit, a 400A, and have enabled the Greyware option. It' s fairly efficient and while it doesn' t catch everything, its definatly adding to my log file size. Looks as if I have well over 900 entries from just the two sites I filtered my log on....todays log.
    Wayne11
    Wayne11
    Explorer
    February 3, 2005
    Hi Martin I have exactly the same probs. All graywares are activated but nothing will be blocked. I also never saw some grayware detections in the logs. Regards Marco p.s. also from Switzerland
    A
    Anonymous_User
    Contributor
    February 3, 2005
    It' s been working great for me since 2.80 MR4. Take a peek at the screenshot below for an example from my logs of what you might see. The 4th entry from the top is an Adware entry. Hmmm... And I see I' m going to have to investigate what Mr. 192.168.1.97 is doing...
    Wayne11
    Wayne11
    Explorer
    February 3, 2005
    Great for you but my log looks like this
    A
    Anonymous_User
    Contributor
    February 23, 2005
    Greyware detection works well for me where signatures exist,many categories are looking a little sparse still.... trickier to do by some greyware submission system - even if manual to Fortinet might be handy, although I' m sure we could debate at length what should be in and out - I was surprised to find some downloads from www.sysinternals.com are detected as greyware..... a more reputable source of utils for tinkering with the insides of Windows I have never found...
    Terms & ConditionsAccessibility statement