Honeypots mailing list archives
Re: Honeypot and AntiVirus
From: Devilscrow Sr <devilscrow () gawab com>
Date: Thu, 18 Dec 2003 03:21:37 +0530
Hi J, Comments inline...... J Bailes wrote:
If i have understood the question..... your av cleans the logs when you access the binary files (i am asuming). the i guess the simplest solution to this would be to store the binary file in a directory and then configure the av to exempt that directory from scans. or else you could dynamically log to a different system or to the native os of vmware..... i dont know if i did answer your question.1) Can I set my AV to prevent this without risking compromise to my host OS where the analysis will be performed?
It works best when the analysis, logging system are physically differnt machines. You can easily get rid of these small teething problems......2) Can an analysis be performed with mitigated risk of compromise to the machine running the analysis?
Hope i got it right ?? write back. -dev
Current thread:
- Honeypot and AntiVirus J Bailes (Dec 17)
- Re: Honeypot and AntiVirus Devilscrow Sr (Dec 17)
- <Possible follow-ups>
- Re: Honeypot and AntiVirus J Bailes (Dec 18)
- Re: Honeypot and AntiVirus Devilscrow Sr (Dec 19)
- Re: [mailinglists] Re: Honeypot and AntiVirus KeyFocus (Dec 19)
- Re: [mailinglists] Re: Honeypot and AntiVirus sejhre (Dec 19)