Welcome! Log In Create A New Profile

Advanced

Does peerblock use Rawether or GTNDIS5?

Posted by Anonymous User 
Anonymous User
Does peerblock use Rawether or GTNDIS5?
March 22, 2010 07:50AM
Hi guys,

Recently installed PB and it's all working fine. The only niggle I have is that ever since the install I get a warning from my AV:

22/03/2010 11:36:53 Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\pbfilter Common Maximum Protection: Prevent programs registering as a service Action blocked : Create
22/03/2010 11:36:57 Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\pbfilter\Security Common Maximum Protection: Prevent programs registering as a service Action blocked : Create
22/03/2010 11:37:02 Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\GTNDIS5 Common Maximum Protection: Prevent programs registering as a service Action blocked : Create
22/03/2010 11:37:03 Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\GTNDIS5\Security Common Maximum Protection: Prevent programs registering as a service Action blocked : Create

I know pbfilter is for peerblock, but can anyone confirm that GTNDIS5 is used by peerblock too? I've searched the faq and this forum but could find no mention of it. From Google, it's supposed to be used by RAWether for windows.

RAWether is a framework for "direct" access to NDIS network interface card (NIC) drivers from Win32 applications, and can allow a .NET application to send and receive raw Ethernet packets on a selected miniport.

Any ideas?



Edited 1 time(s). Last edit at 03/22/2010 07:52AM by dazylar.
Re: Does peerblock use Rawether or GTNDIS5?
March 22, 2010 02:42PM
avatar
PeerBlock only uses pbfilter.sys

The GTNDIS5 you have might be from some other software/driver you have installed.
fxm
Re: Does peerblock use Rawether or GTNDIS5?
March 22, 2010 02:57PM
night_stalker_z Wrote:
-------------------------------------------------------

> The GTNDIS5 you have might be from some other
> software/driver you have installed.

...including masquerading malware.
Anonymous User
Re: Does peerblock use Rawether or GTNDIS5?
March 28, 2010 04:03PM
Thank you both for your input. That confirms my suspicions. GTNDIS5 will be hunted down and removed. I can't think of a reason why I would want it on there, and I'll be happy to remove any program that relies upon it (and is happy to secretly install it) at the same time.

By the way, sorry for the late reply - It's been a busy week.



Edited 1 time(s). Last edit at 03/28/2010 04:05PM by dazylar.
Sorry, only registered users may post in this forum.

Click here to login