Tweet
My firewall/HIPS program flags some suspicious behaviour from wirelessMon:
- 'WirelessMon want to connect to another computer'
- 'WirelessMon wants direct disk access'
- 'WirelessMon wants to remotely control Explorer.exe'
And on when closing the program:
- 'WirelessMon wants to start an unknown process: ?????|?|? '
then:
- '/system32/?????.cmd wants to run'
I can understand the first one, if WM needs to hook into the network card at low level, but then there are no firewall rules created for it and it doesn't show up in the list of allowed programs, like it's doing something sneaky to hide itself from being monitored by my firewall.
Plus no other program I have unexpectedly triggers warnings like these. Can anyone explain why WirelessMon wants/needs these unusual permissions; techniques that a virus or rootkit would normally use? And what is the *.cmd thing on exit?
Thanks.
- 'WirelessMon want to connect to another computer'
- 'WirelessMon wants direct disk access'
- 'WirelessMon wants to remotely control Explorer.exe'
And on when closing the program:
- 'WirelessMon wants to start an unknown process: ?????|?|? '
then:
- '/system32/?????.cmd wants to run'
I can understand the first one, if WM needs to hook into the network card at low level, but then there are no firewall rules created for it and it doesn't show up in the list of allowed programs, like it's doing something sneaky to hide itself from being monitored by my firewall.
Plus no other program I have unexpectedly triggers warnings like these. Can anyone explain why WirelessMon wants/needs these unusual permissions; techniques that a virus or rootkit would normally use? And what is the *.cmd thing on exit?
Thanks.
Comment