a-squared background guard - alert

How to deal with a Malware alert

1. Don't sweat it!

2. Read the alert message attentively. Every alert message includes the data file path to the particular program file where a possible damaging behavior was found. Thereunder you can see the diagnostics according to the detected pattern. The alert message expressly declares that a damaging behavior 'possibly' was found. There is no hundred per cent guarantee of the detected program really being Malware, because some patterns of good-natured programs overlap with these of Malware.

An example of a Malware-IDS alert message:

Allow or deny?

1. If you know the announced program:
   
   Good-natured programs sometimes behave like Malware. The sending or receiving of online data in such a way without showing a visible program interface is assessed as an indication for Spyware behavior. Due to the fact that some programs dont't show their interface before loading data false alarms are possible. If you are sure that the announced program stems from a confidential source and does not contain a damaging code you can admit it.
   
   Allow
   Choose that option to allow the further execution of the program. If the program shows a damaging pattern again it will be announced again.
   
   Always allow this program
   This option admits the program at all times. It will completely be exempted from inspection.
   
   Allow this behavior only
   Choose that option for not announcing the regarding behavior in the future anymore. The inspection goes on and goes off if the program shows another damaging behavior.
   
   
2. If you don't know the announced program:
   
   If the Malware alert turns up without a concrete action from yourself, look out. An attacker may be transfering damaging codes in your PC that become active now. Did you open an e-mail attachment or an ulterior sent file before? If so, it is Malware with the utmost probability.
   
   Deny
   Choose this option to prevent the further execution of the program. So the process will be enclosed and non-saved data of the announced software will get lost. The program data file will last and can be started again later.
   
   Always deny this program
   With that option the execution of the program will be stopped at the suspect point and the process will be enclosed. In addition to that a code of practice will be drawn up which caters for not being able to start the program again.
   
   Quarantine program
   This is the securest option. The process will be enclosed and the program data file will be quarantined. If the deletion of the program brings unpredictable problems about, you can undelete the file at a push.