Resident shield issue? Or just different OS behaviour?

[RonHarris]

Hi All,

I have a Windows XP Virtual Machine with MalwareBytes Pro on it that I use for security research.

When the Resident Shield is enabled on the VM, as soon as a file is displayed (not clicked, or accessed) in Explorer then the resident shield popup is displayed as shown in this example:

However, when exactly the same Malware sample is presented to a machine running MalwareBtyes Pro on Windows 7, then the resident shield popup is not shown. You can even select the file in Explorer without any effect:

If you right click the file, and select Properties then the resident shield does detect it. But until you actually do that (or attempt to start the program) as far as MalwareBytes does not detect it.

Is this simply a difference in OS behaviour (Windows XP vs Windows 7) or is there something odd going on with the resident shield on Windows 7?

Many Thanks,

Ron

[exile360]

Greetings,

The behavior is indeed different because of the operating system. On Windows XP, when the view for a folder is set to tiled view, it accesses the file's version info and other data. Doing this causes it to be checked by Malwarebytes' Anti-Malware's protection module, so the item may be detected without actually attempting to execute the file. On Vista and 7, explorer does not do this so the item actually has to try to execute to be detected.

[RonHarris]

Thank you for the clarification exile360, much appreciated!

[exile360]

You're most welcome

Please post again if you have any future questions or issues.