RogueKiller Finds A File That Does Not Exist?

[garioch7]

Issue 1:
I ran a scan yesterday, after having installed Western Digital Discovery software on my new computer to work with my new 4 TB WD My Passport Ultra (USB-C) external hard drive.  I have attached the scan results and you can see that RK is legitimately detecting a "Suspicious Path" for an .exe file.  What is interesting is that I launched Windows Explorer today, with settings to show hidden files and protected operating system files.  I navigated to that folder and there was only one .dll file in the folder.  There was no .exe file(s) there, so what did RK detect; or, did WD Discovery delete its own file after it had served its purpose?  I went to the folder because I wanted to upload it today to VT for analysis.  I ran out of time yesterday.

Issue 2:
See also my UCheck thread here.  RKP runs the UCheck mini-scan because that is enabled in the options.  It reported that my HD Tune Pro 5.75 is out-of-date.  You will see that I made an exclusion in UCheck Premium to not check that program any more.  Apparently, the RKP mini-UCheck scan is not accessing UCheck Premium exclusion information wherever that is stored in the registry or in a config file.  Yes, I could disable the UCheck mini-scan, but it would be more elegant if the RK UCheck mini-scan "talked" to Ucheck Premium, if it detects it as being installed, before reporting an out-of-date program.

Have a great day.

Regards,
-Phil

[Curson]

Hi Phil,

Thanks for your feedback and suggestion.

I think you may be right about the exe being removed when your WD Discovery is ejected. Regarding its location, it's a false positive, we will whitelist it as soon as possible.

Regrading your issue with UCheck mini-scan, it's a great idea. I will add in our todo list. Additionally, new detection scripts that differenciate between HD Tune and HD Tune Pro are ready to be deployed. I'm currently waiting for Tigzy approval.

Have a great day, too.
Regards.

[garioch7]

Curzon:

Thank you for your prompt reply!  Do you folks ever take a day off? 

The customer service here is awesome. 

Have a great day.

Regards,
-Phil

[Curson]

Hi Phil,

You are very welcome. I'm glad you like the customer service.
To answer your question, it's really seldom.

Regards.

[Curson]

Hi Phil,

I've got bad and good news.

The bad news is that RogueKiller cannot access UCheck exclusion file, thus exclusions set in UCheck cannot be applied by RogueKiller UCheck mini-scan. The good news is that the new scripts are now in production, so UCheck and UCheck mini-scan won't detect HD Tune Pro as outdated anymore.

Have a nice day.
Regards.

[garioch7]

Curzon:

Thank you for your reply and for looking into this matter.  I am happy with the outcome.  Thank you, and your colleagues.

Have a great day.

Regards,
-Phil

[Curson]

Hi Phil,

You are very welcome.
I'm glad you are happy with the outcome of this issue.

Have a nice day, too.
Regards.