Re: [Vol-users] RE: [Detailed analysis of Kaspersky hooks including analysis....

I've used malfind and memscan on a suspected POS infected system and I get a ton of false positive hits on AV processes. Any way to white list some of these or use --silent to filter out some of these false positives? On the other side, is it likely malware is using AV processes to do their deed? Mike Det. Michael Chaves Monroe Police Department 7 Fan Hill Road Monroe, CT 06468 203.452.2831 x1307 (desk) 203.261.3622 (w) 203.650.7997 (c) *** NOTE: If you are sending me an attachment, rename the extension to .txt or .jpg, otherwise, due to filters, I will not get it *** -----Original Message----- From: vol-users-bounces(a)volatilityfoundation.org [mailto:vol-users-bounces@volatilityfoundation.org] On Behalf Of vol-users-request(a)volatilityfoundation.org Sent: Tuesday, October 28, 2014 1:00 PM To: vol-users(a)volatilityfoundation.org Subject: [BULK] Vol-users Digest, Vol 76, Issue 6 Send Vol-users mailing list submissions to vol-users(a)volatilityfoundation.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.volatilityfoundation.org/mailman/listinfo/vol-users or, via email, send a message with subject or body 'help' to vol-users-request(a)volatilityfoundation.org You can reach the person managing the list at vol-users-owner(a)volatilityfoundation.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Vol-users digest..." Today's Topics: 1. Detailed analysis of Kaspersky hooks including analysis with Volatility (Andrew Case) ---------------------------------------------------------------------- Message: 1 Date: Tue, 28 Oct 2014 02:16:58 -0500 From: Andrew Case <atcuno(a)gmail.com> Subject: [Vol-users] Detailed analysis of Kaspersky hooks including analysis with Volatility To: "'vol-users(a)volatilityfoundation.org'" <vol-users(a)volatilityfoundation.org> Message-ID: <544F42EA.9020500(a)gmail.com> Content-Type: text/plain; charset=ISO-8859-1 A really well done writeup & analysis: https://quequero.org/2014/10/kaspersky-hooking-engine-analysis/ -- Thanks, Andrew (@attrc) ------------------------------ _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users End of Vol-users Digest, Vol 76, Issue 6 **************************************** _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users