How come BG-IS 12 can cross over the system to block a malware link ?

Posted 7/26/2012 12:40 PM
#94203
User avatar

stanleywan Advanced member

Date Joined Nov 2016
Total Posts: 35
[3]Hi, this is a problem first time I met. Do you know how this happens?[/3]

[3] [/3]

[3]I have a Win7 Pro with xp mode installed which is the Window Virtual PC’s OS. In my case, I have 1 normal window and 1 virtual OS xp mode installed in the same hard disk. Basically, they are working separately in ideal case.[/3]

[3] [/3]

[3]I used the xp mode as a sandbox area for my testing purpose, such as installing new software which I never heard of it. Because I don’t want my Win7 Pro being messed up by those new things, so I will do all the testing works in the xp mode first.[/3]

[3] [/3]

[3]I installed BG-IS 12 in my regular Win7 Pro and a free version brand A security program in the xp mode. (Yeah, I know I don’t have to protect the xp mode well because in any time if the xp mode is being corrupted, I can easily un-installed it and than re-installed a new, clean one to the Window Virtual PC.) Not a big deal to do that, it just takes 10 mins for the work. But I still installed the brand A AV on xp mode because I would like to treat it as an extra OS to be used. A lot of programs have been installed on my xp mode as well. It takes me time to install all programs back if I remove the xp mode and put a new one back. That is why I want to keep my xp mode working properly.[/3]

[3] [/3]

[3]One day a funny thing happened. I was browsing the internet with ie 9 and all a sudden BG-IS 12 helped me blocking a malware link with a suggested warning page. This was normal and I saw that many times already. I was glad that BG-IS 12 just saved me again from that malware link. Then, I was curious about the free brand A AV on the Virtual xp mode, would it be smart enough to do the same thing as BG-IS 12 did. So, I copied and pasted the malware link onto xp mode’s ie and saw how the brand A AV reacted. The most possible outcome was, either brand A AV blocked the malware link or no response from brand A AV and then the malware web page was going to be open and my xp mode was going to be infected by that. However, an impossible result was just being happened. BG-IS 12 was jumping over to catch the bad guy. I meant it was crossing over 2 OS, from the Win7 Pro to the virtual xp mode to block that malware link. Brand A AV could not do any response yet, since that link already been blocked by BG-IS 12. This is amazing. My question is: how come this can be happened ? I don’t even installed any BG-IS in the xp mode, how come BG can jump over 2 OS to do the blocking job in xp mode where I never installed BG-IS ? It will cost me another license, right ? Yeah, I am glad to see BG catching the bad guy, but not in this circumstance which I did not expect.[/3]

[3] [/3]

[3]I don’t know much about the xp mode and windows relationship. This shows that they may not be completely separated. Otherwise, BG-IS cannot perform such job. I guess they may be connected in some ways which I have no idea at all.[/3]

[3] [/3]

[3]Please tell me, if you know what this is all about. I would be grateful if this phenomenon could be explained.[/3]

[3] [/3]

[3]Thanks a lot.[/3]

[3] [/3]

[3] [/3]
Posted 7/27/2012 7:29 AM
#94208
User avatar

Advanced member

You must realize that your virtual OS runs on the same hard disk of your main OS. This is my first thought.
We could know more if you post the BullGuard Antivirus log from when it caught the infection on your virtual OS.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 7/27/2012 12:20 PM
#94211
User avatar

stanleywan Advanced member

Date Joined Nov 2016
Total Posts: 35
Thanks for reply. I agreed with your thought.

That web page with blocked warning by BG-IS was long gone. I deleted weeks ago. There was no BG AV log, just an ie (from the virtual OS) web page blocked warning message.

However, I can tell you where I find that malware link. I checked my yahoo e-mail account's spam folder, where I could find a lot of spams and the content of the spams, most likely inserted with malware links. There is the place I met that malware link. Thanks for BG-IS, it saved me many times already.

Seems to me that virtual OS is totally different when compared with a real partitioned hard disk individual OS. (multi boots)

Thanks anyway.
Posted 9/4/2012 5:38 PM
#94324
User avatar

bertjan Valued member

Date Joined Nov 2016
Total Posts: 25
i have seen the same thing using virtual box(it even works with linux)
its because the bullguard firewall monitors the network connecting on your pc
because virtual machines use your existing network connection it has to go through the firewall

warning: this does not work with actual infected files (just the links to the websites)

this is just a simple explanation
Posted 9/6/2012 3:48 PM
#94335
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi there,

I am afraid you have partially right, the plugin which blocks the links is the Safe Browsing, not the Firewall.
BullGuard Safe Browsing works like a proxy that scans all ingoing browsing traffic.
The virtual machine connects to the internet trough the resident OS (which also manages the existing hardware (i.e. the Network Card).
It's like having a box in a box, and BullGuard is a layer on the outer container. It scans all ingoing content, regardless if it is destined for the box on which is applied or the inner one.
Regarding the extra license key, there is no need to worry, you do not need one as long as you do not install the application on your virtual machine.
Moreover, if you wish to use BullGuard on it for testing purposes, please contact us via live chat and we will extend your account to include the virtual PC.

All the best!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 9/7/2012 12:48 AM
#94336
User avatar

stanleywan Advanced member

Date Joined Nov 2016
Total Posts: 35
Oh! I love it for having extend my account including the virtual PC. It is very nice to have that.

But in the present time, I'd like to see other things, so I will be keeping my current setting.

I will follow your advice to contact the technical support in the future if I change my mind later on.

Thanks Robert.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, December 7, 2016, 1:32 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 37,967 registered members. Please welcome our newest member, ConcepcionJAbbate.
There are currently no users on-line.