6
1
Let's consider this scenario:
- There's some X software downloaded from the internet with one .exe file and several .dll files.
- The .exe file is prevented from accessing the Internet by using Windows Firewall.
- One of the program's .dll files is infected by malware.
By blocking the .exe file, is the executable code it calls from the .dll files also blocked? Or should I manually block every single file that looks like it has executable content? More generally, how does Windows Firewall work in cases like theses?
Thanks!
1good question, buddy – kmonsoor – 2014-03-29T15:25:42.257
This an actual problem you have or entirely a "what if" question? – Ramhound – 2014-03-29T15:39:43.900
Actual problem; malware usually disguises itself in .dll files and not the main executable. Do a google search for ".dll site:virustotal.com". Tons of cases.
In particular I'm asking because the latest time I came across this I needed to use some abandoned freeware tool even if, as it appears to be, it was being served by its website infected: VirusTotal said one .dll had malware (not unanimously). I have a machine I don't care about being infected that I can run that tool on, but I don't want the malware talking to its creator.
But I'd also like to know how Windows Firewall works in general – s_a – 2014-03-29T15:50:09.617
I don't think it would block the .dlls. A lot of applications use shared libraries in Windows, even viruses, so blocking any .dlls the virus references would cause problems (and how would Windows firewall know what to block right off the bat also?). Windows firewall most likely just blocks the activity from the .exe specified. – MaQleod – 2014-03-29T17:44:30.287