Malware Monitoring and Exclusions

  • 1
  • Question
  • Updated 2 years ago
  • Answered
Has anyone investigated how products like Malwarebytes and Windows Defender deal with the data coming from the Flex 6000 series radios?   I was just thinking about the amount of traffic that gets transferred from the radio to the computer and was wondering if these services actually inspect each packet for malware or viruses.   If they do, it would seem to me it might be a good idea to place them in the exception list so they are deemed safe and to tell the virus software not to inspect the traffic coming from the radio.
Photo of Norm - W7CK

Norm - W7CK

  • 747 Posts
  • 154 Reply Likes

Posted 2 years ago

  • 1
Photo of Mike va3mw

Mike va3mw

  • 824 Posts
  • 197 Reply Likes
Hi Norm

Malwarebytes and Windows Defender don't do deep packet inspection, so they won't even notice the traffic flow.  Both of these products   only inspect files that are stored on your computer (like documents and pictures,  etc.)

No action required on your behalf.

mike va3mw
Photo of David

David

  • 300 Posts
  • 49 Reply Likes
They don't inspect traffic. They review the files on the systems. I don't believe you need to whitelist anything from Flex. Mawarebytes has never identified SSDR as an issue. I use Windows Defender prefer other A/V solutions.
Photo of Norm - W7CK

Norm - W7CK

  • 747 Posts
  • 154 Reply Likes
Oh, I thought the paid version of Malwarebytes inspected all traffic from the Internet in real time.  I know it has identified malware on websites that I've visited and there was no file downloaded.  I assumed it was in the packet transferred.
Photo of David

David

  • 300 Posts
  • 49 Reply Likes
I don't believe it does deep packet inspection. If I understand it right it is working off of listings. The real time is using frequently updated lists. It is not like FireEye a product that goes deeper in the actual traffic. The traffic from Flex should be coded and behave properly that good security programs would not block it. You can always add it to the list if you feel more comfortable with that though I would recommend you don't. If the security program starts to cause problems with Flex then you should let Flex know as well as the security developer so they resolve the issues properly.
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2278 Posts
  • 919 Reply Likes
Malwarebytes is indeed file based. So a continuous stream coming from the radio is not affected. It is also signature based meaning that it looks for specific patterns before it triggers. Most consumer AV products aren't really that complicated. Even network IDS like snort are mostly signature based. Much like you're body's immune system it is very hard to detect a 0 day attack, but most of the attacks aren't 0 day attacks.
Photo of Norm - W7CK

Norm - W7CK

  • 747 Posts
  • 154 Reply Likes
Thanks for the clarification folks.  Much appreciated.