Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Malware Monitoring and Exclusions

Norm - W7CK
Norm - W7CK Member ✭✭
edited November 2019 in SmartSDR for Windows
Has anyone investigated how products like Malwarebytes and Windows Defender deal with the data coming from the Flex 6000 series radios?   I was just thinking about the amount of traffic that gets transferred from the radio to the computer and was wondering if these services actually inspect each packet for malware or viruses.   If they do, it would seem to me it might be a good idea to place them in the exception list so they are deemed safe and to tell the virus software not to inspect the traffic coming from the radio.


Answers

  • Mike va3mw
    Mike va3mw Member ✭✭
    edited February 2018
    Hi Norm

    Malwarebytes and Windows Defender don't do deep packet inspection, so they won't even notice the traffic flow.  Both of these products   only inspect files that are stored on your computer (like documents and pictures,  etc.)

    No action required on your behalf.

    mike va3mw
  • David
    David Member ✭✭
    edited March 2017
    They don't inspect traffic. They review the files on the systems. I don't believe you need to whitelist anything from Flex. Mawarebytes has never identified SSDR as an issue. I use Windows Defender prefer other A/V solutions.
  • Norm - W7CK
    Norm - W7CK Member ✭✭
    edited March 2017
    Oh, I thought the paid version of Malwarebytes inspected all traffic from the Internet in real time.  I know it has identified malware on websites that I've visited and there was no file downloaded.  I assumed it was in the packet transferred.
  • David
    David Member ✭✭
    edited March 2017
    I don't believe it does deep packet inspection. If I understand it right it is working off of listings. The real time is using frequently updated lists. It is not like FireEye a product that goes deeper in the actual traffic. The traffic from Flex should be coded and behave properly that good security programs would not block it. You can always add it to the list if you feel more comfortable with that though I would recommend you don't. If the security program starts to cause problems with Flex then you should let Flex know as well as the security developer so they resolve the issues properly.
  • Ria
    Ria Member ✭✭✭
    edited November 2019
    Malwarebytes is indeed file based. So a continuous stream coming from the radio is not affected. It is also signature based meaning that it looks for specific patterns before it triggers. Most consumer AV products aren't really that complicated. Even network IDS like snort are mostly signature based. Much like you're body's immune system it is very hard to detect a 0 day attack, but most of the attacks aren't 0 day attacks.
  • Norm - W7CK
    Norm - W7CK Member ✭✭
    edited March 2017
    Thanks for the clarification folks.  Much appreciated. 

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.