On Sat, 02 Jun 2007 20:53:54 GMT, Robin T Cox <nomail@nomail.net>
wrote:

>On Sat, 02 Jun 2007 14:43:11 -0600, dale wrote:
>
>> I have the professional version of SuperAntiSpyware. I also use
>> Kaspersky Internet Security. The KIS firewall opens a popup whenever
>> SAS checks for updates and says " Executable file has changed".
>>
>> For some reason, SSUPDATE.EXE does not run from its installed folder,
>> but is copied to a temp folder each time it is used, then run from the
>> temp folder. KIS firewall thinks a "new" version is bing run and
>> wants to prevent it.
>>
>> Why is this method used for SAS update? I can't find a setting for
>> KIS, sort of disabling it, the prevent the KIS popup.
>>
>> Dale
>
>Doesn't every software firewall do this? I now use a router with a
>built-in firewall, but when I was using a modem I used a Kerio software
>firewall. The Kerio firewall always checked after an upgrade in my spyware
>(and some other) software, to see if the change was intended by me, or
>whether it was the result of malware.

Most firewalls will check for critical SW executable changes. In this
case, SAS update isn't changed, it is just loaded into another
location, then executed. That is the sequence the firewall does not
like.