Get detailed information, downloads, screenshots, latest updates, news, and special offers for Panda Security software at UpdateStar - The social software search engine. 1,746,000 recognized programs - 5,228,000 known versions - Software News. Panda Free Antivirus is fast and free, boasts the top score in real-world protection, and offers a USB drive cleaner. Are you sure you want to discard your changes?
We have a problem with Panda Antivirus which is preventing EasyAntiCheat service from starting and loading our Windows kernel driver into memory. We have sent our software package (including kernel-driver and code-signing certificates) to falsepositives@pandasecurity.com at 22.2.2016 but we have not received any response. Could you inform us what is the situation of this false positive request?
Let me explain this issue in more detail:
EasyAntiCheat is a game security solution used to prevent hacking in online PC-games. We work by sandboxing the game and our kernel-driver protects any code injections, hacking attempts etc. to the game process. Due to the way EAC works we have had problems with other anti-virus companies as well, and we are a trusted white-list partner with many of the major security companies. Companies/products such as F-Secure, Avira, Avast, G-Data and Symantec have white-listed our code-signing certificates in order to solve the false positive issue completely. This means that when our software changes it won't cause the white-listing suddenly to stop working.
The problem is that in order to white-list EasyAntiCheat you would need to white-list our code-signing certificate that is used in the EasyAntiCheat.sys file (our Windows kernel-driver). The kernel driver is streamed from our CDN every time the player opens the EAC protected game and the streamed kernel-driver might change sometimes 5-10 times a day. This means that any checksum-based white-listing won't work as the checksum could change in a matter of hours.
I hope that you can forward our message to some higher level department in your company that handles requests like this. Panda blocking EasyAntiCheat is not a major issue for us but I would assume that it will give a bad impression from your software as EasyAntiCheat is being used in over 14 popular PC-games and we have over 300 000 daily unique users world-wide. During the last 1,5 years EasyAntiCheat has been used by over 12 million unique users around the world, so this issue might be a real burden for your customers as they need to completely disable Panda in order to play any EAC protected game.
EndPoint Protection directory structure
Users can choose the path where they want to install the product, however, the default installation path is:
%allusersprofile%Datos de programaPanda SecurityPanda Endpoint ProtectionQuarantine
EndPoint Protection installation path.This contains the files needed for EndPoint Protection to operate.
Cache: Contains the local signature files.
Data: Contains the behavior analysis technology data files.
Drivers: Contains the binaries used to install/uninstall the units.
NNSNahs:Binaries used to install the firewall intermediate driver.
PSINDvct:Binaries used to installthe Device Control technology driver.
Lang:Contains the dictionaries with the strings in the various languages.
LostandFound:Contains the items restored from quarantine when they’ve been moved by the email protection or when they couldn’t be restored to the original path.
Quarantine:Contains quarantined items.
PskTmp:Temporary configuration files created during the scan.
Registry entries
Registry entries in Panda Software
Panda Security:Key in HKEY_LOCAL_MACHINESoftwarePanda Security that contains the protection keys and values.
AdminIEProtections:Key that contains the WAC value indicating where the client is installed.
Nano AvBoot:Kept to maintain compatibility with previous versions. Not currently used.
Nano AVModAV:Kept to maintain compatibility with previous versions. Not currently used.
Nano AvLive:Contains the DownloadFolder value indicating the client’s downloads folder
Nano AvPanda Main Service:Contains the plug-in loading values for the antivirus main module.
Nano AvSetup: Contains the protection installation path.
Panda Service Host:Contains the plugins loaded in the service: update system, antivirus main system, engine, file and process interception system, device control configuration system, firewall.
Panda SoftwareSetup:Product information (name, version, ID, installation path, etc.)
Registry entries in WindowsCurrentVersion
This section deals with the registry entriesPanda EndPoint Protectioncreates in the“HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion”key.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
System key that indicates the path of the applications launched at the beginning.
System key with information about uninstallers of products installed on the system.
Panda Universal Agent Endpoint:Key with the information needed to uninstall the product.
Registry entries in Services
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
NNSALPC:Firewall driver
NNSHTTP:Firewall driver
NNSIDS:Firewall driver
NNSNAHS:Firewall driver
NNSPICC:Firewall driver
NNSPIHS:Firewall driver
NNSPOP3:Firewall driver
NNSPROT:Firewall driver
NNSPRV:Firewall driver
NNSSMTP:Firewall driver
NNSSTRM:Firewall driver
NNSTLSC:Firewall driver
PRKPAVPROC:Driver used in rookit scanning.
PSBOOT.SYS:Driver for operations at boot.
PSINAflt:Intercepting filter.
PSINDvct:Device Control driver.
DVCTPROV.sys: Device Control driver.
Panda Security Driver License
PSINFile:File intercepting driver.
PSINKNC:Kernel intercepting driver.
PSINProc:Process intercepting driver.
PSINProt:Protection driver (shield, KRE).
PSKMAD:Memory scanner driver.
Services
PSUAService:Task control and management service in sessions.
NanoServiceMain:Client’s main service for all protection modules.
CLOUDUPDATEREX:Upgrade tasks service.
Processes
Apart from the services mentioned above, the following processes can be run on the system:
bspatch.exe
Process used to patch signature files.
PAV2WSC.exe
Panda Security Driver Handbook
Process used to update the antivirus status in Windows Security Center.
PSANCU.exe
Process used to perform configuration tasks during client installation and upgrades.
PSINanoRun.exe
Process used to install and upgrade the client.
PSNCSysAction.exe
Process used to enable/disable the firewall’s NNSNahs intermediate driver.
PSUAMain.exe
Traybar process.
PSUNMain.exe
Client interface process.
Setup.exe
Panda Security Review
Installation and upgrade tasks process.
WAScanner.exe
Process that manages the background scanning tasks configured from the Web console.