From 9ccb0de702356254d5ff94e3a1524bfc181413e8 Mon Sep 17 00:00:00 2001 From: mmenke Date: Thu, 23 Apr 2015 09:11:11 -0700 Subject: Update network triage docs with suggestion about checking for malware. BUG=none NOTRY=true Review URL: https://codereview.chromium.org/1097053007 Cr-Commit-Position: refs/heads/master@{#326532} --- net/docs/bug-triage-suggested-workflow.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'net/docs/bug-triage-suggested-workflow.md') diff --git a/net/docs/bug-triage-suggested-workflow.md b/net/docs/bug-triage-suggested-workflow.md index 4c448bc..4b6ee7b 100644 --- a/net/docs/bug-triage-suggested-workflow.md +++ b/net/docs/bug-triage-suggested-workflow.md @@ -188,10 +188,19 @@ was filed. section. If a search on go/crash indicates a crasher is no longer occurring, mark it as WontFix. -* Particularly for Windows, look for weird dlls associated with the crashes. - If there are some, it may be caused by malware. You can often figure out if - a dll is malware by a search, though it's harder to figure out if a dll is - definitively not malware. +* On Windows, you may want to look for weird dlls associated with the crashes. + This generally needs crashes from a fair number of different users to reach + any conclusions. + * To get a list of loaded modules in related crash dumps, select + modules->3rd party in the left pane. It can be difficult to distinguish + between safe dlls and those likely to cause problems, but even if you're + not that familiar with windows, some may stick out. Anti-virus programs, + download managers, and more gray hat badware often have meaningful dll + names or dll paths (Generally product names or company names). If you + see one of these in a significant number of the crash dumps, it may well + be the cause. + * You can also try selecting the "has malware" option, though that's much + less reliable than looking manually. * See if the same users are repeatedly running into the same issue. This can be accomplished by search for (Or clicking on) the client ID associated with -- cgit v1.1