Cyberhawk Security Software (http://novatix.com/cyberhawk/)

I just installed this software and I wonder if anyone else is testing too.
Steve Bass from pcworld.com writes: Free Cyberhawk promises... (http://blogs.pcworld.com/tipsandtweaks/archives/001370.html)

I didn't find a beta test forum yet, and I hope to share some experience here.
It looks like this software enables you to create your own behaviour rules (like changes to registry keys)

so its like shadow user?

{QUOTE-> so its like shadow user? <-QUOTE}No, not at all.

From the feature list, sounds a little more like PrevX and similar offerings, although a PrevX user might be able to shed more light on that than I.

Blue

Could be an interesting program if will be very simple as now...

But it's to yearly to see something...

It looks interesting. I wonder if it will remain free for home use after it's out of beta though.

Looks like they recruited some very good talent if you look at the about page.;)

SonicWall, Webroot ect. people.

{QUOTE-> Looks like they recruited some very good talent if you look at the about page.;)

SonicWall, Webroot ect. people. <-QUOTE}


LOL, that's funny because this program could put those others out of business. But I doubt it really will, just a bit of a funny thought. ;)

If its as good as they say and it can offer all round free protection for the home user then it may put a dint in the firewall/ antivirus/trojan/antispyware / hips/ market
As they believe it covers all these areas. Its pure simplicity for most users to use. I like it so far.

Thanks wilbertnl :) , I had never heard of this program before, and it does look promising.

I've installed it lately, the most surprising here is the simplicity. In another hand, I would like to have a more detailed description of the program's features, it seems everything isn't listed in the "rules" panel. For example I've noticed it can sometimes detect when a program does inject code in another, but it doesn't always detect it, and there's no precise description of the blocking abilities in the GUI, neither in the help file: You don't exactly know "what" can be blocked.

The rules editor is interesting, you can add your own blocking rules.

A good point is, unlike in the prompt screnshot included in the help file, you get details about the violated rule in the prompts.

Cheers,
nicM

Any registry protection, and like someone asked before, will it remain free?

Yes, there's registry protection indeed, autostart entries (start menu HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu, and run keys, plus more, I've not seen everything).

What is amazing is the rules editor :o :

http://img88.imageshack.us/img88/1307/cyberh19nj.jpg (http://imageshack.us)




You can create rules for ALL/some/one programs, about file(s) protection, registry writing, connections listening/creation:

http://img88.imageshack.us/img88/8261/cyberh38mf.jpg (http://imageshack.us)




In the registry tab, you can add any Key/Value you want!! :D

http://img88.imageshack.us/img88/5245/cyberh41px.jpg (http://imageshack.us)



And you can protect any files/folders you want against write, creation, deletion, etc:

http://img88.imageshack.us/img88/3473/cyberh53tt.jpg (http://imageshack.us)



And you can restrict connections by Port, domain or IP:

http://img82.imageshack.us/img82/6339/cyberh69ti.jpg (http://imageshack.us)



You get a prompt for each rule violation, with Allow/Deny options, except if the rule is already set with "community protection" rules, that does look like Prevx. So far I think this program is really interesting ;D .

Cheers,
nicM

HOLY CRAP ! Very configurable huh ? Keep us posted on this please

It would be interesting to share custom rules...
I didn't see a export/import function, though.
Have to submit a suggestion to the development team, I guess.

{QUOTE-> In another hand, I would like to have a more detailed description of the program's features, it seems everything isn't listed in the "rules" panel. For example I've noticed it can sometimes detect when a program does inject code in another, but it doesn't always detect it, and there's no precise description of the blocking abilities in the GUI, neither in the help file: You don't exactly know "what" can be blocked.
<-QUOTE}

nicM, Are you interested in submitting these suggestions to the beta team?

{QUOTE-> nicM, Are you interested in submitting these suggestions to the beta team? <-QUOTE}

Yep, already done, among other suggestions :)

Cheers,
nicM

Thanks nicM for your posts. C'est très sympa!;) I have downloaded and installed the software... no problems so far. I notice it does not pump up on my ressources: good point.
Cheers,
Hervé

{QUOTE-> Thanks nicM for your posts. C'est très sympa!;) <-QUOTE}

Merci, y a pas de mal! ;)

Yes, it's very reasonable on RAM usage, between 7 and 16 Mo for me.

Cheers,
nic

Sorry for stepping in - I thought though that I could answer some of your questions directly.

- Cyberhawk will remain free. We intend though to offer a paid-for "Pro" version in the second quarter of 2006. Similar model to what other companies such a Zone Labs have done.

- The built-in rules are not exposed in the Settings dialog. This was done by choice to further simplify the product. We really want Cyberhawk to be easy to use for everyone, remove clutter, and offer some more advanced features for advanced users. I can see that it didn't take you guys too long to figure the product out. Cool!

- A lot of effort was done buidling "smarts" which is code that analyzes a process when a rule is triggered to determine how trustworthy the process actually is. The intension here is to cut down the false positives and prevent so called "dialog fatigue" which one experiences with firewalls for example. This is why you may not see Cyberhawk pop an alert dialog in some cases. We continue to work on "smarts" to even further reduce false positives.

- While we do not yet offer a discussion forum on our web site, it is our plan to get one up and running shortly. Stay tuned (www.novatix.com). We welcome feedback as it will help us enhance the product with guidelines coming directly from actual users.

Let me know if you have any questions and I'll be happy to help.

Mike Kronenberg
CEO, Novatix Corporation

{QUOTE-> No, not at all.

From the feature list, sounds a little more like PrevX and similar offerings, although a PrevX user might be able to shed more light on that than I.

Blue <-QUOTE}

It reminds me a lot of another new product Neoava . As an advanced user there is a lot of flexibility you can add all sorts of rules to be alerted on, from read/write/access to files/folders (number of times), registry, network connections etc..

In this area it looks like GESWall, Coreforce also.

Prevx1 isn't as flexible as that, but there's a community aspect, which reminds me of Prevx1, but I don't know how that works here.

thanks for dropping in and answering any queries MikeK. Does Cyberhawk do all the basics such as firewall etc. If as yet not completely (being beta at this stage) thanks.

Thanks for passing by, Mike :)

{QUOTE->

- The built-in rules are not exposed in the Settings dialog. This was done by choice to further simplify the product. We really want Cyberhawk to be easy to use for everyone, remove clutter, and offer some more advanced features for advanced users. <-QUOTE}

I understand your goal, towards "keeping it simple", but where the presence of default rules is missing is that we can hardly add rules without to know which rules are already running ( though I've submitted a mail on your site about it): we might add overlapping rules about registry, for example.

Cheers,
nicM

Just out of curiosity, does this program use hooks like regdefend or polling?

{QUOTE-> Sorry for stepping in <-QUOTE}
Man, I didn't hear that knock on the door... ;)
Can I get you a cup of coffee?

You are welcome, Mike, and we appreciate your entry in this thread.

It's only recently that I got interested in Host Intrusion Prevention and I have tested a decent amount of your competitors.
I want to say that Cyberhawk felt right to me immediately after the installation.

The dialogs are informative and less annoying (and I assume that creating custom rules could have a negative effect on that:) ).

I would like to get some insight in the pre-defined rules, because it helps me understand better how to create custom rules.
Maybe advanced users can find these rules on the website, as an example?

Cyberhawk might intervene without showing popups, correct?
Is there any optional indication, like change of the noticifation icon or sound?

I expect that you not only need a dedicated forum for your users, but also a 'rules depot' where advanced users share their rules.
That reminds me: Import/Export of custom rules!

Anyway, I'm glad that you stepped in, Mike.

This program does look interesting. I wonder how good the free version will be though compared to the soon to be released (payware) pro version? Will it stay as is and the pro version just add a bunch of new stuff? Or will the free version be reduced it what protection it has?

And here's yet another completely free HIPS program for those who may like free stuff. ;) http://www.wehnus.com/products.pl

So I wonder which program is better then? e.g. provides better and/or greater protection, CyberHawk or this WehnTrust. Both look like decent free apps. Any takers?

{QUOTE-> CyberHawk or this WehnTrust. <-QUOTE}
I got the impression that WehnTrust is focused on vulnerabilties of the binaries, like buffer overflows. It does not monitor changes of startup entries in the registry, for example.
Maybe you shouldn't compare these two products.

It seems on the outside that Cyberhawk is much more advanced . And very different . I agree ! They should not be compared

Looks like a nice app, I like the GUI. I agree with some other posters that it is important to have absolute control over what the app exactly does. Btw, is there any news on conflicts with other apps, so far? At the moment I run ZA Pro and PG free, TIA for any info. :)

{QUOTE-> Btw, is there any news on conflicts with other apps, so far? At the moment I run ZA Pro and PG free, TIA for any info. :) <-QUOTE}

It doesn't conflict with PG, but there's a little bit overlap between them: CH does detect thread and data injection into processes.

I've not got any conflicts so far (just recursive popups for some events, there was something wrong, but that proved CH is stable, because it didn't crash when I've suspended its protection, while popups were continueous).

Cheers,
nicM

My thoughts on such products can be found HERE (http://www.wilderssecurity.com/showthread.php?p=665679#post665679). If you put a sniffer on it, it looks like it's just sending a CRC hash of the file, which isn't real strong, and won't catch polymorphic code the way Prevx1 can (I asked during the beta when I had some concerns on the matter). I wouldn't expect it to stay the way it is now if they really have a focus on usability, though. It's probably worth noting/repeating that Prevx moved away from this kind of app after finding out that it simply wasn't working, and put a lot more focus on the community aspect. Not bad for what it does, though :)

It seems strange, as I do more reading and listening to security podcasts, I'm hearing a lot more about the need for proactive apps, but that HIPS aren't reccomended due to usability issues, and that they need to mature.. as this becomes more prevalant, it seems like more plain behavior blockers are coming about. I do look forward to seeing how it progresses, though, and seeing who can offer a real solution for the average user.

As I have yet to try Cyberhawk , I must say I cannot really comment . However , I thought CyberHawk and Prevx overlapped . NOT that Cyberhawk is using a separate technology .
Very interesting . I will still try it out but , I like Prevx . I will also watch the progress of this .

{QUOTE-> I wouldn't expect it to stay the way it is now if they really have a focus on usability, though. It's probably worth noting/repeating that Prevx moved away from this kind of app after finding out that it simply wasn't working, and put a lot more focus on the community aspect. Not bad for what it does, though :)

<-QUOTE}

I think both programs aren't so different on this point, since CH's "Community Protection" seems comparable to PrevX paws; it's described as follows: "any time a suspect rule is triggered in CyberHawk, information related to this event is automatically reported to Novatix for analysis through a secure and anonymous protection [...] allowing CyberHawk to create new rules which block this threat [...]" (in CH GUI).

I've seen somewhere (don't remember where) that it's aim is to create new rules for threats, but to decrease the prompts users will get too, by preventing "false positives". Then usability is not put aside.

I did try to run some leaktests, to see what CH is able to intercept, and if it didn't block all code/thread injections, it did block most of theses. But that's just one side of CH protection, since there's no description of all its features yet, there's more to discover I guess :) .

Cheers,
nicM

has anyone else had problems with the gui tabs (like rule settings) not working? I heard from another thread that this might be due to mshtml.exe being blocked, but I don't see why it would be blocked on my pc.

Hello

I would also like to see a way to save the event log.

So far it has denied the creation of DivXsm.exe in my system32 folder
and denied the altering of LSPS triggered by googledesktopsearchsetup_EN.exe
while installing WinDVD 7.0 trial.

controler

Is this a program that the average user could install and generally forget, or is there enough tweaking needed that it is not for average Joe at this time?

Thanks,
Jerry

After having run Cyberhawk for nearly 3 weeks now, i have noticed the following:
- CH conflicts with DefenseWall. No possiblity with CH installed to run any untrusted applications in the trusted mode.
- The booting time is significantly increased.
- CH conflicts with the scheduled startup of any screensavers, with a BSOD as a result.
- Some icons often disappear in the task bar near the clock.... especially the one of NOD32.
- Incompatibility with imaging softwares (RollBack or Deepfreeze) or sandboxies.
Maybe this report is specific to my system...
Has anybody else encountered the same problems that are completely solved once Ch is uninstalled?
Cheers,
Herve:)

Salut Heco :)

{QUOTE-> - The booting time is significantly increased. <-QUOTE}

I don't have this problem at all here. More generally, I've not noticed any slowdown since I've installed it.


{QUOTE-> - CH conflicts with the scheduled startup of any screensavers, with a BSOD as a result. <-QUOTE}

No problems with logon.scr neither.


{QUOTE-> - Incompatibility with imaging softwares (RollBack or Deepfreeze) or sandboxies. <-QUOTE}

I run it with TI 9 and BufferZone: nothing special here too.

It could be caused by a conflict with some of your other software ???


{QUOTE-> Is this a program that the average user could install and generally forget, or is there enough tweaking needed that it is not for average Joe at this time? <-QUOTE}

According to what developpers said, I would say it's a HIPS but on the "easy side", user-friendly. It's up to you to add your rules, default protection is working "out of the box".


{QUOTE-> So far it has denied the creation of DivXsm.exe in my system32 folder <-QUOTE}

Did you add a rule to protect System 32, or .exe creation in system32 was prompted by default?

Cheers,
nicM

I´ve installed CH and it didn´t seem to do anything, maybe I should have rebooted first? But anyway, I also do not like the GUI (important to me) and I might try it again some time but first impression (another important thing) was not positive. :dry:

Funny, I must have tryed it half a dozen times, but all i get is a error on page. Is beta limited to a certain area or something?

Tried it. Feels like alpha more than beta to me. After install, system went down the drain. Slowed my computer to a crawl. Even made taskbar non-responsive. Had to wait to do anything. Even tried to start a program then I get BSOD. I rebooted and startup takes ages. The Cyberhawk software icon appears on taskbar but disappears soon after. Looking at the taskmanager, I found out one of its processes immediately shuts itself off. After another reboot it had a dialogue box asking for permission for the program itself to run. It labeled, logged, and sent info that itself was a suspicious activity ::)

This was the worst HIPS program to run on my computer. I tried PG, prevx, anti-malware, and few others and never had this many problems.

CyberHawk beta 1 has now be updated to beta 2.

never know it is installed.runs with firefox,thunderbird,zone alarm,[free],avg,ms spyware, i think it is great. no problems at all. thank you melvin

Process Guard doesn't like Cyberhawk. I put PG in learning mode, I get pop-up saying hawktask.exe was blocked from reading proguard.exe, I disable PG I still get pop-ups saying hawktask was blocked from reading proguard.exe Then I disable Cyberhawk too. I still get pop-ups saying hawktask.exe was blocked from reading proguard.exe. 6676 error messages and still going. Until this is remedied I have to remove cyberhawk. >:(

Carver, just add Hawksvc.exe and Hawktask.exe in your Protection list, and give Hawktask.exe Terminate, and install Global Hooks flags, over the default flags: all should be fine then :) .

Cheers,
nicM

{QUOTE-> Carver, just add Hawksvc.exe and Hawktask.exe in your Protection list, and give Hawktask.exe Terminate, and install Global Hooks flags, over the default flags: all should be fine then :) .

Cheers,
nicM <-QUOTE}
Ok, done. Interesting, I no longer get the pop-up hawktask.exe was blocked from reading proguard.exe . Now I can't access the application and it blocks my net connection and breaks my wireless bluetooth keyboard conection.

Hmm, interesting that i haven't YET experienced any serious issues that i would normally grouch about. I hope i don't discover any after encountering what i have with some others.

So far as basic hook injecting system-wide directly into any random process CH intercepted things pretty well, this also goes for simple Trojan Simulation tests and the ole zapass injection technique on my machines (XP Pro), however it certainly didn't cover injecting a new service, SSM picked up on that one in my tests.

Also CyberHawk jumped up again on attempted DLL injections. I had to allow SSM to allow CH to terminate which it done so with dispatch & courtesy. LoL

What i find strikingly odd is that CoreForce in all it's power even failed the first line of GhostSecurity Regtest for me even after i had applied a new rule to "ask" first.
CyberHawk jumped up a stink the second i even clicked on it! After allowing it's easy pickings but still CH alerts yet again at the tail end of those 5 reg lines modifications.

I'm also pretty pleased with the fact that Cyberhawk done an excellent job at Thread Injection prompting too, that is when something malicious tries to slip a thread into another working process.

I guess what i admire most with CyberHawk so far is that under severe bombardments it didn't crash on me like say CoreForce did or stall like Sandboxie done and some others. I don't know for certain what "Powered by Novatix's patent-pending ActiveDefense™ technology" is supposed to mean, but on average at least in my testings so far it's proven worth the time and effort to check out and perhaps even keep?

It's worth noting that SSM and CH work alongside one another comfortably with no system impacts on resources or otherwise,.....that is so far.
{QUOTE->
I´ve installed CH and it didn´t seem to do anything, maybe I should have rebooted first? <-QUOTE}
Just to add in reply to this, another item which was encouraging to me anyway was that the install didn't require a reboot to set itself. Now to me that's something worth some points in the plus range too.

What IS missing in this program is a FULL Directory Tree List! It seems you can only drill down to under some Programs and not various sections such as in my case desktop programs. Still i give this one a thumbs up and a welcome relief over my other testings when it comes to reacting to threats. At least the ones i placed on it.
Maybe perhaps adding a right-click context selection is in order for choosing those favorite applications to apply those rules on.

Has anyone installed cyberhawk and then have a BSOD right away after you click finish, then windows not booting up. I can't seem to get this program to work even on a saved image with no other security apps installed. Anyone know if this is a known issue. Even in the article in PC World about cyberhawk, the comments show the same error I am getting while installing. On my current setup, when I tried to install it along side my security lineup, before the BSOD, I saw svchost.exe crashed, don't know if that helps any.

dja2k

i cant help with the reason why this is happening to your pc however I do not have any issues with cyberhawk. Iv loaded it and unloaded it from time to time with no hassles. have you contacted them about this? as they are real keen to hear about any issues .

Just got back a response from Support at Novatix and it so happens that the problem I was having was due to Online Armor AV+ KLIF.SYS file which doesn't work with cyberhawk at the moment. He was able to reproduce the same exact problem I had. So I am guessing for now, any kaspersky based AV will not work along side Cyberhawk.

dja2k

Just for the avoidance of doubt: I have nothing against Novatix (apart from their advertising ;-) but CyberHawk simply does not properly work yet.

http://img287.imageshack.us/img287/2520/cbh9nr.png

The problem is caused by the rules of the IDS. You may THINK that they are great & sophisticated. In fact they are VERY BASIC. Too basic. But this will hopefully change.

{QUOTE-> Just got back a response from Support at Novatix and it so happens that the problem I was having was due to Online Armor AV+ KLIF.SYS file which doesn't work with cyberhawk at the moment. He was able to reproduce the same exact problem I had. So I am guessing for now, any kaspersky based AV will not work along side Cyberhawk.

dja2k <-QUOTE}

That explains what I saw. Well no point in trying again.

CyberHawk is been a great alternative to backup all the other safety defenses and in fact is usually the first to jump up and intercept newly introduced system code calls with the prompt.

CyberHawk if it continues to be developed should prove extremely formidable and a natural to snipe intrusions well ahead before they can send any signals to Windows vulnerable code make-up thanks to M$ lack of concern.

There is a software which named Micropoint(made in China,Free),it's a proactive defend software!

After useing it,I don't need any anti-trojan software!

Of cause I think it is better than CyberHawk

URL http://www.micropoint.com.cn/

{QUOTE-> There is a software which named Micropoint(made in China,Free),it's a proactive defend software!

After useing it,I don't need any anti-trojan software!

Of cause I think it is better than CyberHawk

URL http://www.micropoint.com.cn/ <-QUOTE}

This is an antivirus software with proactive protection. It is a little difference from Cyberhawk, it has an automatic response system, it will analyse and add the signature itself. This is real an innovation, but with the doubt. I can't say much, you can have a try, it is free in the beta.

Hi, sounds interesting! I will like to know if anyone gives it a try.
Thanks.

Well, I'm trying it at the moment. I'm not sure what its supposed to do since its UI is in Chinese.

{QUOTE-> There is a software which named Micropoint(made in China,Free),it's a proactive defend software!

After useing it,I don't need any anti-trojan software!

Of cause I think it is better than CyberHawk

URL http://www.micropoint.com.cn/ <-QUOTE}
Hi, folks. I know some chinese and manage to access this web site and their forum. These are what I collect: Micropoint is basically an anti-virus app, with some built-in proactive features. On their forum, the author has cautioned that micropoint WILL be in conflict with the following:
KAV(AVP) v.5.0.237
Mcafee AV v.9.0 and under
Outpost FW
F-Secure client AV v.6.01 pro
It appears to me Micropoint WILL clash with the majority of heavy-weight players, let alone its residual value ??? eh?

Well, it makes sense since its still a beta.

Hi Perman! can u pls ask them when they will add support for English language.
Thanks.

I already did. There was a response, but not the one that I was expecting.

So u mean NO, but I wonder why?

The developer(s) aren't on the message board for it yet.

Well, I got a reply in my message from Legend (one of the developers), who states that there is an English version in testing.

Let's hope so because in it's present lingo it's totally useless since very few peeps in the world majority couldn't possibly make heads or tails of it without proper translation.

I do recall someone quickly translated ICESWORD (also Chinese) shortly after released into english and others re-packaged it to their own national lingo.

The compatibility problem looks like something else that will need to be worked out.

Anybody using latest CyberHawk beta. Just after install my OS freezes, can,t do any thing at all. Mouse can some time be moved but all icons etc are dead on my OS. The HD LED of my laptop shows that HD is not being accessed by the OS during this time( really strange). I have to reboot manually.
I tried it many times with same issue.

Empty your mailbox aigle.

Moving this thread to the top.

Hi,folks: I have tried this beta app, and wish that I did not do it at all. I experienced the same fate as Aigle did. Luckily I have FD-ISR,by booting into another snapshot, I was able to save my bacon. Remember, it is still in early stage of beta, full of bugs, nothing but bugs, users beware! Having said that, I will be willing to try it out when it has its first public release out beta.

{QUOTE-> Empty your mailbox aigle. <-QUOTE}

Sorry I did not notice.
and thanks for the help.

{QUOTE-> my OS freezes <-QUOTE}
Aigle,
This is a known issue, and a serious one.
The developers of Cyberhawk collected setup information from users who reported the same issue to support their research of the cause.
After that I never heard from them again.
Maybe they frooze...

Thanks, I did not know this. o have used the older version in past without any problems.
BTW, yerterday I installed it on a fresh baseline snapshot of RollBackRx and it worked nicely alongwith spycatcher and avast. Just used it for a while and will try later. May be there are some serious conflicts in my other snapshot.

{QUOTE-> Anybody using latest CyberHawk beta. Just after install my OS freezes, can,t do any thing at all. Mouse can some time be moved but all icons etc are dead on my OS. The HD LED of my laptop shows that HD is not being accessed by the OS during this time( really strange). I have to reboot manually.
I tried it many times with same issue. <-QUOTE}

I have installed the latest version 1.0.5.0.11
Install was no problem.
It runs fine along with Tiny Personal firewall, Appdefend/Regdefend, NOD32, FDISR.
It takes about 22 Mb ram. I havent noticed any slowdown on performance.


So far I like it. :thumb:

BTW, now I am sure there is something wrong. Yesterday i went to my snapshot of CyberHawk and it never loaded on boot up, tried twice but no way. I just erased that snapshot.
BUt I like it as its pop up remind me of ZA Pro,s OS firewall.
Will try the next version.

{QUOTE->
Will try the next version. <-QUOTE}
There is a new version out now - 1.1.0.4

When it was released?

{QUOTE-> When it was released? <-QUOTE}

I got an update alert yesterday where cyberhawk told me there was a new version.

btw I downloaded the trojan test from bufferzone: http://www.trustware.com/security_test_disclaimer.htm

and cyberhawk did not prevent or warn about the obvious trojan activity :(
It collects information and starts calc.exe and injects code in to it and then connects to the internet and sends all collected info :(
Is it not this kind of behaiviour cyberhawk is supposed to atleast warn about?

This is what trojan demo reported after I executed trojandemo and allowed it to access the net (with only firewall enabled in Tiny Personal Firewall):

{QUOTE-> ------ Hooks / Keylogging test ------<br>
Simple Keylogger attack: SUCCESS!<br>
<br>
------ Files Attack test ------<br>
Attacking C:\WINDOWS\system32\TASKMGR.EXE: SUCCESS!<br>
Attacking C:\WINDOWS\system32\TELNET.EXE: SUCCESS!<br>
Attacking C:\WINDOWS\system32\FTP.EXE: SUCCESS!<br>
<br>
------ Local Spy test ------<br>
-- Browsing local documents.. --<br>
C:\Documents and Settings\irrbush\My Documents\desktop.ini<br>
C:\Documents and Settings\irrbush\My Documents\Kvitto på betalning (vip.tv.nu)<br>
C:\Documents and Settings\irrbush\My Documents\Log.txt<br>
C:\Documents and Settings\irrbush\My Documents\pirate_mpa.pdf<br>
C:\Documents and Settings\irrbush\My Documents\Procexp.txt<br>
C:\Documents and Settings\irrbush\My Documents\scavenger log.log<br>
C:\Documents and Settings\irrbush\My Documents\spara.TXT<br>
C:\Documents and Settings\irrbush\My Documents\UserImages.bmp<br>
C:\Documents and Settings\irrbush\My Documents\XnView-win.zip<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\EULA.rtf<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\Form1.cs<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\Form1.Designer.cs<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\Form1.resx<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\frmAbout.cs<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\frmAbout.Designer.cs<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\frmAbout.resx<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\Program.cs<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\Safer.cs<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\SetSAFER.csproj<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\SetSAFER.csproj.user<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\XMLStuff.cs<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\bin\Release\SetSAFER.exe<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\bin\Release\SetSAFER.xml<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\Properties\AssemblyInfo.cs<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\Properties\Resources.cs<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\Properties\Resources.resx<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\Properties\Settings.cs<br>
C:\Documents and Settings\irrbush\My Documents\MSDN\SetSAFER MSI\Properties\Settings.settings<br>
C:\Documents and Settings\irrbush\My Documents\My Music\Desktop.ini<br>
C:\Documents and Settings\irrbush\My Documents\My Music\Sample Music.lnk<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Desktop.ini<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Sample Pictures.lnk<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\Fiber.bmp<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\woodup.bmp<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\line0053.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\line0210.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\line0321.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\line0517.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\mvey0123.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\mvey0126.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\mvey0524.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\mvey0559.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\mvey0599.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\nssl0013.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\nssl0040.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\nssl0107.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My Pictures\Wallpaper Images\NOAA\reef0096.jpg<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betanews.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Discovery.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\f*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\***** - 2.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\****** login.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfo<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rft<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfo<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\RoboFormDataHere.txt<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*******rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfo<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Snipurl.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Snort.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*****.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******i.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\******* - 2.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfn<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfn<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfn<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfn<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\options.rfo<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rft<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******- 2.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfn<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\RoboFormDataHere.txt<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfn<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfo<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfn<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Betalda program\*******.rfn<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Onlineaffärer\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Onlineaffärer\*******rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Onlineaffärer\v.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Onlineaffärer\Ivrfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Onlineaffärer\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Onlineaffärer\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Onlineaffärer\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Onlineaffärer\*******.rfp<br>
C:\Documents and Settings\irrbush\My Documents\My RoboForm Data\Default Profile\Tips\*******.rfn<br>
C:\Documents and Settings\irrbush\My Documents\My Videos\Desktop.ini<br>
<br> <-QUOTE}

*edit* removed some personal info :)

sukarof

I'm not using CCS, but after your test i decided to have a go just to see what might happen anyway. First of all it wouldn't launch due to WinSonar Free protecting all unallowed/unknown EXE's, so i allowed it.

183105

All it did was launch calc.exe ! I'm running 98se and IE, but in a very secure way, so i'm still a extremely happy bunny with this setup.


StevieO

Stevie O:

Yes propably all brands of HIPS will warn about the trojan demo activity, but the point was that cyberhawk did not.

I might add that Cyberhawk do warn, sort of. When I execute the trojan demo I do get an alert that Totalcommander (I start the trojandemo from Totalcommander)
{QUOTE-> "...is attempting to manipulate, modify or tamper with another currently running program on your computer" <-QUOTE}

but that is not very informative (it is misleading imho) since I trust Totalcommander and it is not trying to tamper with anything, it is merely launching the trojandemo. It is the trojandemo who eventually (after it is launched) starts to tamper/injecting code with other programs (calc.exe) and I would like cyberhawk to tell me that "trojdemo.exe is trying to tamper.." and so on.
If I answer "deny" for the trojandemo I will get an alert where Cyberhawk wants to transfer Totalcmd.exe for analysis to them. But that wont do any good since totalcmd.exe is not the problem here - trojdemo.exe is! they should want the trojan for analysis :/

Interesting. Maybe the product's intelligence is letting the activity pass because the tester you are running is not a trojan.
Chawk probably doesn't stop eicar from running either. Its behavior doesn't do anything malicious.
Have you run the OptixPro client against it? That software is stopped on my system, and that's because it is a trojan.

The fewer false positives the better.

I installed latest version yesterday, used for about 10 minutes but after that my system freezed. Rebooted and used for about 5 minutes and again my sytem freezed, so I just Rolledback to a clean snapshot. I like it but it,s not for me yet.
Impressions from this brief use. The GUI and tray Icon is very nice and good looking now. Introduction was quite impressing. They have probably decreased its aggressiveness as I got very few pop ups but I suspect at the same time thos step has also decreased its efficacy against malware ( just a feeling, I cannt confirm it).
Will try next version.

{QUOTE-> Interesting. Maybe the product's intelligence is letting the activity pass because the tester you are running is not a trojan.
Chawk probably doesn't stop eicar from running either. Its behavior doesn't do anything malicious.
Have you run the OptixPro client against it? That software is stopped on my system, and that's because it is a trojan.

The fewer false positives the better. <-QUOTE}
'
Maybe you are right, but I for one would want to know if a program collects data and sends it somewhere on the net. I think it is malicious behaiviour. Maybe Cyberhawk has some kind of definition for this demo trojan? But then again CH never claims to be an replacement for an firewall :) It warns for quite many suspicious behaiviour tho and yet it is not too intrusive. Since I have Tiny Firewall and appdefend and regdefend also I can see that Cyberhawks warnings are relevant. Maybe they have found a middle way (=less popups) between a system that is not protected by an HIPS and one that is fortified with HIPS like Tiny, appdefend, processguard and so on. (=many popup questions)

aigle: To bad it wont work on your system. Maybe it conflicts with Rollback? Just a thought out of the blue since it looks like Cyberhawk filter things it protects through a driver (CHWAH.DLL) and maybe that conflict with Rollback who also filters everything through its own driver?
Disclaimer: I am in very deep water here with this theory but I am sure (I hope) that I will be corrected by some one who knows more :)

{QUOTE-> '
aigle: To bad it wont work on your system. Maybe it conflicts with Rollback? Just a thought out of the blue since it looks like Cyberhawk filter things it protects through a driver (CHWAH.DLL) and maybe that conflict with Rollback who also filters everything through its own driver?
Disclaimer: I am in very deep water here with this theory but I am sure (I hope) that I will be corrected by some one who knows more :) <-QUOTE}

It,s a possibility. However I have used its ?first beta with RollbackRx without any problems.

{QUOTE-> I'm not using CCS, but after your test i decided to have a go just to see what might happen anyway. First of all it wouldn't launch due to WinSonar Free protecting all unallowed/unknown EXE's, so i allowed it.

.

All it did was launch calc.exe ! I'm running 98se and IE, but in a very secure way, so i'm still a extremely happy bunny with this setup.


StevieO <-QUOTE}

You are using win 98 right? The test probably doesn't work on win 98, given that the files directories it looks for don't exist in win 98. Of course the test can be easily modified to target the right directories, in which case I highly doubt winsonar will protect you, once you allow it.


Fern.

{QUOTE-> I installed latest version yesterday, used for about 10 minutes but after that my system freezed. Rebooted and used for about 5 minutes and again my sytem freezed, so I just Rolledback to a clean snapshot. I like it but it,s not for me yet.
Impressions from this brief use. The GUI and tray Icon is very nice and good looking now. Introduction was quite impressing. They have probably decreased its aggressiveness as I got very few pop ups but I suspect at the same time thos step has also decreased its efficacy against malware ( just a feeling, I cannt confirm it).
Will try next version. <-QUOTE}

aigle,

I was having a similar freeze with Cyberhawk on my pc also. The one thing you and I have installed the same is Geswall. There appears to be a conflict when Geswall has an app isolated and CH. I wrote to Novatix and what they found is the failure is occurring in the Geswall code, it doesn't unlock the app properly causing the freeze. When CH is added into chain of events it brings out this failure. I suspect if you were to remove Geswall with CH you'd run okay.

Of course, I questioned this, nice of them to use Microsoft tactics and blame a 3rd party. They assurred me that the debugger isn't lying and they could not find the failure in CH. They plan to contact Geswall to see what can be done.

I like having CH installed because it isn't intrusive and doesn't use brute force to block everything. The verdict is still out on how effective it is against a virus attack but I like my chances.

Caio

Thanks for the info. I will try it without GesWall and see( though I got problems even without GesWall with previous version). I will write to GesWall sopport as well.

{QUOTE-> Hi Perman! can u pls ask them when they will add support for English language.
Thanks. <-QUOTE}
该软件在推出时，受到竞争对手的阻挠耽误了很多时间，不过相信很快就可以推出正式版，而且到时会有英文版的。另软件正在不断完善，相信到时大家拿到的会是一款相当棒的软件。

the obstruction that is subjected to the rival held up the plenty of time while release,, however believe that very quickly can release the formal version, and there will be the English version by that time.The software just at continuously perfect, believe that everyone can use it as a very good software.

thanks, pls tell us hen it is released.

Hi Folks

Dowloaded Cyberhawk this afternoon to give it a try and have a couple of questions.

Firstly, I may have misunderstood this, but shouldn't the Protection Log list those processes indentified in the Security Status tab as Programs Protected. I have 59 Programs Protected but nothing in the log under the Protection Log.

Secondly

{QUOTE-> Process Guard doesn't like Cyberhawk. I put PG in learning mode, I get pop-up saying hawktask.exe was blocked from reading proguard.exe, I disable PG I still get pop-ups saying hawktask was blocked from reading proguard.exe Then I disable Cyberhawk too. I still get pop-ups saying hawktask.exe was blocked from reading proguard.exe. 6676 error messages and still going. Until this is remedied I have to remove cyberhawk. >:( <-QUOTE}

I too run PG but see no reference to hawktask.exe, only chgui.exe, chservice (which has permission to install drivers/global hooks and access physical memory) and chtray.exe

Does hawktask.exe only apply to earlier versions.

Other than that Cyberhawk does seem eerily unobtrusive and haven't any BSOD or conflicts so far (at start up - NOD32, LooknStop, Spyware Guard, )Shadowuser, Process Guard)

Thanks for any help or tips on this.

By the way is it still in beta? Couldn't tell from the website.

I decided to try Cyberhawk again. I dont know if I remember wrong but doesnt Cyberhawk have execution protection? I dont get any warning about executables starting.

{QUOTE-> I decided to try Cyberhawk again. I dont know if I remember wrong but doesnt Cyberhawk have execution protection? I dont get any warning about executables starting. <-QUOTE}

I'm not getting any warnings about anything at all :-\

Events analyzed are updating very sporadically and I have no idea what Programs are protected because it simply isn't listing them.

To repeat from my earlier post, have I missed something here?

Sukarof, do you get hawktask.exe as a component of Cyberhawk?

Thanks

Hi

Don't worry guys, decided to ask these questions at Novatix support (should have done in the first place I guess) and they've answered already.

Encouraging to see such swift support. Always a positive for any product when you feel there's good support for it, especially when the product is free :thumb: