Novatix Corporation has just released Cyberhawk v. 2.0. It is now available for download from the Novatix website http://www.novatix.com.

Further details in the press release:

http://www.novatix.com/Press/070115/

If you are a current Cyberhawk user you will see an update notification today. You may always simply download the new version at any time directly from our site and install over your current version. For further details see:

http://www.novatix.com/Cyberhawk/Updates/

Thanks to all here who helped us with suggestions and feedback on how to improve Cyberhawk. We look forward to hearing your feedback on the new version!

Becky Dubrow

i have not tried Cyberhawk before, but after just installing it, i can say its quite light and working fine on Vista.

I just installed Cyberhawk 2.0 and I have lots of slow downs in boot. If I remember correctly I have this same problem also with older version. It takes about 1 minute that those network icons came in taskbar and after that Cyberhawk starts. No problems before installing it.

I will try it this night... ;)

### "events analyzed"
### "programs examined"

It would be great to know what "events" it analyzed and what "programs" it examined. I assume there is no way to do that? While CH is light on the interaction it seems to require, I would like to have some measure of what those metrics comprise....

Thanks,
Mark.

-{ Quote: "I just installed Cyberhawk 2.0 and I have lots of slow downs in boot. If I remember correctly I have this same problem also with older version. It takes about 1 minute that those network icons came in taskbar and after that Cyberhawk starts. No problems before installing it." }-

Hi MikeNAS--
If you have some time it would be very helpful if you would please contact our technicians through our online support site (in signature) so that we can perhaps get some additional info from you on the specifics of what's happening.

Thanks,
Becky Dubrow

-{ Quote: "It would be great to know what "events" it analyzed and what "programs" it examined. I assume there is no way to do that? While CH is light on the interaction it seems to require, I would like to have some measure of what those metrics comprise...." }-

Thanks for the suggestion, Mark.

For a general explanation of where those numbers come from, please see:

http://www.novatix.com/cyberhawk/stats/

Currently there is no report that provides PC-specific details, but I'll make a note of the suggestion. You'll see that these numbers will very quickly get very high, so it might be a little difficult to provide an easily readable report covering such a large amount of data.

Kind regards,
Becky Dubrow

hi Becky it says this version is a full working version for 14 days however when i ran the rootkit scanner it says its only available if i buy the pro version?

Thanks Becky - I will check out the link. I was thinking as well that the list/log might get big real fast and require some user-selected filtering on events to be readable/usable at all.

Thanks again and congrats on v2.

Best,
Mark.

-{ Quote: "hi Becky it says this version is a full working version for 14 days however when i ran the rootkit scanner it says its only available if i buy the pro version?" }-

Hi all,

me too

Congrats novatix for this new release

MaB

-{ Quote: "hi Becky it says this version is a full working version for 14 days however when i ran the rootkit scanner it says its only available if i buy the pro version?" }-

-{ Quote: "me too" }-

Hi Solarpowered candle & MaB69--

Thanks for trying out the new version.

What you're describing is very odd. During the 15-day trial period you should be able to access the rootkit scanner without any trouble. Our technicians are trying to reproduce the behavior you're seeing (through a variety of tests and manipulations), but so far we're unable to reproduce it. We'll continue to see if we can get it to behave as you describe, but they may end up PM'ing you for additional info.

Are you able to access the other "Pro only" features like the Custom Rules module, for example, or do you only see that message for the rootkit scanner?

Also, another question just to rule out a simple date issue, after installing did you set your system dates ahead past the trial period at all?

Thanks for your help,

Becky

Well i have the same problem (15 days trial not actually enabled). CH 2.0 installed on clean PC (which never had CH on it as i restored the HDD image).
Just to fill the stats, though i don't exactly need the Pro features.

Tested with Anti-Keylogger Tester, http://www.firewallleaktester.com/news.htm#66. Detects the first two keylogger methods IF the Anti-Keylogger Tester program window is NOT the active window. Not sure if this is by design or not. Does not the detect the third keylogger method or the screenshot methods.

-{ Quote: "Are you able to access the other "Pro only" features like the Custom Rules module, for example, or do you only see that message for the rootkit scanner?

Also, another question just to rule out a simple date issue, after installing did you set your system dates ahead past the trial period at all?

Thanks for your help,

Becky" }-

Hi Becky,

To shortly answer to your 2 questions ? No and No :P

Of course, you can PM me if your need more information.

Regards,

MaB

With the trial version I can't use the Pro features... :(
I also don't need them, but at least if is a trial version...

I test it with "Anti-Keylogger Tester 1.0 (http://www.firewallleaktester.com/news.htm#66)", "Martins Undetectable Keylogger", "RegTest 1.000 (http://www.ghostsecurity.com/registrytest/)" and "Advanced Process Termination 4.0 (http://www.diamondcs.com.au/index.php?page=apt)", but it fails all of them, except the "Martins Undetectable Keylogger" that was detected a lot of time after I run it and type a lot of characters... :(
Maybe I did something wrong...

I would like to see this program works when some trigger is activated on registry, instead of using polling to detect differences...

-{ Quote: "With the trial version I can't use the Pro features... " }-

We've tracked down the trouble with the trial (or non-trial) version and it actually only affects overseas users. Certainly didn't mean to discriminate like that! We're working on a fix and once available, you'll be able to download a new version and then have access to all features (even if you don't really need them) for the full 15 days.

-{ Quote: "I test it with "Anti-Keylogger Tester 1.0 (http://www.firewallleaktester.com/news.htm#66)", "Martins Undetectable Keylogger", "RegTest 1.000 (http://www.ghostsecurity.com/registrytest/)" and "Advanced Process Termination 4.0 (http://www.diamondcs.com.au/index.php?page=apt)", but it fails all of them, except the "Martins Undetectable Keylogger"" }-

Did you first reboot after installing Cyberhawk 2.0 and before running the keylogger tests? If not, would you please do that and try the tests again?

Thanks,
Becky

-{ Quote: "Did you first reboot after installing Cyberhawk 2.0 and before running the keylogger tests? If not, would you please do that and try the tests again?" }-
It didn't worked...

-{ Quote: "It didn't worked..." }-
Have you tried with the Anti-Keylogger Tester program window not being active when you write something? For me the keylogging is only detected then.

-{ Quote: "Have you tried with the Anti-Keylogger Tester program window not being active when you write something? For me the keylogging is only detected then." }-
This way, only the first two of this test are detected...

Hm, trial features just started working all of the sudden (Rootkit scanner). And i haven't even rebooted the PC. Strange.

-{ Quote: "This way, only the first two of this test are detected..." }-
Yes, but most anti-malware programs miss these completely and almost no one detects the last three.

-{ Quote: "Yes, but most anti-malware programs miss these completely and almost no one detects the last three." }-
Those that use signatures and not detect behaviours, should not detect them...

Just wanted to let everyone know that we have released another update today that fixes the quirky trial version behavior. The program will notify of that an update is available, or you may always just get the latest version directly from our website Updates page: http://www.novatix.com/Cyberhawk/Updates/

We're also continuing to look into the keylogger detection issues raised here as well.

Becky Dubrow

hi becky unfortunately the link to the download comes up with "This is a marker file generated by the precompilation tool, and should not be deleted!"

-{ Quote: "hi becky unfortunately the link to the download comes up with "This is a marker file generated by the precompilation tool, and should not be deleted!"" }-
Same here...

http://www.snapfiles.com/get/cyberhawk.html

I tried to terminate CHService.exe using APT 4.0. To determinate whether the real-time protection was working or not I ran the spycar hosts test and TowTruck. The computer was restarted after every succesfully termination attempt.
"Yes" means the hosts test ran succesfully (CyberHawk was terminated/not working).
"No" means the hosts test was blocked by CyberHawk.

Suspend 1 Yes
Suspend 2 Yes

Kill 1 No
Kill 2 No
Kill 3 No
Kill 4 No
Kill 5 Yes
Kill 6 No (Alert from Cyberhawk)
Kill 7 No
Kill 8 Yes
Kill 9 Yes
Kill 10 No
Kill 11 No (Alert from CyberHawk)
Kill 12 No

Kernel Kill 1 Yes
Kernel Kill 2 No

Crash 1 Yes (Reported by APT as unsuccessfully)
Crash 2 No (Alert from CyberHawk)

For Suspend methods, Kill 5 and Crash 1 CHService.exe remained running but was not working (hosts modification allowed).

-{ Quote: "http://www.snapfiles.com/get/cyberhawk.html" }-

Thanks for posting to alternative link webster.

Just got wind of this release today but the Novatix website is still displaying that aforementioned message instead of loading Cyberhawk Home Site.

Does CyberHawk v. 2.0 protect other security applications against termination?

-{ Quote: "hi becky unfortunately the link to the download comes up with "This is a marker file generated by the precompilation tool, and should not be deleted!"" }-

One of our web servers was down for a bit yesterday which caused some folks to see this message. The problem's been corrected and all should be able to access the site without trouble now.

Becky

-{ Quote: "I tried to terminate CHService.exe using APT 4.0. To determinate whether the real-time protection was working or not I ran the spycar hosts test and TowTruck." }-

Thanks for running these tests on Cyberhawk, ggf31416!

I've forwarded your results internally here to see if we can reproduce. We're always working on further hardening Cyberhawk and I'm sure we'll be able to use these tests to further improve its security.

Becky

First at all, sorry for my english

I tested your product with http://www.pcflank.com/pcflankleaktest.htm (http://www.pcflank.com/PCFlankLeaktest.exe) and it fails, outpost also but ask me if i want permit it acces to internet.

Here (http://www.pcflank.com/leaktests_info.htm) you have more leaktest for try to improve your product. Test it if you want.

Perhaps you can improve it adding some options like have another prograns like ssm or ps.

-{ Quote: "Does CyberHawk v. 2.0 protect other security applications against termination?" }-

Yes--Cyberhawk currently watches out for a rather extensive list of other security apps, and we have plans to expand on that list as we can.

Becky

-{ Quote: "Here (http://www.pcflank.com/leaktests_info.htm) you have more leaktest for try to improve your product. Test it if you want." }-

Thanks, lordraiden. We'll continue looking at these tests, too!

Becky

Here you have more leaktest, for test CW http://www.firewallleaktester.com/categories.htm

I hope soon the results and the update of CW

Thanks for interesting

-{ Quote: "Here you have more leaktest, for test CW http://www.firewallleaktester.com/categories.htm" }-

Thanks again, lordraiden.

We're already aware of those tests, and Tod and VaMPiRiC_CRoW pointed out some test results earlier in this thread.

I'm sure you can expect to see additional protections added in to the next update of Cyberhawk. We're always working on improvements!

Becky

@becky

Now that the "for money" version is in play...what is the status of your forums for Cyberhawk? I think that your userbase really does need that type support environment ASAP......;)

-{ Quote: "what is the status of your forums for Cyberhawk?" }-

Hi galileo--

This is still pending. We haven't forgotten about it, but right now our priorities are still focused on improving the core product.

We certainly understand user input is important in that regard, but we currently offer other ways for users to get in touch with us and provide feedback--online support center, email, phone, outside forums, etc.--and we hear from folks through all these various means, so right now that's working until we have time to implement something else/something better.

Becky

OK CyberHawk. So far, so good. Like some others i enjoy the new additions and apparently, at least on my units so far, no over-bearing or HEAVY pull on the performance end. A welcome relief indeed from former versionS.

However, Cyberhawk Support, can you explain or make clear why i am seeing this in a HijackThis scan?
-{ Quote: "O23 - Service: Cyberhawk - Unknown owner - C:\Program Files\Common Files\Novatix\Cyberhawk\CHService.exe" service (file missing)" }-

At first that HJT report convinced me that maybe System Safety Monitor had intercepted and blocked something from the CyberHawk install, so i unistalled it and closed all security programs including SSM, then re-installed only to discover that same (file missing) afterwards.

Now i checked the C:\Program Files\COMMON FILES\Novatix path and it lead directly to the exe file. I also checked and it appears that the CyberHawk "SERVICE" is definitely working as i established an initial CUSTOM RULES and CH jumped up as usual to some applications i generated at it to see if it was alive or sleeping.

In your view is this file missing line in the HJT report have something to do with CyberHawks new RootKit Scan? as in perhaps that particular feature activates a kernel-mode driver but only at the time you're using that scan? It's a known fact HJT program can display discrepencies or be evaded from detecion by some programs/malware.

Thanks: EASTER

-{ Quote: "O23 - Service: Cyberhawk - Unknown owner - C:\Program Files\Common Files\Novatix\Cyberhawk\CHService.exe"" }-Does the ImagePath string value data at the below registry location match the file system location ?

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CHService

-{ Quote: "Does the ImagePath string value data at the below registry location match the file system location ?

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CHService" }-

Done a quick check with RegCrawler and mine seems to indicate differently than yours, perhaps reflecting latest & newest version?

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cyberhawk

However checking the registry key for the image path , both the COMMON FILES PATH are equal, that is C:\Program Files\Common Files\Novatix\Cyberhawk\CHService.exe of course the reg key displays service at the tail end of the path, at any rate Cyberhawk still seems to be working as usual. :blink:

I have no clue right now but will look into this more. Thanks Bubba

thanks for this and congratulation to all cyberhawk team. i hope lesser and lesser in recources, more detection and less in false alarm and most of all, free....;)

"Cyberhawk Support"

Perhaps if you say all the cases to us in which your software acts we help you adding some cases. For example if it acts when something tries to copy itself in the Windows folder ...

Sorry for my english

-{ Quote: "Thanks again, lordraiden.

We're already aware of those tests, and Tod and VaMPiRiC_CRoW pointed out some test results earlier in this thread.

I'm sure you can expect to see additional protections added in to the next update of Cyberhawk. We're always working on improvements!
" }-
And about avoid to use polling to check new entries in registry?

I seem to be having an issue w/ the latest version:

Upon re-boot / start, only CHservice starts. In order to see CHTray, I have to start CH from All Programs. I've tried un-installing / re-installing, same results.

...screamer

-{ Quote: "OK CyberHawk. So far, so good. Like some others i enjoy the new additions and apparently, at least on my units so far, no over-bearing or HEAVY pull on the performance end. A welcome relief indeed from former versionS.

However, Cyberhawk Support, can you explain or make clear why i am seeing this in a HijackThis scan?


At first that HJT report convinced me that maybe System Safety Monitor had intercepted and blocked something from the CyberHawk install, so i unistalled it and closed all security programs including SSM, then re-installed only to discover that same (file missing) afterwards.

Now i checked the C:\Program Files\COMMON FILES\Novatix path and it lead directly to the exe file. I also checked and it appears that the CyberHawk "SERVICE" is definitely working as i established an initial CUSTOM RULES and CH jumped up as usual to some applications i generated at it to see if it was alive or sleeping.

In your view is this file missing line in the HJT report have something to do with CyberHawks new RootKit Scan? as in perhaps that particular feature activates a kernel-mode driver but only at the time you're using that scan? It's a known fact HJT program can display discrepencies or be evaded from detecion by some programs/malware.

Thanks: EASTER" }-

Hi Easter,

We are glad to hear Cyberhawk is behaving in your Windows environment and are happy with the update so far.

The "(file missing)" comment by HJT, for CHService, doesn't mean that the file isn't there, as you verified, it can also mean HJT cannot see the file. This is likely due to the protection on that particular directory. You'll see this with other Security apps as well like, Symantec. As Cyberhawk grows up and becomes more known we need to protect it from attacks. This was implemented in a early phase of self protection.

Thanks!

Armando
Novatix Corp

is this a bug???
started all of a sudden a few days ago.happens mainly when i type a message in a forum,but again,not always.never did that before.i scanned my pc again and again,all clear,i have the feeling this has to be some strange bug or conflict or something..

browser Opera
running
Jetico
Antivir premium
Cyberhawk free
Peerguardian
Spyware terminator
using ad-aware and spybot too
any help?....???

edit:confirmed just a bug soon to be fixed.thank you Cyberhawk Support :)

-{ Quote: "I seem to be having an issue w/ the latest version:

Upon re-boot / start, only CHservice starts. In order to see CHTray, I have to start CH from All Programs. I've tried un-installing / re-installing, same results.

...screamer" }-



Hi Screamer,

Do you have a high number of apps loading to the systray? What might be happening is CH is asking the taskbar to display the tray icon and the taskbar isn't ready for that call or because a high amount of activity during logon the CH message is getting lost. Something we can try is to clear out the history for these icons that load. Below are some instructions from Microsoft hopefully it will help. There are a high number of steps involved but the extra steps help save a restart, in theory.

1. Run regedit: click on Start > click on Run > type "regedit", without quotes > OK
2. Navigate to
HKEY_CURRENT_USER
\Software
\Microsoft
\Windows
\CurrentVersion
\Explorer
3. In the Explorer folder change the value of EnableAutoTray to 0.
4. Right click Start (or anywhere on the taskbar) and select Properties.
5. Click the Taskbar tab.
6. Clear the Lock the taskbar option.
7. Check Hide inactive icons.
8. On the Taskbar tab, click Customize.
9. In the Current Items section, select each of the items as "Always Hide". Click OK, then OK again.
10. Start all over, re-open the properties dialog box, and select each item as "Hide when inactive" in the Current items section. Click OK, then OK again.
11. Navigate in the registry to
HKEY_CURRENT_USER
\Software
\Microsoft
\Windows
\CurrentVersion
\Explorer
\TrayNotify
12. Delete the IconStreams and PastIconStreams values.
13. Close the Registry Editor.
14. Close all open programs.
15. Open Task Manager: click on Start > click on Run > type "taskmgr", without quotes
16. Click on the Processes tab.
17. Click on explorer.exe in the image name column.
18. Click on the End Process button.
19. Confirm Yes to kill the process. This will close the desktop except for Task Manager.
20. In Task Manager select the File menu command.
21. Click on the Create New Task button.
22. In the Open box type: explorer
23. Click OK.

Let me know if this doesn't help, you can contact me via out support site there are some other things we can try.

Regards,

Armando
Novatix Corp

Same thing happened to me. Cleaned the iconcache with CCleaner, but why do Cyberhawk do this ? ???

You know what I don´t get about this tool? Why doesn´t it alert me about every suspicious behavior? I mean let´s say that CH only alerts about certain behavior when it thinks that a certain app is malicious. Isn´t this a bit strange then? I mean if this really is true then does CH in fact claim to be able to identify ALL malware? Otherwise what´s the point? :wacko:

-{ Quote: "The "(file missing)" comment by HJT, for CHService, doesn't mean that the file isn't there, as you verified, it can also mean HJT cannot see the file. This is likely due to the protection on that particular directory. You'll see this with other Security apps as well like, Symantec. As Cyberhawk grows up and becomes more known we need to protect it from attacks. This was implemented in a early phase of self protection.

Thanks!

Armando
Novatix Corp" }-

Greets Armando & Thanks.

That is exactly what i suspected and of course alluded to in my comments toward that same fact about HJT, so thanks for the confirmation.
As aforementioned, CyberHawk was and continues to perform normally to this configuration on XP Pro SP1. :thumb:

I applaude the efforts put into this latest release. I am especially encouraged to find Cyberhawk now "Quarantine" immediately "known" THREATS, and equally allows to return any file we deem for our own use (even if identified by High Threat) safely to it's former location.
It's all about choice and in this latest version CyberHawk again affords this important feature as before.

I see the community protections/contributions have definitely given rise to a more "informed" detectability rate.

Well, i'm off to throw some other items at it for conscience sake, but i know it will rapidly meet those tactics in a manner which is quite satisfactory from this end to date. ;)

-{ Quote: "You know what I don´t get about this tool? Why doesn´t it alert me about every suspicious behavior? I mean let´s say that CH only alerts about certain behavior when it thinks that a certain app is malicious. Isn´t this a bit strange then? I mean if this really is true then does CH in fact claim to be able to identify ALL malware? Otherwise what´s the point? :wacko:" }-

Hi Rasheed187--

Not quite sure I understand...

It's certainly our goal to have Cyberhawk identify ALL malware, but as far as I know there is currently no tool available now that can do this with 100% accuracy.

Are you seeing cases with known malware where Cyberhawk does not alert you? If so, we'd very much like to have the details so that we can test for ourselves and continue to improve Cyberhawk's smarts. What types of suspicious behaviors in your opinion are we not alerting on?

Just to clarify, one thing we do not wish to do is burden the user with unnecessary prompts in the case of false positives. Having too many false positives has traditionally been seen as a detriment in most behavior-based tools. We've worked very hard to build in intelligence into how CH determines whether an action is truly suspicious or not. And so far we've had very good feedback on this aspect of the product.

Regards,

Becky Dubrow

Hi, folks: I think my question may have been raised here before. W/ new CH v.2 being released, the situation may have been somewhat changed. My simple question is : Does CH pro conflict w/ Prevx1 ? I have learned from Prevx1's forum this; although they do not post an apparent issue, the hidden one is very likely. I regard these fabulous apps as love/hate programs. Sometimes you love them dearly and other tomes you just hate them. I have since enlisted prevx1' service, I love it. And like to add CH pro v.2 as its companion. Any good advice? Anyone? Thanks. :)

I obtain this error allways that I start the system
means that Cyberhawk try to close Outpost firewall pro and outpost firewall prenvent it.

Why?

I take it by the unusual frequency of "This Program Is Logging Keystrokes" from explorer, internet explorer, notepad, and even CyberHawk itself 8) CHGUI.EXE not mention others, that it is being alerted & picking up on my own keylogger.

Be advised that i do deliberately incorporate a local "keylogger" on my machine which logs in sequence any text as well as programs/time initiated.

I cleared that program thru answering the prompt but decided to add that process to the "Trusted Processes".

Just curious since another members have made mention of same/similar activity.

CyberHawk so far is very stable and of course quickly ALERTING to unusual system behaviors.

Thanks EASTER

Experience the same as lordraiden. I use CH 12039. Outpost 4.0.971.7030 (584)

Best Regards

I am unsing
Outpost Firewall Pro ver. 4.0.1005.7229 (590)
Cyberhawk 2.0.1

Perman: Does CH pro conflict w/ Prevx1 ?


http://i113.photobucket.com/albums/n218/yankinNcrankin/th_q.jpg (http://i113.photobucket.com/albums/n218/yankinNcrankin/q.jpg)


I currently have the 2 programs above and the ones in my signature running on my box with no conflicts pretty cool :) I had issues with Cyberhawk's earlier version and a few of my gaming programs, this new version has corrected the problem and is very stable.

No conflicts with DSA and Cyberhawk?

I have tried them seperately but never together, wasn't sure about any conflict or overlap

Hi, folks: hi, y_N: thanks for your findings. I am glad to learn that Prevx1 and CH can coexist. I shall give CH a good test run sometime this week. Thanks again, and have a nice one. :)

Novatix must have the slowest servers on the planet! At least for me, trying to view their website is a chore.

-{ Quote: "It's certainly our goal to have Cyberhawk identify ALL malware, but as far as I know there is currently no tool available now that can do this with 100% accuracy.

What types of suspicious behaviors in your opinion are we not alerting on?

Just to clarify, one thing we do not wish to do is burden the user with unnecessary prompts in the case of false positives. " }-

@ Becky Dubrow

Thanks for the response, the thing is, the way I see "HIPS" is that they should alert on every suspicious activity and it´s up to the user to decide if they would like to allow it or not. Now I sometimes see alerts and sometimes not.

As you might know, as soon as you allow a driver to be installed on your system, your system might be "owned" by a rootkit. That´s why I´m surprised that I did not always get an alert about this stuff. And perhaps you can say, "well it´s probably because CH thinks that it´s safe". But the thing is, as you said yourself no security tool on the planet can recognize all malware.

I also noticed that CH does not rely completely on its HIPS, it also has a signature engine, is this self developed or licensed from some other tool? And why is a harmless tool as Scoundrel Similator flagged as malware? Plus the whole GUI needs on overhaul IMO, other than the fact that it´s not resizable, it seems like it´s depending on IE´s fontsettings? ::)

I tested http://www.pcinternetpatrol.com/pcaudit with cyberhawk and it fails, another "bug"

Where can I see what is new on version 2.0.1?

I think that the unique change is a problem with the trial version

-{ Quote: "I think that the unique change is a problem with the trial version" }-
Thanks.

Would be nice if we could have this information of CH website...

Cyberhawk Support,

Did you know about this test: http://www.techsupportalert.com/Security%20Tests/HIPS/Security%20Tests%20-%20CyberHawk%20V1.2.htm

The current version of CH still failed a few tests of this page, but the others are fixed?

Recopilation of leaktest, for test and reapair Cyberhawk

http://www.pcinternetpatrol.com/pcaudit
http://www.techsupportalert.com/Security%20Tests/HIPS/Security%20Tests%20-%20CyberHawk%20V1.2.htm
http://www.pcflank.com/leaktests_info.htm
http://www.firewallleaktester.com/categories.htm
http://www.geeksuperhero.com/scoundrelsim.shtml

-{ Quote: "@ Becky Dubrow

Thanks for the response, the thing is, the way I see "HIPS" is that they should alert on every suspicious activity and it´s up to the user to decide if they would like to allow it or not. Now I sometimes see alerts and sometimes not.

As you might know, as soon as you allow a driver to be installed on your system, your system might be "owned" by a rootkit. That´s why I´m surprised that I did not always get an alert about this stuff. And perhaps you can say, "well it´s probably because CH thinks that it´s safe". But the thing is, as you said yourself no security tool on the planet can recognize all malware.

I also noticed that CH does not rely completely on its HIPS, it also has a signature engine, is this self developed or licensed from some other tool? And why is a harmless tool as Scoundrel Similator flagged as malware? Plus the whole GUI needs on overhaul IMO, other than the fact that it´s not resizable, it seems like it´s depending on IE´s fontsettings? ::)" }-

Hi Rasheed187--

Cyberhawk employs intelligent analysis in its strictly behavior-based protection in an effort to greatly reduce false positives and to appeal to non-expert users. The product was designed to be simple and straightforward to use so that even novice users could have an extra layer of added security. It's the intelligence behind CH that keeps it from alerting on every single action that you see, as this would quickly become overwhelming for most users.

If you'd like to see more alerts, then I'd encourage you (as a more advanced user), to set up the Custom Rules to your liking. You can be very specific about the types of actions you'd like alerts on, and can even set them to alert on just about all actions, if you choose. This way you can always make the choice, since that's your preference. The novice users we've spoken too, however, would just as soon have all choices made for them, whenever possible.

And we do not employ a signature engine in Cyberhawk. Again, all alerts that you might see happen due to detected behaviors, not signatures. If we detect a malicious action and decide an alert is warranted, we'll then attempt to match what's happening on the systme to information that we have in a blacklist database. This is not a signature engine and it is not a straight blacklist that blocks based on signatures. It is simply a check AFTER malicious behaviors have been detected to allow certain user interactions with Cyberhawk to be more straightforward and convenient. For example, if Cyberhawk first detects malicious behavior, then finds a match on the blacklist for a known malware, then we can automatically block the process and behavior involved instead of asking the user to make a decision about that.

I don't know that much about Scoudrel Simulator, but I've asked some folks here to take a look at it. From just a quick review, it seems like it does actually perform some actions that might be considered malicious UNTIL you revert the PC back to its original state. This is exactly what Cyberhawk is designed to do--detect activities that may present a threat. Again though, I'll have our technical group look into it in more detail.

I hope this explanation helps understand a little better how CH works. We appreciate all your questions and comments.

Becky Dubrow

-{ Quote: "I obtain this error allways that I start the system
means that Cyberhawk try to close Outpost firewall pro and outpost firewall prenvent it.

Why?" }-

Hi Lordraiden,

This is a general error message by Outpost that it will show when an app attempts to monitor it as Cyberhawk attempts to. It appears to be part of their security. Cyberhawk is not attempting to terminate Outpost but monitor its behavior. You can check the "Do not show this message again" or "No comunicar este evento", on your system, since both this apps should be trusted.

We are looking at ways to have a message from Cyberhawk to notify the user with this type of behavior.

Armando
Novatix Corp

-{ Quote: "
As you might know, as soon as you allow a driver to be installed on your system, your system might be "owned" by a rootkit. That´s why I´m surprised that I did not always get an alert about this stuff.
" }-

Hi Rasheed187,

Yes, Cyberhawk does not flag the installation of drivers. Lots of legitimate software perform this very common task.
However, Cyberhawk effectively finds hidden processes that a malicious driver may hide and kill them. Also, more improvements may be rolled into the product to intelligently identify the legitimacy of a driver's installation, but the simple action of driver installation will not trigger a Cyberhawk response that forces the user to make a decision.

-{ Quote: "
And why is a harmless tool as Scoundrel Similator flagged as malware?
" }-

Simulators like this one are being flagged as malware by other major vendors in the industry as well. Because the actions that it performs are something that a user would not want performed on their system (like removing the Internet icon from the Control Panel) and Cyberhawk has seen this 'simulation' software before, the red dialog removes the need to make a decision on these triggers from the user.
I admit that Cyberhawk's description of the simulator may be a bit unclear, and we may make a change to address it in the future, but it is a primary goal to remove the decision making event from the user's experience. Cyberhawk's identification of Scoundrel Simulator's actions as something the user doesn't need to make a decision about aligns with that goal best. Thanks for pointing it out.


Kurt

@ Becky and Kurt

Thanks for the feedback, but I guess CyberHawk is not for me, I don´t like its approach.

-{ Quote: "Lots of legitimate software perform this very common task." }- Well lots of malware do the same thing. And actually most simple apps will not do this in my experience. But yes it would be cool if you could identify the legitimacy of a driver's installation.
And about Scoundrel Simulator, I don´t think that security tests should be flagged as malware, HIPS should instead try to stop the suspicious behavior. Btw, you might also want to look at the IE Fontsetting problem:

-{ Quote: ""Plus the whole GUI needs on overhaul IMO, other than the fact that it´s not resizable, it seems like it´s depending on IE´s fontsettings"? ::) " }-

Heres something I noticed which is also why I'm running Prevx1 along side of Cyberhawk both use different methods of detection, I'm sure alot of you know that already but I just thought I give some visuals.
Here is Prevx1 method I counted 81+ SSDT Hooks with NO code hooking.
Cyberhawk I counted 5 SSDT Hooks and 380+ Code Hooks some really cool magic lol :)

http://i113.photobucket.com/albums/n218/yankinNcrankin/th_pc.jpg (http://i113.photobucket.com/albums/n218/yankinNcrankin/pc.jpg)

Cyberhawk Support,

The argument that a lot of programs install legitm service is not valid, because a lot of programs add them self to startup with Windows and we receive an alert about that. And I still lacks the Windows Startup folder on free version...

This type of things should be consistent...

Hi all, CyberHawk still phones home inspite of updates and community participation turned off. They promised to fix it many months back but they did not keep their words.

Anybody noticed this as well?

I installed LimeWire and during that a strange prompt from CH. The application name/ path not mentioned at all.

I would like to address the "phoning home" issue that you brought up.



Cyberhawk in your screenshot is not phoning home. The IP address being contacted is for the host "crl.verisign.com", which is a repository at VeriSign related to the validity of VeriSign digital signatures.



When analyzing system activity, one of the things Cyberhawk does is examine digital signatures; to do this it uses calls into the operating system. Apparently on your system (and doubtless on others) these system services involve contacting VeriSign to obtain some information about the digital signature.



We were not aware that this type of activity could occur as a side effect of calling these system services and we are considering what to do about it. On the one hand, since Cyberhawk is not "phoning home" and the activity is really part of a system service, it's not clear that we should be concerned about it. On the other hand, we understand that customers who turn off the "phoning home" features of Cyberhawk could be suspicious of any internet activity caused even indirectly by our program, and may not want such activity. While we are not sure that we can guarantee that no system service we ever access will contact the internet (since we are not in control of how they work), we can and will research this instance further and figure out what we should do about it. If you have feedback or suggestions about it, we'd love to hear them.



Thanks for letting us know about this.

Daniel

Thanks for the reply.And what about my other post( #76).

I've reported a few things directly but thought I would mention one here. The following error has been occurring about once a day:

---------------------------
CHService.exe - Application Error
---------------------------
The instruction at "0x7c910e03" referenced memory at "0x00560000". The memory could not be "written".

Click on OK to terminate the program
Click on CANCEL to debug the program
---------------------------
OK Cancel
---------------------------

The CH service shuts down.

---
Win XP Home SP2, avast home edition, WinPatrol 10.0.3.0, Sygate PF 5.5

I tried XP Killer trojan and received no alerts from CH. I am not sure but I think older version was detecting it.

Two more things I noticed.

1- It is alerting keylogging from Opera( that is wrong) and never reported by older version).

2- It gives some times a nag pop up( not 100% sure)!?
Any other person noticed it? (see the pic)

Anybody can tell what is the differece of resource usage from older version?

Thanks.

-{ Quote: "I tried XP Killer trojan and received no alerts from CH. I am not sure but I think older version was detecting it." }-

CW TEST:

http://www.wilderssecurity.com/showpost.php?p=870147&postcount=3

XP Killer trojan -- Fail in the older version.

The "nag" (very seldom - not much of a nag) is there in the old version also.

How does the new free version compare with the 12039 free? I dont get a strong feeling of a lot of improvement detectionwise from what I read in this thread?

Guess I will upgrade anyway.

Best Regards

-{ Quote: "CW TEST:

http://www.wilderssecurity.com/showpost.php?p=870147&postcount=3

XP Killer trojan -- Fail in the older version." }-
Thanks. I did not remember the result and was too lazy to search for my own post.;D

So far this thread has not been exactly thrilling reading.

Is there a good reason to upgrade?

-{ Quote: "So far this thread has not been exactly thrilling reading.

Is there a good reason to upgrade?" }-

Where can we get the latest version BEFORE this new release?

-{ Quote: "Where can we get the latest version BEFORE this new release?" }-

I want also to revert back to the previous version of cyberhawk. Sadly, I had trashed the old file. This latest version keeps alerting me that "FIREFOX.EXE HAS PERFORMED AN ACTION THAT IS POTENTIALLY MALICIOUS- This program is logging keystrokes!"
Of course I ALLOWED the program. But why isn't there any UNDO action if I change my mind and later decide to deny the application?

Comments please, Cyberhawk Support.

Hey j-jones
There is an "undo" option if That's what you mean, or you can do session based "allow" in the warning window, by not checking "Remember This" option.

-{ Quote: "Hey j-jones
There is an "undo" option if That's what you mean, or you can do session based "allow" in the warning window, by not checking "Remember This" option." }-

What version do you have? I'm using Version 2.0.1 Cyberhawk Pro with 13 days left for trial. It shows no UNDO button like the one in your attached image. There is the THREAT CONTROL, SECURITY STATUS, ROOTKIT SCANNER, CUSTOM RULES and OPTIONS. That's all.

oops, yes, still on V1.2
sorry, thought the newer version would have similar
Maybe under custom rules or such??

Hmmm... now I see. I have to always allow or deny the flagged program so it would get listed in the Threat Control panel. Once listed in the Allowed or Denied tabs, I could get to change the action by selecting Remove and thus deleting the allowed or denied program from the list. I guess I had no time study this new version of Cyberhawk till now. ;D

Anyway, thanks, Longboard for prompting me to take a closer look at Cyberhawk.

-{ Quote: "Hi galileo--

This is still pending. We haven't forgotten about it, but right now our priorities are still focused on improving the core product.

We certainly understand user input is important in that regard, but we currently offer other ways for users to get in touch with us and provide feedback--online support center, email, phone, outside forums, etc.--and we hear from folks through all these various means, so right now that's working until we have time to implement something else/something better.

Becky" }-

i am still waiting for a reply to the 2 service tickets i submitted in December. when i was a Cyberhawk user.

i personally believe that your organization should immediately cease and desist with product development and instead focus on putting some teeth into your infrastructure.

i say this not out of malice, but out of my experience in not being able to reach anyone within your organization (for days) when i was experiencing issues with Cyberhawk. as i stated i to this moment still have not even received the confirmation email from your automated system indicating a trouble ticket was even submitted (twice).

again no malice is intended, but you can have the best product in the free world, but if the end user does not have faith that he/she will have organizational back-up, they are not going to stay with you. with the proliferation of security products so easily accessible, brand loyalty is at best elusive, but without it you will be in a compettitive dogfight for market share for as long as choose to engage. you'll make sales, but what a brutal way to make a living.

Mike

keystrokes logged firefox exe. last version did not do this. since new version do it and cannot put activities back to zero i uninstalled until fix come.

-{ Quote: "i am still waiting for a reply to the 2 service tickets i submitted in December. when i was a Cyberhawk user." }-

Hi Mike--

I'm sorry to hear about the trouble you had contacting us. I just sent you a PM asking you to forward the email address you used to submit the tickets so that we can research your inquiries.

Our support technicians are generally very responsive and helpful. As far as I know we have no outstanding tickets and we usually reply to tickets the same day, within hours. Worst case scenario would be within 1 business day.

We have found in the past that some email programs will block the auto responses and will "junk" our replies since the reply appears to come from an unknown sender. Perhaps that's what happened in your case? But even if you don't receive a reply from us you can always log back in to your account to check the status of your ticket and view any replies that we have posted to your inquiry. What happens when you log back in now? Are you able to view any replies from us? Logging back in to check your account allows you to bypass any email filter issues.

Or perhaps there was some issue with the original ticket not being successfully submitted for some reason. We've had our online support up and running for actually a couple years now and we regularly receive tickets from users who have questions.

Also, if you ever have any further trouble contacting us through our online support center, please feel free to use the posted email address or phone number listed on the About Novatix page of our website. We certainly don't like to hear that users are having trouble contacting us, and we want to hear from you.

As I said in the PM we definitely would like to track down what happened here to ensure everything's working correctly. I look forward to hearing back from you.

Kind regards,

Becky Dubrow

-{ Quote: "Cyberhawk Support,

The argument that a lot of programs install legitm service is not valid, because a lot of programs add them self to startup with Windows and we receive an alert about that. And I still lacks the Windows Startup folder on free version...

This type of things should be consistent..." }-

@ VaMPiRiC_CRoW

Good point, I mean a lot of apps are doing possible dangerous stuff, so the only way to know for sure if a certain action is dangerous or not, is if you could flag an app as 100% secure, but no tool can do this. I mean currently CH feels like sort of a hybrid HIPS, it will alert you about certain things, but it ignores other stuff. ::)

I wonder why u people are expecting the job of a classical HIPS from a behav blocker.
If u need to be alerted for everything there are many other options available already.

-{ Quote: "I wonder why u people are expecting the job of a classical HIPS from a behav blocker.
If u need to be alerted for everything there are many other options available already." }-
Is not for everything, as I don't like HIPS, but just for possible threats.

If you try to understand what I tried to say, you will see that it doesn't have any sense to check one things and ignore others, like check windows startup registries and ignore the Windows Startup folder and the installation of new services and drivers...
A lot of programs are now using services, so you can see the problem here...

About start up enteries u are right.
I personally will prefer either no pop ups on start up enteries, drivers, services etc or preferably pop ups that are different from other pop ups with different color as a medium level threat as most of them might be legitimate.

-{ Quote: "... or preferably pop ups that are different from other pop ups with different color as a medium level threat as most of them might be legitimate." }-
I agree with you.

The alert windows should be improved in some areas...

There should be an option to completely turn off CH.
Now all that I can do is to suspend CH service. And when system reboots the service starts again itself that means no user control.
Also I wonder why there is no option to exit CH and also there should be an option Not to load CH with windows.

The alerts about window new start up enteries need to be different( as medium risk) from other high risk alerts as most of these might be legitiate.

-{ Quote: "There should be an option to completely turn off CH.
Now all that I can do is to suspend CH service. And when system reboots the service starts again itself that means no user control.
Also I wonder why there is no option to exit CH and also there should be an option Not to load CH with windows." }-

Yes, I was running the previous version. I saw, at least in my system, that when SSM free, Sandboxie 2.64 and CH started automatically, there was some problems managing them all to start. SB and SSM allow them not to start automatically on system start, but not Cyberhawk. I therefore uninstalled it.

There was some talk about making it possible to exit and also to not start automatically. But I see it is not so from your answer and will not install CH 2 to my system atm.

-{ Quote: "There should be an option to completely turn off CH.
Now all that I can do is to suspend CH service. And when system reboots the service starts again itself that means no user control.
Also I wonder why there is no option to exit CH and also there should be an option Not to load CH with windows.

The alerts about window new start up enteries need to be different( as medium risk) from other high risk alerts as most of these might be legitiate." }-

:thumb:

:thumb: Hi, folks: an updated version v.2.0.2 has just been released. It has fixed problems such as conflict w/ ZA prov.7 and has fewer F.P. They have kept their words to fix users' concern. :thumb:

Thanks. What about false detection of keylogging etc?

-{ Quote: "Thanks. What about false detection of keylogging etc?" }-
Hi, aigle: I have no clue at all. Perhaps someone from Cyberhawk Support can fill in here.:)

I will d/l and see. Thanks.

Got it and installed. Any impressions with new version. So far nothing on my side. No popups.

Anybody tried it on Vista? I am just curious to know.

-{ Quote: "Hi, aigle: I have no clue at all. Perhaps someone from Cyberhawk Support can fill in here.:)" }-

Hi all--

Yes, the issue with the false detection of keylogging has been addressed in the latest 2.0.2.12 update.

Becky

Becky,
Is there still the same problem with ZoneAlarm ISS in the new release? I'm still hoping to be able to use Cyberhawk.

Hi Fred--

The conflict with Zone Alarm v. 7 was also addressed in this latest release, so we'd love for you to try Cyberhawk again on your system. Further details on this update may be found here:

http://www.novatix.com/Cyberhawk/Updates/

Becky

Hi, folks: Hi, Becky, I have used the latest version of CH, i must say it has been improved a bit, however I have encountered a problem which I have never had w/ any previous ones. I use Deep Freeze standard, After running PC for a while( either on frozen mode or thawed mode), system suddenly hangs, DeepFreeze's system icon(a polar bear) becomes a silhouette (Black colour cover over), and would flash out and in. I have never had such an incident before. And I am 100% certain that CH has somewhat conflict w/ DF(Virtualization app). Other apps seem perform as usual. Can you look into this. I have temp removed CH from system, and system has been back to the way it was. Have a nice day.

Becky,
I got an old and trusted friend back. I downloaded the new version and there seems to be no incompatibility with ZoneAlarm. I can't thank you enough.

Unfortunately, I can use it, because after install it I can't run any other application.

Had to uninstall it in Safe Mode with Total Uninstall... :(

Running here Ok with al other application, very small memory footprint,
total about 13MB.

-{ Quote: "Anybody tried it on Vista? I am just curious to know." }-
it works great in Vista :thumb:

Thanks. What other security software u are running alongwith it.

Jetico PF (v2), KAV, and Ad Muncher.

its good to see Cyberhawk has gotten quieter. there not so many prompts for program xyz logging key strokes.

Nice to hear working it good with other security software, an indication of less conflicts.

Hi Cyberhawk Support,

Will Cyberhawk be offering a life-time license in addition to an annual license? Thanks..

-{ Quote: "Unfortunately, I can use it, because after install it I can't run any other application.

Had to uninstall it in Safe Mode with Total Uninstall... :(" }-
I don't know why, but now it is working fine... ::)

-{ Quote: "Will Cyberhawk be offering a life-time license in addition to an annual license? Thanks.." }-

Hi Chubb--

Different subscriptions options are being considered for the Pro version, but for the near future we'll only have the 1-year licenses available.

Becky

Few days back I got an unexpected BSOD. It is since long that I have got a BSOD that is unexplained. I wonder if it is due to new version of CH.
Any other person?
Thanks.

Right now i have the PERFECT combination of stable shielding in place with my current configs but in no way do i ever even remotely discount the importance of CyberHawk but i simply run out of room (for now) in the SDT Table for it.

I know it's an excellent HIPS and when i get around to jockeying around my selections again i do have the latest installer on-hand and at the ready. 8)

Keep improving it.

Is it a hips or behaviour blocker or are both terms the same?

Its a HIPS that uses behavior blocking (there other types of HIPS as well)

Hi, folks: I noticed there is one release today, v.2.0.2.12. It is the newest one? What are the improvements? I am still waiting the conflict issue between DeepFreeze and CH to be resolved. ???

Where can you see that kind of info. In my GUI Ive got 2.0.2 only and at the website they dont specify more than 2.0.2.

If I look at the download .exe it is 2.0.2.12 - why shouldnt it be easy to see the exact version number in the GUI and at the website? But I guess why make it easy when you can complicate it?

Hi folks--

You can easily view the full version number of Cyberhawk, including build number, by launching the Cyberhawk GUI and going to Help--About Cyberhawk. Any updates released will be of the sort 2.0.1, 2.0.2, etc. so you won't really need to worry about the actual build number. You can always view what's new in the latest release by going to our Updates page:

http://www.novatix.com/Cyberhawk/Updates/

Perman--I know our QA manager PM'd you that he was going to look into the Deep Freeze issue. We're still checking into it. Please feel free to contact our technicians directly through our online support site if you'd like to work with them in more detail on this problem.

Thanks,

Becky

@Cyberhawk Support

Have you look into Cyberhawk's incompatibility with Sandboxie? Whenever you open a program inside Sandboxie or run a program sandboxed, Cyberhawk seems to be getting in the way with Sandboxie, instead of asking if I want to continue (I guess that's how Cyberhawk should respond to it), then the Application Error dialog box shown below appears. This Sandboxie error only pops out when Cyberhawk is installed.

Thanks, glentium.

I'll ask our QA folks to take a look at this.

Becky

-{ Quote: "Is it a hips or behaviour blocker or are both terms the same?" }-
Behaviour Blocker ;)

Attention: Cyberhawk Support/Becky:

Cyberhawk has just detected the following programs "logging keystrokes":

1. Lavasoft Ad-Aware SE Pro

2. TrendMicro PC-cillin Internet Security 2006

3. Mozilla Firefox 2.0.0.1

Aren't these issues fixed in Cyberhawk 2.0.1.2?

Seems no forum exchanges or info lately from Cyberhawk Support so am Bumping this Topic to attract some attention in an effort to see if this program is being updated again soon and how development is progressing into the next release and what we can expect from it.

Thanks

-{ Quote: "@Cyberhawk Support

Have you look into Cyberhawk's incompatibility with Sandboxie? Whenever you open a program inside Sandboxie or run a program sandboxed, Cyberhawk seems to be getting in the way with Sandboxie, instead of asking if I want to continue (I guess that's how Cyberhawk should respond to it), then the Application Error dialog box shown below appears. This Sandboxie error only pops out when Cyberhawk is installed." }-



a haven't problem running cyberhawk with sandboxie. right now im running cyberhawk and typing my reply using firefox in sandbox.

but i have an issue in firstdefense-isr. but i do a little trick to make it work.

In my case, it's not a problem of not being able to run programs inside sandboxie. they do run, but first I received an start.exe application error message box shown in my other post. everything seems normal after that message and no problem at all with the application running inside sandboxie. it's just quite irritating to see that application error box. it's a known case as shown in this thread in sandboxie forums: http://sandboxie.com/phpbb/viewtopic.php?t=825

-{ Quote: "Attention: Cyberhawk Support/Becky:

Cyberhawk has just detected the following programs "logging keystrokes":

1. Lavasoft Ad-Aware SE Pro

2. TrendMicro PC-cillin Internet Security 2006

3. Mozilla Firefox 2.0.0.1

Aren't these issues fixed in Cyberhawk 2.0.1.2?" }-

Hi juckjones--

Sorry for the delay in responding to this issue. The best and quickest way to get an answer to anything Cyberhawk-related is through our online support site at http://www.novatix.com/support.

The over-active keylogging notifications was a known issue in Cyberhawk 2.0.1. This was addressed with our latest update to version 2.0.2 (or, 2.0.2.12). You may check which version you have by going to Help--About Cyberhawk. Even if you have auto updates off, you can manually check for updates in the Options area. Also, you can always download the latest update by visiting our updates page here:

http://www.novatix.com/Cyberhawk/Updates/

Once you get that latest update installed it should take care of the problem.

Thanks,

Becky Dubrow

I have just downloaded the latest version (2.0.2.12), but I get an error when trying to install. (First-time install.)

When it shows the setup screen "Cyberhawk Installation Wizard" and then click next, it shows a "Fatal Error" dialogbox with the message "Installation ended prematurely because of an error.". I also tried running it under administrator but the same error came up.

System Specs:
-Vista, final version
-Kaspersky Internet Security 6 (installed but disabled)

Any idea how I can install Cyberhawk?

Not to sure, but I think in Windows Vista, you have to disable UAC to use any HIPS like Cyberhawk.

dja2k

Has anyone gone for the paid version of CH?
I'm still on v1.20.
Just wondering if all is good know with either paid or free with v2.o3 ?

Hi, folks: Lack of users' responses here and absence of encouragement from Novatix have made my waiting moments on side line even more unbearable. Where are those drives we have seen a while ago? Is Cyberhawk going thru a cyber-menopause right now? I did not even see those healthy hot flash. Or is it that no news is a good news ? ???

I am using it and my concerns are:

1- False keylogging alarms, too many
2- CyberHawk service using too much CPU on even simple launch/ shutdown of many applications like browsers etc.
3- With my set up it is responsible for a general slow down that is clearly noticeable and annoying.
4- Pop up alerts are not so clear( unlike KAV PDMs clearly telling generic Trojan/ Worm? RootKit behaviour)

Otherwise it,s pretty silent and when I tested it against different worms, keylogegrs etc, it was good.

Hi, Aigle: Thank your response. I am glad you have given CH a second chance. I will later put it back on my defense lineup, it has been on disable list for some time. Thanks.

For me slow down( of application launch like my browsers etc) is biggest issue bit I am tolerating. Not that I need CH badly to secure my system, just I like to play with these applications.