What's so special in Drivesentry?

Isn't it at the moment just another classical HIPS (with a scanner included), very similar to AE or PG? One just goes one step ahead: the malware is allowed to execute, but not write to disk, if one chooses correctly (or central database gives enough information).

Does this approach (drive protection) give some special advantages?

Of course DS may be develop to a nice behaviour blocker, time will tell.

{QUOTE-> What's so special in Drivesentry?

Isn't it at the moment just another classical HIPS (with a scanner included), very similar to AE or PG? One just goes one step ahead: the malware is allowed to execute, but not write to disk, if one chooses correctly (or central database gives enough information).

Does this approach (drive protection) give some special advantages?

Of course DS may be develop to a nice behaviour blocker, time will tell. <-QUOTE}

Drivesentry is great at protecting against ransomware and destructive malware.

Some HIPS such as SSM dont monitor files. They only monitor registry.

{QUOTE-> Drivesentry is great at protecting against ransomware and destructive malware.

Some HIPS such as SSM dont monitor files. They only monitor registry. <-QUOTE}

But how does DS do it? Does it have some special AI to recognise when the write action is destructive? Or is it up to the user to decide it?

I tried it back before they added so much to it. Still had pop up's to contend with, although I don't know if it's changed.

The file protection didn't strike me as all that big a deal.

First for something to mess with my files it has to run, so other HIPS can prevent that. Finally with Sandboxie when I am online, nothing can write to the system area, my second drive or My Documents.

Pete

Detection ability is about middle of the pack.

{QUOTE-> I tried it back before they added so much to it. Still had pop up's to contend with, although I don't know if it's changed.

The file protection didn't strike me as all that big a deal.

First for something to mess with my files it has to run, so other HIPS can prevent that. Finally with Sandboxie when I am online, nothing can write to the system area, my second drive or My Documents.

Pete <-QUOTE}Agree totally!

In the lengthy KatieDriveSentry (http://www.wilderssecurity.com/showthread.php?t=209764) thread here at Wilders, read through it & note that many essential HIPS features are in the status of "we are working on it" or "I'll pass your suggestion along to our technicians." Overall, DS is far less advanced than other HIPS such as Defense+, OnlineArmor, SSM, & ProSecurity.

{QUOTE-> What's so special in Drivesentry?

Isn't it at the moment just another classical HIPS (with a scanner included), very similar to AE or PG? <-QUOTE}
AE and PG are not the same as DriveSentry. I saw that immediately after reading the suggested thread "KatieDriveSentry" and the info on the website. The used method is totally different.

{QUOTE-> AE and PG are not the same as DriveSentry. I saw that immediately after reading the suggested thread "KatieDriveSentry" and the info on the website. The used method is totally different. <-QUOTE}

Please read my first post again.

{QUOTE-> Please read my first post again. <-QUOTE}
I just don't like the method of DriveSentry, which is similar to Prevx.
I don't need a large community database to verify my computer and who is controlling that large database, that contains good, grey and bad softwares ?
Must be quite a job to verify this database in a professional way, instead of user's opinions. I really wonder how they do this and there is no way for me to verify what they will tell me.

What is so special in Drivesentry?

The fact that you can buy it for $10 or wait for the free stripped down version to be released. ;)

But bellgamin has a good point in his post #6 in here.

dja2k

{QUOTE-> I just don't like the method of DriveSentry, which is similar to Prevx.
I don't need a large community database to verify my computer and who is controlling that large database, that contains good, grey and bad softwares ?
Must be quite a job to verify this database in a professional way, instead of user's opinions. I really wonder how they do this and there is no way for me to verify what they will tell me. <-QUOTE}

That's why I block DS Advisor totally :D

{QUOTE-> I just don't like the method of DriveSentry, which is similar to Prevx.
I don't need a large community database to verify my computer and who is controlling that large database, that contains good, grey and bad softwares ?
Must be quite a job to verify this database in a professional way, instead of user's opinions. I really wonder how they do this and there is no way for me to verify what they will tell me. <-QUOTE}
But you can run DS without database too, just like AE

{QUOTE-> That's why I block DS Advisor totally :D <-QUOTE}
That is good. Then I have still only one little problem : its blacklist scanner. :)

{QUOTE->
Does this approach (drive protection) give some special advantages?
<-QUOTE}

I do think file protection is important. I'll give an example. I was using a burning program to burn some backup files to dvd. I intended to delete the backup files from the project window pane, but I accidently tried to delete the files from the file explorer pane. Fortunately, because the backup files were under file protection of my HIPS (Comodo Firewall 3), the HIPS alert notified me before the files were deleted.

{QUOTE-> But you can run DS without database too, just like AE <-QUOTE}
Does that mean, you disable the blacklist scanner as well ?

A potential reason to use file protection: Blackmail ransomware returns with 1024-bit encryption key (http://blogs.zdnet.com/security/?p=1251).

{QUOTE-> Does that mean, you disable the blacklist scanner as well ? <-QUOTE}
I'm not sure. For me that doesn't matter, but I understand your special needs for this. (frozen snapshot)

{QUOTE-> A potential reason to use file protection: Blackmail ransomware returns with 1024-bit encryption key (http://blogs.zdnet.com/security/?p=1251). <-QUOTE}

From me above: "But how does DS do it? Does it have some special AI to recognise when the write action is destructive? Or is it up to the user to decide it?"