Katie DriveSentry

Hi Katie,

I would like to ask whether the AV in DriveSentry is just a on-demand scan or not? Or it will scan a file when a file run?


-Andylau-

 

Hi Andylau,

Thanks for your question .

DriveSentry has both an on demand virus scanner and a real-time virus scanner.

The scanner facility checks a number of default file types for viruses. These file types can be configured as required through DriveSentry's scanner window. It is advised that you check your local database is 100% full before performing an on demand virus scan.

The real-time virus scanner checks files against DriveSentry's blacklist before they are able to write to your PC.

Both elements of this scanner facility detect over 1.1 million unique virus identities. Malicious files detected will be quarantined immediately.

I hope this answers your question .

thanks

kind regards,

Kate.

 

Re: DriveSentry

i too, am getting the same error message when trying to open DriveSentry.

Vista HP SP1.

 

C.S.J

I've seen the vanishing tray icon before but not the message you're seeing. Does it work when you first install then error when you do a reboot?

~interact

 

when it happens, even a reboot does not fix it.

the program will continue to work, but i cant open the program due to that error.

the tray icon remains there, but it cant be clicked on normally, or by right click.

an un-install, re-install fixes it.

 

Re: DriveSentry

Support had me do a clean re-install of V.4 and on the scanner page select configure scanner then delete the bin file... next reboot is running fine here so far! Excellent support response time!!
Of course this is a temporary workaround until a fix is released....

 

Forgot to mention the scanner drop down menu is the arrow on the right hand side of the start scan button, Then configure....

 

Hi Katie

Just wanted to point out one issue.
I downloaded GoAnywhere today, installed it in my mother's flashdrive. It runned well on her computer.
After that, I pluged the flashdrive on my laptop, and DriveSentry gave a message that the trial period had expired. Not even 5 minutes had passed since I installed it.
Thanks

 

Just to report I'm running it alongside Avira Suite and Boclean.

Big issue I'm having is every time I install DS I get an initialisation error. This happens whether I try to install as part of the 1. install procedure (box checked to open DS) or 2. I don't check the box, close the install window and then use Start/Programmes to start DS. Second time of starting via Start/Programmes it works fine.

Had an issue with not being able to open email and URL links within Office files. Resolved it by uninstalling and re-installing. I guess I must have done something - it would be nice to know what.

Can't say I'm noticing any slowdown although the only real slowdown I get excited about is my browser connection.

Pop-ups aren't that bad. Lot less than Defence+ which I would be happy to use, unfortunately, I couldn't trust the kids to use it. I was very impressed with CPF/Defence+ - no impact on my download speed. For ease of use, DS wins, for now.

Haven't bought it, yet, so haven't seen the login issue. Will wait and see for a week before deciding.

BTW, could a mod lock the other DS post to get everybody on this one to save me checking both.

Ian

 

Katie,

Welcome, a few feature requests:

1, Add an Internet firewall to Drivesentry.
2, Allow the user to have more control when they see a pop-up based on the heuristics/behavior that Drivesentry detects. This would make it much easier for non tech people to use (e.g. my girlfriend)
3, Allow rules to be exported so we can share. For example a great way I've found to stop exploits via NTVDM is to block its write access!

And finally is that really you in the picture?

~interact

 

Hi Hurst,

Thanks for your feedback.

This sudden expiration of your trial period may have occurred because the date on the second system that you inserted the device into may have been slightly behind that of the original machine . If possible could you let me know if this is the case, and what the time difference is so that we can look into this.

thanks again

regards,

Kate.

 

I thought to try Blon...errr...Drive Sentry over Returnil.

What i understand is that it acts like "p2p security". Unfortunately it doesn't act like behaviour blocker without phoning home.

Yesterday i made a first try. As long as you have the database downloaded and let it connect to the internet, it gives good advice. Then i ran PCFlank leak test. The advisory was that 2 people had denied it, 0 had allowed it. I guess i was the 3rd to deny. The bad thing is that if you encounter a "rare" threat, it is higly possible that the other 2 were newbies or idiots and let it execute while it was real malware.

Anyway, then i blocked the internet access with the firewall and run it again. I don't know what exactly happened (PCTools Firewall was poping up too, i saw a rapid DS popup which disappeared quickly before reading it), but PCFLank test wasn't stopped and soon after, DS disappeared from tray, although the service was running. I tried to launch it from the start-programs, it gave an error message that maybe i needed to reinstall or something. Also the running process was now eating 50% CPU and 55MB RAM (as opposed to 0-2% and 9 MB RAM before).

Today i decided to run it again under Returnil and this time without the database and once again with internet access denied. Well, it gets as dumb as a rock. I tried to take a screenshot, it flagged it as malware risk. It even showed an alert for Opera trying to write in its cache.

http://img359.imageshack.us/img359/9082/65748556qr3.png

As can be seen, it doesn't give any useful information about why this should be considered risky. So, i wouldn't classify this program in the same category with Threatfire or Mamutu.

Also a small visual glitch (the 3 buttons). Prolly because i use large fonts.

http://img359.imageshack.us/img359/2177/36594870ui8.png

Generally speaking, it's a nice program for those who don't mind having a sort of p2p-security. Personally i don't like phoning home or "community" apps, that's why i wanted to see how it behaves with no internet connection. In that, TF and Mamutu are by far superior. If you don't mind it downloading new definitions though, DS can be of much help, although for rare threats, there is the danger that the users before you made the wrong choice.

It run light, but with p2p on, CPU was up to 2%, which i guess it's normal since the disk is writing new data all the time (but of course i didn't like). RAM was very low.

I think i still prefer TF or Returnil, simply because they eat less CPU and behave more intelligently without phoning home.

P.S.: Congrats Katie for your marketing strategy (i mean the avatar. Even though you are here strictly for professional reasons, you knew that every male in the forum would rush to try DS hoping to get your support, didn't you? Oh, clever as a fox! Blonde fox! )

 

It's great! Thanks for your information!

Another question,
does DS plan to develop into "smart" HIPS, which is less prompt alerts? Or add a auto mode or other modes, which is suitable for newbies and advanced users?

-Andylau-

 

Interact,

Thankyou for your comments.

1. We are considering this feature. what do other people think of this?
2. We plan to have a new build next week which allows you to select the threat level which will trigger a popup. In our testing this has significantly reduced the noise
3. I will pass this request on.

Yes it is my picture! Why do you want me to change it??

thanks,

kate.

 

Fuzzfas,

Thanks for your feedback.

We are planning to do some major upgrades within the next couple of months that will seriously increase the intelligence of our behavioural technology.

In regards to my avatar, i am a senior member of the team at DriveSentry and not a marketing ploy. I'm real here's a pic of me at RSA in San Fran.


My role here at the company is to get feedback and pass this to the QA team. I also do the helpfiles for the software and work closely with the development team to implement in new features.

thanks again

regards,

kate.

 

Yes you're right, the time on both machines was diferent, don't know the date, will check it out later. Thanks for the reply, I will fix the time/date and try again.

 

Ah, now that sounds very interesting to me. Behaviour blockers could have a larger audience than HIPS for example. DS has much potential since it is already pretty effective.

I also don't remember one thing. Probably i didn't see it clearly. Can it download the updated database "on demand"? Like an "update now" function? I remember that i was prompted to keep it updated as soon as the new database in your servers is changed, but personally i would like an "on demand" button to update it say, once a week. This way it would be more cosy. I am not sure if this function already exists?

Dear Katie,I never doubted it was you in the avatar. Don't take what i wrote as an offence, but as a compliment.

I have no doubts about your real professional capabilities, your behaviour here showed it too. I wasn't ironic about the congrats. I didn't mean that you base your presentation on your avatar or that the use of that makes you less professional. I think it was a clever move though. Clever in the good sense of the word. Whether you thought about it or not.

Thanks.

 

Hi Fuzzas,

Thanks again.

With DriveSentry there is no need for on demand updates as updates to your local database are done using a hastle free trickle feed method. Updates trickle through automatically in real-time, so you dont even know it is happening . You are not asked the annoying question "would you like to update now?"

If you felt the need to update manually you can select the synchronize database button within the "Local database settings" on the Options screen. But this is not necesary if you have the trickle signature check box ticked.

However, we are shortly introducing a completely free version of DriveSentry, which, after the 30 day trial, will only update, on demand, on a weekly basis. In order to ensure your database is always up-to-date after the 30 day trial, a small one off payment will be required.

I hope this answers your question Fuzzfas

thanks again,

Kate.

 

Yes, i remember the trickle thing. In deed, a nagging screen "would you like to update now" would be worse.

Yes! I should have expressed myself better. I am a manual update fan for everything (including my AV). I missed the synchronize button! Since i don't like programs phoning home whenever they like, a "manual-only" mode for updating the database is what i was looking for.

Thanks!

 

In response to the on demand updating, what i would like to see is a small semi transparent popup wich notifies the user that the program is updated and some small info about how many malware recognition is added, new total of malware base, maybe definitions version or w/e - What dio you Kate and others here feel about this?

How about if one hovers the mouspointer above the trayicon to not Only see DS but same info as above except for latest amlware added.

Another question, when a new version comes out will DS auto update itself or will the user be notified in realtime that there is a new version wich needs to installed over the top or after a deinstall?



PS i like the idea of a free version!

 

i have noticed some BehavesLike: detections on some of my tests, reminds me of bitdefender and their signatures.

 

I feel this security program is on its way to being one of the best HIPS on the market today. ThreatFire may currently have an edge in its Community Based Protection, and Mamutu may be slightly more polished at this time. But I think DriveSentry shall soon surprise us all.








ThePheonix always rises.



ThePheonix always rises.

 

more customers = price increase

thats business.

i suggest people get their purchases in quickly, its certainly what i did.

 

But is it really a HIPS? to me it looks like a blacklist scanner with some community whitelisting. Maybe I'm missing something....
Do you consider it a HIPS because of the allow/deny prompts? Personally I think there's more needed to call a program a HIPS...
Does DS analyze the behavior? Does it monitor hooks, executions, dll loading, etc?