Anyone Tested DriveSentry?

Muf,

I had the same problem as you!!! I complained to DS support and discovered that it's actually a bug in v2 which randomly would clear all your rules. I've been testing V3 for some time and it works much better. According to their site it runs in two modes:

Free version : After 30 days(?) goes online (similar to prevx) to validate white, black and community programs.

Retail version : downloads the online database to your PC so that it works while offline and speeds up disk and background scanning.

~interact.

 

Hello AwareSoul,

I have chosen to replace Primary Response SafeConnect(PRSC) with the latest version of DriveSentry(DS) Full due to the test results and reasons explained below. DS now employs behavioral heuristics similar to that of ThreatFire's and PRSC's. Despite this change, I still consider PRSC to be a competent intelligent behavior blocker. FYI, I performed all the tests(incl. "live" malware) below against DS with Returnil's "Session Lock" enabled.

GeSWall Demo Test: DS initially fails all the tests except for the first one. After adding a specific file(cscript.exe) to “Access: Rules” and blocking it from writing to the registry and writing to any files, while it still does not pass all the tests, it now blocks all “Backdoor Attacks” and two out of the three “Modification/Delete Attacks”. In contrast, PRSC fails this same test as it does not react at all.

BufferZone Proof of Concept Test: DS detects and blocks this test. In contrast, PRSC fails this same test as it does not react at all.

Trojan Simulator: DS detects and blocks this test. In contrast, PRSC fails this same test as it does not react at all.

Spycar Test: DS detects and blocks all of the tests. In contrast, PRSC fails this same series of tests as it does not react at all.

Leak Tests: Of the twelve that I tested, DS was able to detect and block all of them. In contrast, PRSC failed to detect any of the twelve as it does not react to any of them.

DS has an official technical support forum. In contrast, PRSC does not.

DS has a rather extensive set of configuration options. In contrast, PRSC is limited in this regard.

DS provides a detailed log change list for each and every program update on their website. In contrast, PRSC does not.

DS offers “Live Online Help”. In contrast, PRSC does not.

DS is relatively inexpensive depending upon which version one chooses to use(Lite – Free; Full - $10). In contrast, PRSC is expensive at a price of $34.95.

DS developers appear to be more willing to listen to suggestions from the general public and incorporate these features in a reasonable period of time. In contrast, PRSC appears to be more willing to listen to suggestions from small-medium business(SMB), government, enterprises, etc.. to the disadvantage of the general public.

DS developers appear to be willing to address reported and verified issues with DS and deliver timely fixes or solutions. In contrast, I can not comment on PRSC.

DS offers above average to excellent customer service/technical support usually within one business day or a few hours. In contrast, PRSC offers mediocre to above average customer service/technical support usually within one to two business days.

DS company policy to making public comments, informing the public or replies to public inquiries regarding DS appear to be more lenient and friendly. In contrast, in regards to PRSC, I have posted two quotes addressed to me by Sana Security’s CTO below.

“I agree that we could do a better job on the communication front but
again this is a question of business priorities.”

“As far as answering your
specific questions, you might not be aware of this but PRSC is sold
through many different channels, brands and OEM partners. Different
partners are on different release cycles and have different
communication policies. Since what I say to you constitutes public
communication it is not always feasible for me to respond to your
questions, given the level of technical details you are asking.

If there are critical issues effecting our customers these are addressed
and communicated in a timely manner through our marketing or technical
support, which makes sure that we are compliant with our corporate
obligations.”

To get a flavor for DS and take a look into the “windows of DS’s soul”, please visit the following links posted below.

http://forum.drivesentry.com/viewtopic.php?f=5&t=96
http://forum.drivesentry.com/viewtopic.php?f=5&t=98
http://forum.drivesentry.com/viewtopic.php?f=5&t=102
http://forum.drivesentry.com/viewtopic.php?f=5&t=104
http://forum.drivesentry.com/viewtopic.php?f=5&t=105
http://forum.drivesentry.com/viewtopic.php?f=5&t=106
http://forum.drivesentry.com/viewtopic.php?f=5&t=107
http://forum.drivesentry.com/viewtopic.php?f=5&t=108
http://forum.drivesentry.com/viewtopic.php?f=3&t=109
http://forum.drivesentry.com/viewtopic.php?f=5&t=110
http://forum.drivesentry.com/viewtopic.php?f=3&t=111

I have not experienced any false positves, no apparent functional conflicts with DefenseWall, Look’n’Stop and Returnil and any slowdowns with DS. Additionally, I have found it to be relatively stable on my system. I have become impressed with its ability to detect and block numerous viruses, trojans and rootkits that I have thrown at it so far. While DS is a work in progress, I am encouraged with its performance against various tests and live malware samples to date.


Peace & Gratitude,

CogitoErgoSum

 

http://www.pcmag.com/article2/0,1759,2107784,00.asp

Acadia

 

Hello Acadia,

The link to the test of DS that you provided is quite old. Most, if not all, of the issues that were brought to light in this review are addressed in DS v3.0.


Peace & Gratitude,

CogitoErgoSum

 

Hi,

I am using PRSC, and have read this thread and have post my opinion(see#15).

Due to CogitoErgoSum's positive review, I decided to give it another test drive.( a third time)

Oh man, not again. The same problem has struck three times in same fashion.

Soon after product is lunched, it immediately freeze up my system, hard way is the only way out of mess. My current setup is WinXP MCE sp2, Comodo FW(defense+ off),McAfee AV,DefenseWall, PRSC Prevx2,WinPatrol plus.DeepFreeze. Could any of these be the culprit ?

This problem reminds of early stage of CyberHawk(former life of threatFire). If this is so, then I suspect DriveSentry v.3, fresh from incubator may not be ready for fully deployment aiming public use. I respect the review done by CES, and fully appreciate this product has a great potential to be a marvelous protection gear for PC users, but user as I can not advance to the next step, then those promised rose garden may well be just an illusion.

Perhaps someone can point out to me where did I go wrong with this test.

Take care.

 

Wow!! That combination of security odds & ends could bring just about ANY computer to its knees. All I use is NAT/SPI router, AV, & Threatfire. I recommend you strip down a bit.

 

Hi,

Thanks for your advice, but...

I have been running this combination for a long while, no any problem at all. Sailing very smoothly. RAM usage at any given time is between 40-55% of my 1 Gib memory, intel duo core 2 processor.

The single addition of DriveSentry would just mess up the whole thing.
I like to add DriveSentry's protection, just do not know how to...

Take care.

 

Hi, Pete

Thanks your advice, I will refrain from trying this product again.

Just my curiosity prompts me to do so.

I guess that trying a new app is a risky business, and sometimes perhaps is uncall-for.

 

Hello Perman,

Have you considered uninstalling both Prevx 2.0 and PRSC since DriveSentry already employs a combination of blacklist, whitelist, community and behavioral heuristics? Since you already have DefenseWall and DeepFreeze, have you considered relegating McAfee AV to on-demand duty? I believe that these suggestions will go a long way toward eliminating the conflicts that you are experiencing. Hope this helps.


Peace & Gratitude,

CogitoErgoSum

 

Perman,
I would uninstall DeepFreeze first and try DriveSentry without it. If it doesn't work, I have no other advices.

 

Hi, CES and Erik:

Thanks your inputs.

I will try those adjustments on Toshiba P4 laptop, to see what would happen.

Thanks, again.

 

Hello DriveSentry Faithful,

For those of you who are interested, DriveSentry released v3.0.1.8(Full and Lite versions) today.

http://www.drivesentry.com/download/
http://www.drivesentry.com/products/desktop_build.html


Peace & Gratitude,

CogitoErgoSum

 

To get a big picture overview on how behavioral heuristics is implemented into DriveSentry and the role that it plays in the detection scheme of things, please take a look at the following link below.

http://forum.drivesentry.com/viewtopic.php?f=5&t=102#p163


Peace & Gratitude,

CogitoErgoSum

 

I still hesitate to test DS after Pete´s virustest where DS oddly enough allowed the virus to to its thing while prompting the user. If this "feature" still remains with latest version, then DS just acting as a poller which I´m not interested in.

/C.

 

It looks like Drivesentry have now done the same test as Pete -> http://forum.drivesentry.com/viewtopic.php?f=5&t=107&start=15

~interact

 

Is this virus called MyPicture.exe after you unzip the downloaded file ?
I tried this and while I was unzipping the file Anti-Executable warned me and removed the file MyPicture.exe.
When I turned AE off and unzipped again, I got the file MyPicture.exe.

 

Just curious but how does AE know when you did an .exe file, does it act like a scanner?

dja2k

 

AE scans the disk and builds an approved list. If anything then runs after this which is not on the approved list then they are blocked from execution. I've tested it in the past and it works well but it blocked a number of security updates by 3rd party apps so it got removed. Great for total lock down situations but can be tedious in the real-world.

~interact

 

I know how AE works, I've tried it but didn't keep it on either. When Erik stated, "I tried this and while I was unzipping the file Anti-Executable warned me and removed the file MyPicture.exe." got me curious as to how did it get it while unzipping, that would be like an active scanner or scanning on creation of .exe wouldn't it?

dja2k

 

dja2k,

I've no idea what AE does under the hood but the code it uses to check for a process open could also be triggered by other file I/O (if incorrectly coded). If any PE32 file is copied to the disk then the O/S can map it's image to memory to display the icon or other PE info such as version details.

~interact

 

I have checked out DS once again, and I almost know for sure that this was the last time, it really sucks. Configuration seems a bit too complex, but the worst part are the very unclear, thus useless alert windows. How the hell am I supposed to make a good decision based on crappy information?