Crystal Security - Discussion

Yeah....great job, Kardo!

 

Thank you. @NSG001

Thanks bro. @siketa

Regards,
Kardo

 

Looking sharp, just like your profile pic.

 

Thanks. @J_L

Regards,
Kardo

 

Congratulations! I really like your product!

 

Haven't had the chance to try the latest version but I am sure it rocks. Keep up the goodwork.
P.S. I will add my neverending suggestions after I try the latest version.

 

@Tarantula Thank you. I am glad you like it.

@phalanaxus Your suggestions have been added to the list. It takes some time to implement your suggested features. Thank you for all the help and feedback.

Regards,
Kardo

 

CS 3.5.0.120 is running on Windows 7 Pro x64 SP1.
When I open Task Manager and close it, it reports a crash.
As soon as I shut down CS, TM closes normally.

Can you check?

 

@siketa Thank you for the feedback.

It is probably caused by Self-protection feature. Please try to disable Self-protection under Settings temporarily and see what happens. Do not forget click on Apply too.

Regards,
Kardo

 

Yeah, that was it.....

Q1) Are you going to adjust this self-protection behavior?
Q2) If I set Notification's duration to "0" (with checked checkbox), does it mean that it will not be shown at all or that the countdown timer is disabled?
Q3) When Idle, CS consumes around 25MB of RAM on my system. During Quick and Advanced scans, it increases and near finish decreases again, but not to the start value. Even when the scans are over it remains high long time after. Can you optimize the release of memory?

 

Found on Kaspersky' "Securelist" in text "The CozyDuke APT"...it's your "CRYSTAL" Kardo?
https://securelist.com/blog/research/69731/the-cozyduke-apt/

 

Hi @siketa

Thank you for the answer.

Yes. I have one idea how to improve it (better compatibility).

Good point! You can see notification for 1 second. I'll improve this behavior in the next version.

Yes. I can force memory release. .NET should manage it automatically too but it is also possible to release memory manually.

Regards,
Kardo

 

@ichito I believe that it is Kaspersky CRYSTAL (aka Kaspersky PURE).

Regards,
Kardo

 

Hi everyone,

I got a lot of feedback about 3.5.0.120 stable version and I decided to make post with Questions and Answers.

Answers to other questions (quoted from other Forum)

Answer: Maximum file size is 128 MB. There is a plan to add customizable limits for uploads.

Answer: VirusTotal

Answer: It is one of the engines you can see under Settings. It is local and updateable databse - useful for offline users.

Answer: When you enable it first time then all files in certain locations will be listed and trusted by default. When new (aka unknown) file arrives then it is untrusted by default. It is possible to add specific file to exclusions list manually and anytime. There is also a plan to add (allowed/blocked) history for Stealth Guard.

Answer: If silent mode is enabled then all notifications (results) are hidden.

Answer: if you mean already running processes then it is normal. When new program starts activity then it is detected as a new process creation and will be analyzed automatically.

1. Start Crystal Security
2. Now launch new program, e..g. Paint, Calculator

Answer: I have a plan to add it to Notification (maybe under "Details" ).

Answer: Point of the question? There is no product with 100% detection/removal (unless it is default-deny, but even then everything is possible).

Answer: Another user also suggested it. I'll try to add it. Thanks.

Answer: I'll think about it.

Answer: If you mean shortcut created during installation then I can't add it because I am using free version of Advanced Installer.

Answer: Currently only workaround is to disable shell integration before uninstallation or another solution is to disable context menu entry automatically when program is closed (exited from tray menu).

Answer: Unknown file is queued for certain interval. After some interval unknown file is checked again via collective cloud (VT).

Answer: I am not sure if it is good idea to enable on-access by default. Got several reports that it may cause performance issues for some users. Signed files are skipped/white-listed by default without any analysis via cloud.

Answer: Yeah. This behavior will be improved in the next version.

Answer: Active protection engine will be improved/updated with next or newer version.

Answer: Enable Shell integration and click Apply (wait a momemt). After that you can analyze files via right-click context menu.

Answer: I just tested (several times) and it works correctly. Maybe you forgot to click Apply under Settings.

Answer: Yes. It means that file is "waiting" stage. So after some interval it should be analyzed by active protection.

Answer: Checkup is actually separated from Active protection. It means that all files will be listed and classified again because there is possibility that one file rating is changed from Safe to Unsafe etc.. And all files classified in Checkup are not listed/added in Whitelist because it may cause performance issues and slowdowns.

Answer: Because next version may be BETA. Then if this option is enabled user will be automatically updated to new BETA version. If user don't want to install BETA version then he/she can skip BETA versions (just disable "Install BETA Updates" option).

Answer: Notifications for Safe files are hidden by default. It is recommended to show only Unsafe/Suspicious and maybe Unknown objects too. There is no reason to show each alert about safe files. Some users like to monitor ALL events (including safe ones).

Answer: When this option is enabled then all digitally signed files are skipped by default to increase performance. Please note that It can also decrease the level of protection because there is some malware with digital signatures (I have a plan to add configurable list for Digital signature).

Answer: This option is provided for additional security but it may cause performance issues too because when you open some folder then all executable files in folder will be listed and checed automatically. Currently some users reported that On-access cause issues. You can safely turn it off but keep other Analysis options enabled.

Answer: If file detection ratio is under 5% then it is flagged as safe (e.g. to avoid FP detections). If detection ratio is between 5 and 10% then it is flagged as suspicious. If it is more than 10% then it is flagged as Unsafe (aka Malware). The user is able to customise this setting.

Answer: When it is enabled then you can see lines on each section:

Screenshot

Answer: It means that program is launched with Highest privileges. Please note that some features need Admin rights to work properly and it is also recommended for better malware removal.

Answer: Here is a tutorial how to use Password protection feature properly (just tested successfully):

Screenshot 1
Screenshot 2
Screenshot 3
Screenshot 4

Answer: Normal situation because Reset button only Resets information under Statistics tab.

Answer: Good point! Yes. Each new file is analyzed but you pointed out good issue. There is no reason to analyze Windows Update files (at least by active protection). In the next version, Windows Update files will be skipped by default to increase performance and avoid server load.

Next version takes a little bit more time because I got a lot of feedback from other users too. Many features to add and some issues to fix. Good amount of users also reported that it works fine but as we know, every system is different.

Regards,
Kardo

 

Hi everyone,

There is a plan to improve notification in the next version.

Preview of updated notification(s). Two types of notifications (based on settings).

1. User decision is required



2. Blocked automatically



Feedback is welcome.

Regards,
Kardo

 

Place emphasis on verdict, emphasis and suggested action. i.e. You can make the suggested action's button (Allow or Block) bigger.

 

@kardokristal
What's difference between Collective Cloud and Crystal Cloud .... ?
Do I understand correctly that Collective is VirusTotal and Crystal is data from Crystal users...?

CS website FormGet = I'm not a robot is noted as Potential Clickjacking by NoScript -- Keep this element locked (recommended) > .... Comment ?

Does CS have PUP criteria ... ?
My client Security program is Cloud hybrid. Won't my real time cloud scan bump CS real time cloud scan..? Granted, even by differing servers.

Does Crystal scan downloads or only new / running processes / exe / dll's.

Do you think of Crystal as Anti-Executable or prefer real time second opinion whitelist / blacklist...?

Are whitelist / blacklist stored local or cloud tagged to my machine.

Website states "removes malicious programs" (malware). By "remove" do you mean block or quarantine ..? Or, do you literally mean "remove".
Because "malware removal" may require manual intervention (by experts) and repairing changes made by malware may require manual intervention (by experts).

Does whitelist include wildcards. For example Flash player versions. Or, my resident virus defs change date.
Does CS whitelist / blacklist by Command- Lines / Parent Process / Microsoft System Files...?
May I edit white/black lists...?

 

@phalanaxus Thank you for the feedback.

@bjm_ Thank you for the interest.

Yes. Collective cloud gathers data from VT and Crystal cloud from own server.

Contact form with spam protection is provided by FormGet. Seems like they have some problems with false positives.

Currently no (general detection). I'll try to add type of detection in the near future.

It depends on the settings. When all enabled then following files are scanned:

1. Created (e.g. downloaded, copied etc...)
2. Modified
3. Launched (new process)
4. Accessed (by Windows Exploer / All files in currently opened folder)

Real-time second opinion scanner but Stealth Guard mode adds Anti-executable functionality too. When Stealth Guard option is enabled then newly created files are blocked by default.

Locally only.

Both. By default malware is blocked (terminated and quarantined without deletion) but user can customize default action (e.g. Delete unsafe file permanently).

Not automatically. Program learns about files on your computer over-time.

Yes.

Regards,
Kardo

 

Hi everyone,

Performed some tests with new design and made some little changes:

• Added small borders
• Added Restore button

Preview screenshots of updated notifcations

1) User decision



2) Auto-decision



Waiting for the feedback.

Regards,
Kardo

 

Looks nice...

 

@siketa Thanks bro.

Regards,
Kardo

 

Might you add option to scan Signed files > white/black my choice. I blacklist items > eg: C:\Program Files\Windows Defender\MpCmdRun.exe <> C:\Users\bjms\AppData\Local\Google\Chrome\User Data\SwReporter\3.20.1\software_reporter_tool.exe < that I haven't figured out how to stop calling home.

 

Got this error, I have dot 4.5.2

A strongly-named assembly is required. (Exception from HRESULT: 0x80131044) at Crystal_Security.Main.g()
at Crystal_Security.Main.a(Object a, EventArgs A)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.ContainerControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

 

I used your program in 2 windows 8.1 installations and it is perfect. I want to use it also in XP sp3 intallation. What net framework version I need ?
Thnks

 

@bjm_ You can turn off Trust applications with digital signatures under Settings => Protection.
Do not forget to click on Apply. After that signed files are analyzed too.

@Windows_Security Thank you for the feedback Kees. You are the only who reported this specific error... Please note that program requires .NET 3.5. Anyway I'll look into it.

@boombastik Glad to hear that you like it. .NET 3.5 is required.
Please let me know how well it performs on Windows XP.

Regards,
Kardo