Crystal Security - Discussion

Discussion in 'other anti-malware software' started by kardokristal, Jan 29, 2012.

  1. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    @bjm_ Thanks for the information. ;)
    Please white list directories of other security programs to avoid Unknown pop-ups during updates (definitions etc...)
    It depends what engine detected files. Probably Collective cloud or Heuristic engine. You can manually upload mentioned files to VirusTotal and see if there is any hit by any antivirus vendor.
    Currently you can't access trusted items list via UI but you can find listed files under AppData => Crystal Security => Trusted Items.xml

    If clean file is blocked by Stealth Guard then you can manually exclude file or Re-build trusted items list.
    When you enable Stealth Guard then applications and files are automatically listed as trusted so it is important to activate Stealth Guard on clean PC.

    Regards,
    Kardo
     
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Hmm, kinda' figured that's what CS did automatically.
    Okay, found Trusted Items.
    Is 'Stealth Guard' enhanced protection or a convenience to be prompted less. What's the upside to 'Stealth Guard'. Is 'Stealth Guard' simply CS anti-executable Whitelist.
    Is 'Stealth Guard' different from user created Whitelist.
    Disabled 'Stealth Guard' and 'Trusted Items' remain.
     
    Last edited: Feb 28, 2016
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    CS flagged Norton def updates again with C:\ProgramData\Norton Added to Whitelist.
    Realized if I repeat Allow while Norton is mid-update. UO toaster re-opens. And CS crashed. Error_log in Logs.
    Added > C:\ProgramData\Norton\{0****7}\NSBU_22.5.2.15
    We'll see.
    Update: still getting (multiple) Unknown Object - Collective - Unknown with Norton updates. CS keeps throwing toaster presume as updates are uploaded.
    Update2: Added > C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions.
    We'll see.
    Be nice if Unknown Object rendered Whitelist path. Because C:\ProgramData\Norton\{0****7}\NSBU_22.5.2.15 renders as the Unknown path. Which suggests I need to add same to Whitelist.
    Edit: Maybe, I'm drilling too deep. I'll try.
    C:\ProgramData\Norton
    C:\Program Files (x86)\Norton Security with Backup
    Update: still getting (multiple) Unknown Object upon Norton updates.
    How to find Object and add wildcard and Whitelist.
    Object hash change each update.
    Crystal Security Unknown Object Norton LU.png
     
    Last edited: Feb 28, 2016
  4. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    CS by my settings is not manageable. Allow re-opens Unknown Object toaster. Block re-opens Unknown Object toaster. Had to Disable Protection.
    Why does Unknown Object re-open (multiple) times. How do I restore these files from Quarantined folder. Do I have to manually edit each CBCQ n' UBQU. And move file where. How do I restore these files from Quarantine.
    How do I Whitelist and wildcard these C:\ProgramData\Norton Installer\Logs* Unknown Objects. I need wildcard after 2016.
    Crystal Security goes nuts.png
    C:\ProgramData\NortonInstaller\Logs\2016-02-28-21h50m37s.7z</file><classification>Unknown</classification><time>2/28/2016 10:00:09 PM</time><hash>ad9186951852d745bafa3e486801241a</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-21h50m37s.7z</file><classification>Unknown</classification><time>2/28/2016 9:59:48 PM</time><hash>ad9186951852d745bafa3e486801241a</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-21h50m22s.7z</file><classification>Unknown</classification><time>2/28/2016 9:58:51 PM</time><hash>058cd93e1fef3bb4d4624e02cb937ca4</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-21h46m00s.7z</file><classification>Unknown</classification><time>2/28/2016 9:58:38 PM</time><hash>c71727a2e674a78559b17635e1d99963</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-20h21m40s.7z</file><classification>Unknown</classification><time>2/28/2016 9:56:59 PM</time><hash>5fa148b4182b9ddac776632e96d4ea2d</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-14h53m42s.7z</file><classification>Unknown</classification><time>2/28/2016 9:55:44 PM</time><hash>5e7196dde6882b328f7586e7c99f882c</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-13h32m44s.7z</file><classification>Unknown</classification><time>2/28/2016 9:55:30 PM</time><hash>b00c8ed251233d760848ffa55906054c</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-13h03m07s.7z</file><classification>Unknown</classification><time>2/28/2016 9:55:26 PM</time><hash>e5554591993bb2eae5028eece0fb1ee7</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-11h33m56s.7z</file><classification>Unknown</classification><time>2/28/2016 9:55:20 PM</time><hash>9208fb3b0ef767ceb0ef5552c0f664aa</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-10h33m49s.7z</file><classification>Unknown</classification><time>2/28/2016 9:54:57 PM</time><hash>dba3300570734a36fe38ee2af83e7640</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-09h48m25s.7z</file><classification>Unknown</classification><time>2/28/2016 9:54:52 PM</time><hash>71a98bca9c308b5d51d76c98f33b8ae2</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-08h54m51s.7z</file><classification>Unknown</classification><time>2/28/2016 9:54:40 PM</time><hash>816bf6ab0802dc72398f964d09eac5c0</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-08h40m40s.7z</file><classification>Unknown</classification><time>2/28/2016 9:54:30 PM</time><hash>bbbe9635765e8e728ac2f2b89932e2fa</hash></name><name><file>C:\ProgramData\NortonInstaller\Logs\2016-02-28-07h58m25s.7z</file><classification>Unknown</classification><time>2/28/2016 9:53:18 PM</time><hash>fcfde6b6ba9e00b75d5bad434191eecb</hash>
     
    Last edited: Feb 28, 2016
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Crystal Security UO 7z Archive.png Crystal Security UO Installer Logs 7z + UO pics.png
    ProgramData\NortonInstaller>Logs = 7zArchives from 2014 thru near current and CS prompts for every file. What to un-tick to stop CS prompting just exploring directories.
    Only way I could stop was Disable Protection. Upon Enable Protection. CS picked up again throwing 7zArchive flags. Unknown w CC and Clean wo CC.
    without Collective Cloud check'd.
    Crystal Security CC not tick'd.PNG
    which asks the question with Collective Cloud not check'd. Why Collective Cloud report Clean.
    Crystal Security CC not tick'd and CC Clean.PNG
    Granted, Details does not list Collective Cloud. But, there's no * next to Collective Clean to indicate *see Details.
     
    Last edited: Feb 29, 2016
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Q: Why does click Apply add check to Monitoring > Custom. When is Apply used.
    Q: What does On-access do. What's difference w On-access vs wo On-access. I was thinking On-access referred to launch file. I've launched files wo CS toaster.
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Quarantine: any-user know how to restore from Quarantine.

    Edit: okay found rt click context menu > remove from Quarantine but, files remains in 3.5 > Quarantine.
     
    Last edited: Mar 1, 2016
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Could not find file 'C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\Lue\Downloads\Partial\norton$202015$20core$20virus$20definitions$20x64_microdefsb.curdefs_symalllanguages_livetri.zip'. at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args, Boolean synchronous)
    at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
    at Crystal_Security.Main.Get_Result()
    at Crystal_Security.Main.Request_cloud()
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    at System.Threading.ThreadHelper.ThreadStart()
     
  9. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    appears Whitelist is not respected with Auto Decision OFF. Or, Whitelist requires exact full path or wildcard. I have ProgramData\NortonInstaller in Whitelist. This toaster is useless. When away from screen and return to Unknown Object dialog with cryptic Object needs me to guess Allow Block to see less cryptic path in Overview. I need Whitelist to respect Auto Decision OFF and CS to alert for not Whitelisted. Or, maybe granular Collective cloud protection that will never recognize Norton updates. ProgramFiles\Norton with ProgramData\Norton with ProgramData\NortonIntstaller in Whitelist does not satisfy CS with Auto Decision OFF. Pics are with Stealth Guard enabled. Even with Norton as Trusted Item. Auto Decision OFF does not respect Trusted Items.
    Crystal Security Unknown useless.png Crystal Security Unknown useless 2.PNG
    and Restore from Quarantine still eludes my eye. Thanks
     
    Last edited: Mar 2, 2016
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Anyone?. Anyone know how to restore files in Crystal Security > 3.5 > Quarantine.
    Crystal Security 3.5 Quarantine files.PNG
    TIA
     
  11. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    @bjm_

    Thanks for the interest. :)
    Stealth Guard is like a lock-down system to protect allow only Trusted items.

    All other files are blocked by default but you can exclude blocked files anytime to allow clean or newly installed applications.
    Yes. Different lists.
    Interesting. I'll try to re-produce it. If you add folder to whitelist then it should skip all files in whitelisted folder automatically.
    No. You can restore file only via user interface under Blacklist section: Right-click on blocked file and then choose Restore Selected File.

    After that quarantined file should be restored to original location. Also please note that quarantined files are encrypted automatically.

    quarantined_file.png
    Collective cloud is powered by VirusTotal service via API (all results by each AV vendor is in Collective cloud result).

    I hope it helps.

    Regards,
    Kardo
     
  12. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hi @everyone,

    Crystal Security is now Bronze Certified by OPSWAT. :)

    opswat_bronze_certified.png

    OPSWAT Bronze Certified products are able to be detected by leading technology solutions,
    and their vendors have a technology partnership with OPSWAT.

    You can find Crystal Security under Certified Products.

    Regards,
    Kardo
     
  13. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Well, I cleared Blacklist and still have files in Crystal Security > 3.5 > Quarantine.
    Restore Selected File does not mean (to me) Restore from Quarantine.
    But, just now realized segments. Restore Selected Files is grouped with View Quarantine Files.
    Restore from Quarantine sounds like Restore from Quarantine while Restore Selected Files under Blacklist sounds like Restore Selected Files from Blacklist.
    *** Anyway.....I still have files in 3.5 > Quarantine. I cleared Whitelist & Blacllist and disabled CS protection.
    ---------------------------
    and with Whitelist = Program Files > Norton | Program Data > Norton | Program Data > Norton Installer.
    CS prompts and Norton updates Unknown by Collective Cloud. Yes, I'm aware Collective Cloud is VT.
    I need Exclude Norton by location with wildcard or Norton by Signature or ?
    Norton updates are not (for me) listening to Whitelist. IDK if Whitelist is location, fingerprint or ?
    -----------------------------------
    So, Stealth is maybe akin to ERP Lockdown but, ERP Lockdown looks at ERP Whitelist. Stealth should Whitelist Running Processes & Lockdown. I gave up on Stealth because of duplicate files that I already Whitelisted. No idea result of duplicates. Whitelist | Blacklist | Block List | Stealth List | Quarantine List | ?
    I follow Whitelist / Blacklist. Stealth Guard populating another List based upon IDK.
    -----------------------------
    Quick renders Collecting Objects: nnn, Classifying: nnnnn, nn%. Advanced renders 0.
     
    Last edited: Mar 4, 2016
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    For example. Whitelist => ProgramFiles\Sandboxie does not satisfy Sandboxie\*
    Crystal Security Clean Object Sandboxie.png Crystal Security Clean Object not WL satisfied.PNG
    ------------------------------
    Okay, just manually deleted files in 3.5 > Quarantine since I had already cleared Blacklisted files before yesterday. Does Blacklist also Quarantine..?
    Does Whitelist / Blacklist work with Auto-Decision OFF..?
     
    Last edited: Mar 4, 2016
  15. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hi @bjm_,

    Bug confirmed and will be fixed in the next version. ;)
    I'll still try to re-produce it.

    Please send Settings.xml file to e-mail address which you can find from Crystal Security website.

    Thanks in advance.

    Regards,
    Kardo
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    sent xml
    Thanks
     
  17. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    text cutoff and my Norton issue remain
    Crystal Security 162 text cutoff.PNG
     
  19. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Advanced Collecting 0 issue remains.
    Crystal Security Advanced Collecting 0.png
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Quick Checkup finds same two Suspicious as .159.
    Has Crystal cloud data updated to reflect Crystal telemetry...?
    ------------------------
    I'll have to Exclude CS in Norton as Norton wants to Quarantine CS due to WS.Reputation.1. That's Norton catch all for new program and few users.
     
    Last edited: Mar 6, 2016
  21. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    509
    1.jpg

    @kardokristal
    Suggestion, add path of the detected object and add a link so it opens the folder on click.
     
  22. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Kardo, Did you receive sent xml..?
     
  23. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    @bjm_ I checked DPI option and confirmed that DPI scaling is turned off. Maybe text cut off is because of the resolution of your desktop?
    Are you using default or modified Settings under File types and Areas?
    @phalanaxus Thanks for the suggestion. I'll see if I can add it. :)
    Yes, got it. Thanks! ;)

    Next version will be out very soon. I still try to re-produce your reported issues so most probably your reported issues will be fixed in the newer version.

    Regards,
    Kardo
     
  24. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Generic Monitor 1600x900
    cut off only with Crystal Security
    you have my Settings.xml
     
  25. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    1,091
    Location:
    Estonia
    Hello,

    Crystal Security 3.5.0.164 released

    Changelog

    • Added details for each file (View Details)
    • Added customization features to "Overview", "Whitelist" and "Blacklist"
    • Added "Display check boxes" for each section
    • Added "Sorting" for each section
    • Added "Reorder columns" for each section
    • Updated .NET Framework to version 4.5

    Screenshots

    1. View details of each file

    view_details.png

    2. Customization features

    customization_features.png

    Two different types of downloads

    Download installer version of Crystal Security 3.5.0.164
    Download portable version of Crystal Security 3.5.0.164

    Looking forward to your feedback. :)

    Regards,
    Kardo
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.