Cyberhawk Security Software - public beta

I got an update alert yesterday where cyberhawk told me there was a new version.

btw I downloaded the trojan test from bufferzone: http://www.trustware.com/security_test_disclaimer.htm

and cyberhawk did not prevent or warn about the obvious trojan activity
It collects information and starts calc.exe and injects code in to it and then connects to the internet and sends all collected info
Is it not this kind of behaiviour cyberhawk is supposed to atleast warn about?

This is what trojan demo reported after I executed trojandemo and allowed it to access the net (with only firewall enabled in Tiny Personal Firewall):

*edit* removed some personal info

 

sukarof

I'm not using CCS, but after your test i decided to have a go just to see what might happen anyway. First of all it wouldn't launch due to WinSonar Free protecting all unallowed/unknown EXE's, so i allowed it.



All it did was launch calc.exe ! I'm running 98se and IE, but in a very secure way, so i'm still a extremely happy bunny with this setup.


StevieO

 

Stevie O:

Yes propably all brands of HIPS will warn about the trojan demo activity, but the point was that cyberhawk did not.

I might add that Cyberhawk do warn, sort of. When I execute the trojan demo I do get an alert that Totalcommander (I start the trojandemo from Totalcommander)

but that is not very informative (it is misleading imho) since I trust Totalcommander and it is not trying to tamper with anything, it is merely launching the trojandemo. It is the trojandemo who eventually (after it is launched) starts to tamper/injecting code with other programs (calc.exe) and I would like cyberhawk to tell me that "trojdemo.exe is trying to tamper.." and so on.
If I answer "deny" for the trojandemo I will get an alert where Cyberhawk wants to transfer Totalcmd.exe for analysis to them. But that wont do any good since totalcmd.exe is not the problem here - trojdemo.exe is! they should want the trojan for analysis :/

 

Interesting. Maybe the product's intelligence is letting the activity pass because the tester you are running is not a trojan.
Chawk probably doesn't stop eicar from running either. Its behavior doesn't do anything malicious.
Have you run the OptixPro client against it? That software is stopped on my system, and that's because it is a trojan.

The fewer false positives the better.

 

I installed latest version yesterday, used for about 10 minutes but after that my system freezed. Rebooted and used for about 5 minutes and again my sytem freezed, so I just Rolledback to a clean snapshot. I like it but it,s not for me yet.
Impressions from this brief use. The GUI and tray Icon is very nice and good looking now. Introduction was quite impressing. They have probably decreased its aggressiveness as I got very few pop ups but I suspect at the same time thos step has also decreased its efficacy against malware ( just a feeling, I cannt confirm it).
Will try next version.

 

'
Maybe you are right, but I for one would want to know if a program collects data and sends it somewhere on the net. I think it is malicious behaiviour. Maybe Cyberhawk has some kind of definition for this demo trojan? But then again CH never claims to be an replacement for an firewall It warns for quite many suspicious behaiviour tho and yet it is not too intrusive. Since I have Tiny Firewall and appdefend and regdefend also I can see that Cyberhawks warnings are relevant. Maybe they have found a middle way (=less popups) between a system that is not protected by an HIPS and one that is fortified with HIPS like Tiny, appdefend, processguard and so on. (=many popup questions)

aigle: To bad it wont work on your system. Maybe it conflicts with Rollback? Just a thought out of the blue since it looks like Cyberhawk filter things it protects through a driver (CHWAH.DLL) and maybe that conflict with Rollback who also filters everything through its own driver?
Disclaimer: I am in very deep water here with this theory but I am sure (I hope) that I will be corrected by some one who knows more

 

It,s a possibility. However I have used its ?first beta with RollbackRx without any problems.

 

You are using win 98 right? The test probably doesn't work on win 98, given that the files directories it looks for don't exist in win 98. Of course the test can be easily modified to target the right directories, in which case I highly doubt winsonar will protect you, once you allow it.


Fern.

 

aigle,

I was having a similar freeze with Cyberhawk on my pc also. The one thing you and I have installed the same is Geswall. There appears to be a conflict when Geswall has an app isolated and CH. I wrote to Novatix and what they found is the failure is occurring in the Geswall code, it doesn't unlock the app properly causing the freeze. When CH is added into chain of events it brings out this failure. I suspect if you were to remove Geswall with CH you'd run okay.

Of course, I questioned this, nice of them to use Microsoft tactics and blame a 3rd party. They assurred me that the debugger isn't lying and they could not find the failure in CH. They plan to contact Geswall to see what can be done.

I like having CH installed because it isn't intrusive and doesn't use brute force to block everything. The verdict is still out on how effective it is against a virus attack but I like my chances.

Caio

 

Thanks for the info. I will try it without GesWall and see( though I got problems even without GesWall with previous version). I will write to GesWall sopport as well.

 

该软件在推出时，受到竞争对手的阻挠耽误了很多时间，不过相信很快就可以推出正式版，而且到时会有英文版的。另软件正在不断完善，相信到时大家拿到的会是一款相当棒的软件。

the obstruction that is subjected to the rival held up the plenty of time while release,, however believe that very quickly can release the formal version, and there will be the English version by that time.The software just at continuously perfect, believe that everyone can use it as a very good software.

 

thanks, pls tell us hen it is released.

 

Hi Folks

Dowloaded Cyberhawk this afternoon to give it a try and have a couple of questions.

Firstly, I may have misunderstood this, but shouldn't the Protection Log list those processes indentified in the Security Status tab as Programs Protected. I have 59 Programs Protected but nothing in the log under the Protection Log.

Secondly

I too run PG but see no reference to hawktask.exe, only chgui.exe, chservice (which has permission to install drivers/global hooks and access physical memory) and chtray.exe

Does hawktask.exe only apply to earlier versions.

Other than that Cyberhawk does seem eerily unobtrusive and haven't any BSOD or conflicts so far (at start up - NOD32, LooknStop, Spyware Guard, )Shadowuser, Process Guard)

Thanks for any help or tips on this.

By the way is it still in beta? Couldn't tell from the website.

 

I decided to try Cyberhawk again. I dont know if I remember wrong but doesnt Cyberhawk have execution protection? I dont get any warning about executables starting.

 

I'm not getting any warnings about anything at all

Events analyzed are updating very sporadically and I have no idea what Programs are protected because it simply isn't listing them.

To repeat from my earlier post, have I missed something here?

Sukarof, do you get hawktask.exe as a component of Cyberhawk?

Thanks

 

Hi

Don't worry guys, decided to ask these questions at Novatix support (should have done in the first place I guess) and they've answered already.

Encouraging to see such swift support. Always a positive for any product when you feel there's good support for it, especially when the product is free