Cyberhawk v. 2.0 just released

Greets Armando & Thanks.

That is exactly what i suspected and of course alluded to in my comments toward that same fact about HJT, so thanks for the confirmation.
As aforementioned, CyberHawk was and continues to perform normally to this configuration on XP Pro SP1.

I applaude the efforts put into this latest release. I am especially encouraged to find Cyberhawk now "Quarantine" immediately "known" THREATS, and equally allows to return any file we deem for our own use (even if identified by High Threat) safely to it's former location.
It's all about choice and in this latest version CyberHawk again affords this important feature as before.

I see the community protections/contributions have definitely given rise to a more "informed" detectability rate.

Well, i'm off to throw some other items at it for conscience sake, but i know it will rapidly meet those tactics in a manner which is quite satisfactory from this end to date.

 

Hi Rasheed187--

Not quite sure I understand...

It's certainly our goal to have Cyberhawk identify ALL malware, but as far as I know there is currently no tool available now that can do this with 100% accuracy.

Are you seeing cases with known malware where Cyberhawk does not alert you? If so, we'd very much like to have the details so that we can test for ourselves and continue to improve Cyberhawk's smarts. What types of suspicious behaviors in your opinion are we not alerting on?

Just to clarify, one thing we do not wish to do is burden the user with unnecessary prompts in the case of false positives. Having too many false positives has traditionally been seen as a detriment in most behavior-based tools. We've worked very hard to build in intelligence into how CH determines whether an action is truly suspicious or not. And so far we've had very good feedback on this aspect of the product.

Regards,

Becky Dubrow

 

Hi, folks: I think my question may have been raised here before. W/ new CH v.2 being released, the situation may have been somewhat changed. My simple question is : Does CH pro conflict w/ Prevx1 ? I have learned from Prevx1's forum this; although they do not post an apparent issue, the hidden one is very likely. I regard these fabulous apps as love/hate programs. Sometimes you love them dearly and other tomes you just hate them. I have since enlisted prevx1' service, I love it. And like to add CH pro v.2 as its companion. Any good advice? Anyone? Thanks.

 

I obtain this error allways that I start the system
means that Cyberhawk try to close Outpost firewall pro and outpost firewall prenvent it.

Why?

 

I take it by the unusual frequency of "This Program Is Logging Keystrokes" from explorer, internet explorer, notepad, and even CyberHawk itself CHGUI.EXE not mention others, that it is being alerted & picking up on my own keylogger.

Be advised that i do deliberately incorporate a local "keylogger" on my machine which logs in sequence any text as well as programs/time initiated.

I cleared that program thru answering the prompt but decided to add that process to the "Trusted Processes".

Just curious since another members have made mention of same/similar activity.

CyberHawk so far is very stable and of course quickly ALERTING to unusual system behaviors.

Thanks EASTER

 

Experience the same as guest. I use CH 12039. Outpost 4.0.971.7030 (584)

Best Regards

 

I am unsing
Outpost Firewall Pro ver. 4.0.1005.7229 (590)
Cyberhawk 2.0.1

 

Perman: Does CH pro conflict w/ Prevx1 ?


http://i113.photobucket.com/albums/n218/yankinNcrankin/th_q.jpg


I currently have the 2 programs above and the ones in my signature running on my box with no conflicts pretty cool I had issues with Cyberhawk's earlier version and a few of my gaming programs, this new version has corrected the problem and is very stable.

 

No conflicts with DSA and Cyberhawk?

I have tried them seperately but never together, wasn't sure about any conflict or overlap

 

Hi, folks: hi, y_N: thanks for your findings. I am glad to learn that Prevx1 and CH can coexist. I shall give CH a good test run sometime this week. Thanks again, and have a nice one.

 

Novatix must have the slowest servers on the planet! At least for me, trying to view their website is a chore.

 

@ Becky Dubrow

Thanks for the response, the thing is, the way I see "HIPS" is that they should alert on every suspicious activity and it´s up to the user to decide if they would like to allow it or not. Now I sometimes see alerts and sometimes not.

As you might know, as soon as you allow a driver to be installed on your system, your system might be "owned" by a rootkit. That´s why I´m surprised that I did not always get an alert about this stuff. And perhaps you can say, "well it´s probably because CH thinks that it´s safe". But the thing is, as you said yourself no security tool on the planet can recognize all malware.

I also noticed that CH does not rely completely on its HIPS, it also has a signature engine, is this self developed or licensed from some other tool? And why is a harmless tool as Scoundrel Similator flagged as malware? Plus the whole GUI needs on overhaul IMO, other than the fact that it´s not resizable, it seems like it´s depending on IE´s fontsettings?

 

I tested http://www.pcinternetpatrol.com/pcaudit with cyberhawk and it fails, another "bug"

 

Where can I see what is new on version 2.0.1?

 

I think that the unique change is a problem with the trial version

 

Thanks.

Would be nice if we could have this information of CH website...

 

Cyberhawk Support,

Did you know about this test: http://www.techsupportalert.com/Security Tests/HIPS/Security Tests - CyberHawk V1.2.htm

The current version of CH still failed a few tests of this page, but the others are fixed?

 

Recopilation of leaktest, for test and reapair Cyberhawk

http://www.pcinternetpatrol.com/pcaudit
http://www.techsupportalert.com/Security Tests/HIPS/Security Tests - CyberHawk V1.2.htm
http://www.pcflank.com/leaktests_info.htm
http://www.firewallleaktester.com/categories.htm
http://www.geeksuperhero.com/scoundrelsim.shtml

 

Hi Rasheed187--

Cyberhawk employs intelligent analysis in its strictly behavior-based protection in an effort to greatly reduce false positives and to appeal to non-expert users. The product was designed to be simple and straightforward to use so that even novice users could have an extra layer of added security. It's the intelligence behind CH that keeps it from alerting on every single action that you see, as this would quickly become overwhelming for most users.

If you'd like to see more alerts, then I'd encourage you (as a more advanced user), to set up the Custom Rules to your liking. You can be very specific about the types of actions you'd like alerts on, and can even set them to alert on just about all actions, if you choose. This way you can always make the choice, since that's your preference. The novice users we've spoken too, however, would just as soon have all choices made for them, whenever possible.

And we do not employ a signature engine in Cyberhawk. Again, all alerts that you might see happen due to detected behaviors, not signatures. If we detect a malicious action and decide an alert is warranted, we'll then attempt to match what's happening on the systme to information that we have in a blacklist database. This is not a signature engine and it is not a straight blacklist that blocks based on signatures. It is simply a check AFTER malicious behaviors have been detected to allow certain user interactions with Cyberhawk to be more straightforward and convenient. For example, if Cyberhawk first detects malicious behavior, then finds a match on the blacklist for a known malware, then we can automatically block the process and behavior involved instead of asking the user to make a decision about that.

I don't know that much about Scoudrel Simulator, but I've asked some folks here to take a look at it. From just a quick review, it seems like it does actually perform some actions that might be considered malicious UNTIL you revert the PC back to its original state. This is exactly what Cyberhawk is designed to do--detect activities that may present a threat. Again though, I'll have our technical group look into it in more detail.

I hope this explanation helps understand a little better how CH works. We appreciate all your questions and comments.

Becky Dubrow

 

Hi guest,

This is a general error message by Outpost that it will show when an app attempts to monitor it as Cyberhawk attempts to. It appears to be part of their security. Cyberhawk is not attempting to terminate Outpost but monitor its behavior. You can check the "Do not show this message again" or "No comunicar este evento", on your system, since both this apps should be trusted.

We are looking at ways to have a message from Cyberhawk to notify the user with this type of behavior.

Armando
Novatix Corp

 

Hi Rasheed187,

Yes, Cyberhawk does not flag the installation of drivers. Lots of legitimate software perform this very common task.
However, Cyberhawk effectively finds hidden processes that a malicious driver may hide and kill them. Also, more improvements may be rolled into the product to intelligently identify the legitimacy of a driver's installation, but the simple action of driver installation will not trigger a Cyberhawk response that forces the user to make a decision.

Simulators like this one are being flagged as malware by other major vendors in the industry as well. Because the actions that it performs are something that a user would not want performed on their system (like removing the Internet icon from the Control Panel) and Cyberhawk has seen this 'simulation' software before, the red dialog removes the need to make a decision on these triggers from the user.
I admit that Cyberhawk's description of the simulator may be a bit unclear, and we may make a change to address it in the future, but it is a primary goal to remove the decision making event from the user's experience. Cyberhawk's identification of Scoundrel Simulator's actions as something the user doesn't need to make a decision about aligns with that goal best. Thanks for pointing it out.


Kurt

 

@ Becky and Kurt

Thanks for the feedback, but I guess CyberHawk is not for me, I don´t like its approach.

Well lots of malware do the same thing. And actually most simple apps will not do this in my experience. But yes it would be cool if you could identify the legitimacy of a driver's installation.
And about Scoundrel Simulator, I don´t think that security tests should be flagged as malware, HIPS should instead try to stop the suspicious behavior. Btw, you might also want to look at the IE Fontsetting problem:

 

Heres something I noticed which is also why I'm running Prevx1 along side of Cyberhawk both use different methods of detection, I'm sure alot of you know that already but I just thought I give some visuals.
Here is Prevx1 method I counted 81+ SSDT Hooks with NO code hooking.
Cyberhawk I counted 5 SSDT Hooks and 380+ Code Hooks some really cool magic lol

http://i113.photobucket.com/albums/n218/yankinNcrankin/th_pc.jpg

 

Cyberhawk Support,

The argument that a lot of programs install legitm service is not valid, because a lot of programs add them self to startup with Windows and we receive an alert about that. And I still lacks the Windows Startup folder on free version...

This type of things should be consistent...

 

Hi all, CyberHawk still phones home inspite of updates and community participation turned off. They promised to fix it many months back but they did not keep their words.

Anybody noticed this as well?