Cyberhawk v. 2.0 just released

I installed LimeWire and during that a strange prompt from CH. The application name/ path not mentioned at all.

 

I would like to address the "phoning home" issue that you brought up.



Cyberhawk in your screenshot is not phoning home. The IP address being contacted is for the host "crl.verisign.com", which is a repository at VeriSign related to the validity of VeriSign digital signatures.



When analyzing system activity, one of the things Cyberhawk does is examine digital signatures; to do this it uses calls into the operating system. Apparently on your system (and doubtless on others) these system services involve contacting VeriSign to obtain some information about the digital signature.



We were not aware that this type of activity could occur as a side effect of calling these system services and we are considering what to do about it. On the one hand, since Cyberhawk is not "phoning home" and the activity is really part of a system service, it's not clear that we should be concerned about it. On the other hand, we understand that customers who turn off the "phoning home" features of Cyberhawk could be suspicious of any internet activity caused even indirectly by our program, and may not want such activity. While we are not sure that we can guarantee that no system service we ever access will contact the internet (since we are not in control of how they work), we can and will research this instance further and figure out what we should do about it. If you have feedback or suggestions about it, we'd love to hear them.



Thanks for letting us know about this.

Daniel

 

Thanks for the reply.And what about my other post( #76).

 

I've reported a few things directly but thought I would mention one here. The following error has been occurring about once a day:

---------------------------
CHService.exe - Application Error
---------------------------
The instruction at "0x7c910e03" referenced memory at "0x00560000". The memory could not be "written".

Click on OK to terminate the program
Click on CANCEL to debug the program
---------------------------
OK Cancel
---------------------------

The CH service shuts down.

---
Win XP Home SP2, avast home edition, WinPatrol 10.0.3.0, Sygate PF 5.5

 

I tried XP Killer trojan and received no alerts from CH. I am not sure but I think older version was detecting it.

 

Two more things I noticed.

1- It is alerting keylogging from Opera( that is wrong) and never reported by older version).

2- It gives some times a nag pop up( not 100% sure)!?
Any other person noticed it? (see the pic)

Anybody can tell what is the differece of resource usage from older version?

Thanks.

 

CW TEST:

https://www.wilderssecurity.com/showpost.php?p=870147&postcount=3

XP Killer trojan -- Fail in the older version.

 

The "nag" (very seldom - not much of a nag) is there in the old version also.

How does the new free version compare with the 12039 free? I dont get a strong feeling of a lot of improvement detectionwise from what I read in this thread?

Guess I will upgrade anyway.

Best Regards

 

Thanks. I did not remember the result and was too lazy to search for my own post.

 

So far this thread has not been exactly thrilling reading.

Is there a good reason to upgrade?

 

Where can we get the latest version BEFORE this new release?

 

I want also to revert back to the previous version of cyberhawk. Sadly, I had trashed the old file. This latest version keeps alerting me that "FIREFOX.EXE HAS PERFORMED AN ACTION THAT IS POTENTIALLY MALICIOUS- This program is logging keystrokes!"
Of course I ALLOWED the program. But why isn't there any UNDO action if I change my mind and later decide to deny the application?

Comments please, Cyberhawk Support.

 

Hey j-jones
There is an "undo" option if That's what you mean, or you can do session based "allow" in the warning window, by not checking "Remember This" option.

 

What version do you have? I'm using Version 2.0.1 Cyberhawk Pro with 13 days left for trial. It shows no UNDO button like the one in your attached image. There is the THREAT CONTROL, SECURITY STATUS, ROOTKIT SCANNER, CUSTOM RULES and OPTIONS. That's all.

 

oops, yes, still on V1.2
sorry, thought the newer version would have similar
Maybe under custom rules or such??

 

Hmmm... now I see. I have to always allow or deny the flagged program so it would get listed in the Threat Control panel. Once listed in the Allowed or Denied tabs, I could get to change the action by selecting Remove and thus deleting the allowed or denied program from the list. I guess I had no time study this new version of Cyberhawk till now.

Anyway, thanks, Longboard for prompting me to take a closer look at Cyberhawk.

 

i am still waiting for a reply to the 2 service tickets i submitted in December. when i was a Cyberhawk user.

i personally believe that your organization should immediately cease and desist with product development and instead focus on putting some teeth into your infrastructure.

i say this not out of malice, but out of my experience in not being able to reach anyone within your organization (for days) when i was experiencing issues with Cyberhawk. as i stated i to this moment still have not even received the confirmation email from your automated system indicating a trouble ticket was even submitted (twice).

again no malice is intended, but you can have the best product in the free world, but if the end user does not have faith that he/she will have organizational back-up, they are not going to stay with you. with the proliferation of security products so easily accessible, brand loyalty is at best elusive, but without it you will be in a compettitive dogfight for market share for as long as choose to engage. you'll make sales, but what a brutal way to make a living.

Mike

 

keystrokes logged firefox exe. last version did not do this. since new version do it and cannot put activities back to zero i uninstalled until fix come.

 

Hi Mike--

I'm sorry to hear about the trouble you had contacting us. I just sent you a PM asking you to forward the email address you used to submit the tickets so that we can research your inquiries.

Our support technicians are generally very responsive and helpful. As far as I know we have no outstanding tickets and we usually reply to tickets the same day, within hours. Worst case scenario would be within 1 business day.

We have found in the past that some email programs will block the auto responses and will "junk" our replies since the reply appears to come from an unknown sender. Perhaps that's what happened in your case? But even if you don't receive a reply from us you can always log back in to your account to check the status of your ticket and view any replies that we have posted to your inquiry. What happens when you log back in now? Are you able to view any replies from us? Logging back in to check your account allows you to bypass any email filter issues.

Or perhaps there was some issue with the original ticket not being successfully submitted for some reason. We've had our online support up and running for actually a couple years now and we regularly receive tickets from users who have questions.

Also, if you ever have any further trouble contacting us through our online support center, please feel free to use the posted email address or phone number listed on the About Novatix page of our website. We certainly don't like to hear that users are having trouble contacting us, and we want to hear from you.

As I said in the PM we definitely would like to track down what happened here to ensure everything's working correctly. I look forward to hearing back from you.

Kind regards,

Becky Dubrow

 

@ VaMPiRiC_CRoW

Good point, I mean a lot of apps are doing possible dangerous stuff, so the only way to know for sure if a certain action is dangerous or not, is if you could flag an app as 100% secure, but no tool can do this. I mean currently CH feels like sort of a hybrid HIPS, it will alert you about certain things, but it ignores other stuff.

 

I wonder why u people are expecting the job of a classical HIPS from a behav blocker.
If u need to be alerted for everything there are many other options available already.

 

Is not for everything, as I don't like HIPS, but just for possible threats.

If you try to understand what I tried to say, you will see that it doesn't have any sense to check one things and ignore others, like check windows startup registries and ignore the Windows Startup folder and the installation of new services and drivers...
A lot of programs are now using services, so you can see the problem here...

 

About start up enteries u are right.
I personally will prefer either no pop ups on start up enteries, drivers, services etc or preferably pop ups that are different from other pop ups with different color as a medium level threat as most of them might be legitimate.

 

I agree with you.

The alert windows should be improved in some areas...

 

There should be an option to completely turn off CH.
Now all that I can do is to suspend CH service. And when system reboots the service starts again itself that means no user control.
Also I wonder why there is no option to exit CH and also there should be an option Not to load CH with windows.

The alerts about window new start up enteries need to be different( as medium risk) from other high risk alerts as most of these might be legitiate.