ewido security suite 3.5 beta

I run the "Complete System Scan" again.
I still have some "infected" files of the previous scan and new false positives...

Scan report_20050601.txt.txt

fish25, if you need some of theses files....

 

These should be interesting
The others will be fixed today asap...

 

E-mail sent...

 

Great news...the alarm at the startup about that Active X component is annoying

 

The new update 1306 seems to be far more stable than the previous ones! Thanks Ewido people!

 

Nice to see that the filehandle problem has been fixed quickly

From my previous comment, I asked "why" SecuritySuite.exe was busy munching away at 1% of my CPU and didn't get an answer, any chance of one this time ?

Since my last email I have had problems with ewidoguard.exe consuming as much CPU as it could (that was before the most recent update) but as the changelog hasn't changed I'm not sure what changed with the update...

Also had a couple of crashes.. details from one of them from my eventlog below

Code:

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date:		1/06/2005
Time:		2:42:25 AM
User:		N/A
Computer:	DTOP
Description:
Faulting application securitysuite.exe, version 3.5.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0002ae24.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 73 65 63   ure  sec
0018: 75 72 69 74 79 73 75 69   uritysui
0020: 74 65 2e 65 78 65 20 33   te.exe 3
0028: 2e 35 2e 30 2e 30 20 69   .5.0.0 i
0030: 6e 20 6e 74 64 6c 6c 2e   n ntdll.
0038: 64 6c 6c 20 35 2e 31 2e   dll 5.1.
0040: 32 36 30 30 2e 32 31 38   2600.218
0048: 30 20 61 74 20 6f 66 66   0 at off
0050: 73 65 74 20 30 30 30 32   set 0002
0058: 61 65 32 34 0d 0a		 ae24..  

 

ewidoguard.exe is back again with its CPU consuming behaviour

Looking at the thread list in process explorer I can see a CreateThread call consuming 90%+ of my CPU

Edit: It resisted being killed at the process level and the tray icon wouldn't popup a menu so I could exit normally

 

Could you please recheck with the latest update?

 

Dumb Question: When you say update, you are talking about the lastest definitions update - right? In other words, there is still the same 3.5 beta build from a few days ago? Does the update button/tab only update the defs or also the program?

 

No, we released a new engine and guard build

Yes, also the program.

 

Yes, it seems to be fine now, thanks!

 

fish25,
Something else kind of odd happened (I think after the last auto-update), the beta popped up a window telling me that my 14 day trial had expired (2 days after the install...)

Is that something that I should have expected ?

TIA

 

Did you have the 3.0 trial installed before?

 

I can't remember if it was on this computer or the other but I had it on one of them (edit: it would make sense if it was this one)

The Kerio 4.2 driver still comes up as a false alert btw, other than that just a few cookies this time

Code:

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:			10:12:03 PM, 2/06/2005
 + Report-Checksum:		E3108E4B

 + Scan result:

	C:\WINDOWS\system32\drivers\khips.sys -> Heuristic.Win32.Downloader
...

 

I normally don't use the ewido guard because of CPU usage of the process, but I'm testing now to see if I see some improvement in this area, but it seems that is the same, and after windows startup, ewido auto updates and the ewidoguard.exe started to use 100% of CPU... I had to restart the PC...

Where we can see some speed improvements and configurations of ewido guard?

 

Same problem here!
Regards

 

Beta driver for LooknStop firewall is detected as

C:\WINDOWS\system32\drivers\LNSFW1.SYS -> Heuristic.Win32.Downloader

I have already sent e-mail with file, but thought I'd let you know here as well.

 

Should be fixed.

This really looks like a bug, we'll go further into this.

Version 3.6 is going to get a new guard + config options...

 

Do you know some date, to release the 3.6 beta?

Thanks for the info

 

Another "Complete System Scan" with default settings more scan every files enable...

Scan report_20050602.txt.txt

Why you create a file with two '.txt'?

 

Scanning an AES encrypted ZIP archive results in no mention that the file is password protected. Instead, it just says the Scan was successful and no infected object were found, even though it couldn't have scanned any of the objects in the ZIP.

 

It has been fixed with the latest update. Thanks.

Will it also use less resources ?

 

yes

We are currently working on the 100% cpu bug, may take a while

 

I did report a problem a while ago about a problem with Windows XP Home SP2 crashing if you left it at the logon prompt for 10 minutes. When I checked the system logs, it looked like the crash had been caused by ewido 3.0.

Has this been fixed with 3.5 beta ?

NOTE: I would check this myself normally, but a similar problem has popped up and I haven't had the time to investigate what. Because of this I can't check whether ewido 3.5 fixes this at the mo. Just wondering if it has specifically been fixed ?

 

Just a suggestion, but it would be nice while the beta version is out, if the beta download page could reflect the current update status for the beta version instead of the release version...