Hello all, I've built a list of leaktests which we are aware of for testing SafeOnline. If anyone is aware of any other leaktest, please let me know and I'll add it to the list, analyzing it and adding protection if necessary. The list is fairly comprehensive to cover a number of techniques, but in no way does it show every technique protected by SafeOnline - each of these keyloggers uses a slightly different approach but let me know if you'd like any validation on specific threats. We've manually tested each of these leaktests on the full range of operating systems but if anyone wants us to replicate the test results, please let me know and I'll make a video demonstrating it. To better explain the scope of testing SafeOnline, please take the following into account: - SafeOnline will provide full protection on 32bit operating systems. On 64bit operating systems, SafeOnline relies on the layered protection of Prevx 3.0 for blocking known screen grabbers and clipboard stealers. This is because of fundamental architectural differences in 64bit operating systems preventing modifications to the "shadow service descriptor table" because of PatchGuard. We are planning a workaround for this, but it will still have some reliance on the antimalware components. - SafeOnline provides protection over credentials and browser instances. Once Prevx sees you are visiting a secured website (i.e. https://www.paypal.com) it will load protection onto that instance. Keystrokes typed into the browser will be protected, but not necessarily keystrokes entered into another program (like Notepad). - Clipboard protection will prevent any untrusted program from seeing clipboard data. By default, every program is untrusted and Prevx has to manually add a program to be trusted. - Using build 18.104.22.168 or earlier, a "Compatibility Mode" exists which causes Prevx to not load all of the screen grabber protection. This mode is triggered when configuring protection down from Maximum to High. If you've ever done this within your Prevx installation, it will not be reset by changing configuration back up to High. This is to allow us to persist the configuration past a reboot, but we've since reassessed this approach and will have it changed in the next build. However, currently you will need to uninstall/reboot/reinstall if you have changed configuration options like this. - SafeOnline is partially incompatible with Zemana AntiLogger and both products cannot load screen protection at the same time. - SafeOnline will only protect against credential-relevant threats, intentionally not bothering with webcam loggers or sound loggers. We strongly recommend using real infections to test the protection of Prevx, but we do think that leaktests are a valuable way to test the protection. SafeOnline's protection is incremental to the rest of the protection provided by Prevx 3.0 and while it provides a significant layer on top of what Prevx 3.0 provides, it isn't a silver bullet. However, we have yet to find a leaktest or threat which bypasses SafeOnline when everything is fully configured on a compatible operating system. In the event that something would eventually get past SafeOnline, Prevx will be immediately aware of the threat and will block it using the Prevx 3.0 antimalware functionality. Our current (partial) list of leaktests is: PASSED - Firewall Leaktester - AKLT - GetKeyState PASSED - Firewall Leaktester - AKLT - GetAsyncKeyState PASSED - Firewall Leaktester - AKLT - GetKeyboardState PASSED - Firewall Leaktester - AKLT - DirectX PASSED - Firewall Leaktester - AKLT - LowLevel Hook PASSED - Firewall Leaktester - AKLT - JournalRecord Hook PASSED - Firewall Leaktester - AKLT - GetRawInputData PASSED - Firewall Leaktester - AKLT - Screenshot 1 PASSED - Firewall Leaktester - AKLT - Screenshot 2 PASSED - Zemana - ScreenLogger Simulation Test PASSED - Zemana - ClipBoardLogger Simulation Test PASSED - Zemana - Keylogger Simulation Test PASSED - Zemana - SSL Logger Simulation Test OUT OF SCOPE - Zemana - WebcamLogger Simulation Test PASSED - Alpin Software - Through the Eyes of a Keylogger - Key logging PASSED - Alpin Software - Through the Eyes of a Keylogger - Screen Logging PASSED - Alpin Software - Through the Eyes of a Keylogger - Clipboard Logging PASSED - SpyShelter - AntiTest Keylogging PASSED - SpyShelter - AntiTest Screenshot PASSED - SpyShelter - AntiTest Clipboard monitoring OUT OF SCOPE - SpyShelter - AntiTest Webcam Capture OUT OF SCOPE - SpyShelter - AntiTest System protection OUT OF SCOPE - SpyShelter - AntiTest Sound record PASSED - Chpie - Rootkit.com - Global Specific I/O Address Space Trap Keylogger PASSED - Greg Hoglund - IDT-based Basic Keyboard Sniffer PASSED - Atif Aziz - IECache Viewer PASSED - NirSoft - IE Cookie Viewer PASSED - NirSoft - IE Password Viewer PASSED - NirSoft - Protected Storage PassView PASSED - NirSoft - PasswordFox PASSED - Pro Data Doctor - Password Recovery PASSED - Amecisco, Inc. - Invisible Keylogger Stealth 2.1 PASSED - Security Xploded - RemoteDll PASSED - Keylack Software - Asterisk Password Viewer PASSED - Komodia - SSL sniffer PASSED - ram verma - LoginMgr (BHO) PASSED - YourBankHere Demo - PatchDemo Browser Hooking PASSED - YourBankHere Demo - OverlayWindow PASSED - Snadboy - Snadboy's Revelation v2 - Password Viewer PASSED - System Safety Ltd. - Keylogger 1 (GetKeyState) PASSED - System Safety Ltd. - Keylogger 2 (GetAsyncKeyState) PASSED - System Safety Ltd. - Keylogger 3 (Low Level Keyboard Hook) PASSED - System Safety Ltd. - Keylogger 4 (Journal Record Hook) PASSED - DiamondCS - KeyHook PASSED - Unknown - Keyboard Listener Let me know if you find anything else we should test!