Some tests I ran on Dynamic Security Agent

Can anyone suggest a way whereby I can get DSA to stop grumbling about BOClean's memory scans?

To wit...

With every startup of my computer, BOClean (BOC) scans each & every process that is running in memory. For EACH such process-scan by BOC, DSA initiates a pop-up. This recurs with every restart, and for every process scanned by BOC, even though I tell DSA to "remember" that BOC is allowed/trusted to do those scans.

Thus, I am confronted by over 21 DSA pop-ups with every start-up. I can find no way to configure DSA to ignore BOC. Can anybody suggest a way to stop DSA from producing a whole series of pop-ups whenever BOC does its series of start-up scans?

 

For me, that is both DSA's strength and weakness. Train it, and if all goes well it remains fairly quiet. If it doesn't like a program, pop-ups galore, and nothing to tweak. This happened with me and what I did was to delete the problem processes and app from the allow list, then add them back manually through the gui. The pop-ups then lessened, then stopped. Honestly, I have no idea whether I did this or it was a coincidence.

 

They must fix such a behaviour. It can be really annoying and show stopper.

 

Hi benny,

Not exactly, I mean it works for "single popup" events, but doesn't work this way in case of recursive popups events: thus you get 1, sometimes 2 full popups, and then the smaller one without infos, and without the "details" option to open full popup.

I for one would prefer to get always full popups. Small popups without infos would be OK if there was some sort of logs available, or a configuration panel, listing all allow/deny for every programs; but there isn't any.

Did you install BoClean after DSA?? Because I'm running both too, one one computer, and I didn't meet this problem. BOClean was installed before DSA on this one.

Cheers,

nicM

 

I am VERY favorably impressed with Privacyware -- the company responsible for DSA and Private Firewall.

Concerning my problem with BOClean, I submitted a ticket to Privacyware support. I received a prompt and courteous reply from Privacyware's Greg S., who is both knowledgable & friendly. They have downloaded BOC and have stated that they will install it in a test environment in order to investigate what the possible cause of the Alerts may be."

DSA includes firewall capabilities as well as its unique HIPS/anomaly capabilities. Therefore I am having great success & satisfaction with the following, totally compatible security combinations...

HIPS = System Safety Monitor + DSA

FIREWALL = DSA for outgoing + Router for incoming. P.S. I find it gratifying that DSA contains Personal FireWall's layer-3 Stateful Packet Inspection (SPI) technology running in the background. Also, DSA stealths every port except the standard PITA of port 113 (closed but not stealthed). That situation is actually a router problem. Some routers have prevented this situation, but not mine {which is manufactured by El-Cheapo Products Ltd. -- a wholly-owned subsidiary of Ap-Cray Corporation }.

 

Just a trick for old routers to overcome this compatibility heritage on old NAT routers: forward port 113 (see pic) to a non-existing IP-address

 

I heard back from Privacyware support's Greg S. He reported that BOClean generates an API call using different Process IDs (PID), so DSA generates an alert (as it is designed) when it encounters a process it has not seen, even if the parent application is on allowed list. He said that they are considering adding a feature in future versions of both Privatefirewall and DSA that would let the user "Allow" ALL processes associated with a specific parent PID, if s/he so desires.

Greg further advised that (pending such a change) the set of PIDs in these types of applications is finite, meaning that eventually the alerts should decrease or cease altogether.

I am VERY favorably impressed with Privacyware's support team.

@Kees - I did as you suggested. Works! Many Thanks.

 

So has anyone confirmed that DSA will work together with Cyberhawk?

Is DSA a traditional HIPS? How easy is it to use for a dumb a** who could never use a traditional HIPS?

 

I am also a dumb a** and I run SSM, DSA and Cyberhawk together. Only to see what happens. You can read about it here:

https://www.wilderssecurity.com/showthread.php?t=175491

See the two last post 24/25.

I started with SSM. Then I add Cyberhawk. No issues. Then I add DSA and had some error warnings. I have now removed DSA, and everything is fine again. I think there were problems because I run all 3 of them together.

I know one of the more experienced users have tried Cyberhawk/DSA combo without problems, but I cannot remember who.

I dont think you will find DSA difficult to use, but to get an idea of how it is you should read the user manual:

http://www.privacyware.com/DSA_Support.html

I think Cyberhawk/DSA combo could be a good choice for not so experienced users, like me

 

Here's the problem with Cyberhawk: it's a detection software. Sure a behavior blocker, but it's all about detecting malicious actions and identifying the process. Look at the pop-ups and search for valid info. Anything that helps you to decide.
Then look at all the false alarms. Now imagine you install malware (unintentional of course). It even flags it: email-R-us.exe is acting strange; Allow or Block? Your answer is of course, allow, it's another FP, and i just installed this.

Worst of all, i don't know what is reported to the community.

 

Folks, I've installed DSA and it's running fine. I like the fact that as far as resource consumption goes, DSA is light as a feather.

The only question in my mind is: whether it's advisable to use a software firewall in conjunction with DSA. I was thinking that Ghostwall would fit the bill but I'm concerned about possible conflicts and the danger of running two firewalls.

Windows Security Centre identifies DSA as a legitimate firewall in it's own right, so that's something, but reading here in Wilders, I've learn that some notable people have expressed doubts about the wisdom of relying entirely upon DSA's firewall capacity.

There is some confusion in my mind as to whether DSA is a behavior blocker with limited firewall functions or an appliance that can replace my software firewall which hitherto has been Comodo.

What do people think, should I run DSA on it's own or add a lightware appliance such as Ghostwall?

 

DSA does quite well on leak tests:
http://www.matousec.com/projects/wi...-analysis/leak-tests-results.php#result-table
It also passes all test at 'Shields Up' as www.grc.com

 

Hey Thankful, you're right, fully stealthed, the only are of concern is that my PC replied to a Ping echo but that may be the router I'm using. I may have to replace that.

 

Absolutely.
DSA is NOT a firewall (in the traditional sense).
DSA is therefore an ideal complement to conventional virus and spyware scanning software as well as personal ...firewall applications

 

I believe a rep from privacyware who posts here stated that DSA contains the privatefirewall module, and that the only difference is that DSA does not allow for any configuration. Since I ran DSA behind a router/FW, I really don't know its effectiveness as a stand-alone firewall.

 

Privatefirewall 5.0.14.2 was released today. Hopefully a new version of DSA will be available shortly.

 

Yes, that comment was made by Chris Iannicello, a product manager at Privacyware. A lengthy discussion of DSA as a firewall is located at THIS Wilders thread. Note especially comments by Mr. Ianicello (user name Cianicello) at posts #10 & 16. I quote/paraphrase in part as follows...

 

This sounds good, hopefully they will follow through; If so I would definitely give DSA another try.

 

Hello Bellgamin, I've read the thread you mentioned and it appears to me that DSA does pretty much everything a firewall does except allowing the user to make his own rules.

At the moment, I'm running GhostWall (default rules) as well until I'm absolutely sure that I can depend on DSA on it's own. So far the combination is working well, it seems.

Cheers folks.

 

One thing that woories me is that Advanced WindowsCare flags DSA. It says: Harmful...typically viruses, spyware, adware or resource hogs. Well, we no that DSA is not a resource hog and I think the rest is a load of nonsense as well. Comments, anyone?

 

I have used both. and I am much more confident of DSA than I am of AWC. I never had a problem with AWC, but I did not like the lack of info it gave before asking to execute. Trialed it and dumped it. DSA, on the other hand, has been tested to death on this forum and has been considered legitimate. FYI, I think DSA is a great app.

 

Yeah, I've been reading as much as possible about DSA here and the consensus is that it's an excellent utility. Thanks for the reply, Benny.

 

Have set up three VMs with only Cyberhawk,SSM and DSA installed in each by themselves with only Sandboxie the other security app.

They are quite good but I would go for DSA as it just seems more responsive ATM.

 

DSA current version is sometimes flagged as malware by AV/AS, this is a FP, due to the fact that some of its components are running hidden : Nothing to worry about .

 

Well, that's a relief. I didn't take it too seriously in any case. DSA is running away quietly. Since I discovered that it's only the absense of event logging, the ability to set rules and to specify TCP connections that distinguish it from full firewall status I've been using it as a stand-alone firewall. No problems; it's working well and I'm looking forward to v.2.