V3 questions

Discussion in 'Returnil Betas' started by chris1341, Aug 10, 2009.

Thread Status:
Not open for further replies.
  1. chris1341
    Offline

    chris1341 Guest

    Hi Mike,

    I started looking at the early beta's but other commitments meant I could not complete that, getting back to it now. Apologies for that. Fortunately most of ther early questions I was going to post have been answered elsewhere but I'm still not clear on the new caching arrangements. Apologies if it's noted somewhere I've missed.

    I always used memory caching but notice this option is gone and I seem to recall it's replaced by some hybrid memory/disc caching type approach. If thats the case is how is that applied? What rules if any decide if a change is written to disc or stored in memory? Is it simply random based on available disc/memory or is it more logical based on type of change? Looking at it it seems to me it's just straight disc caching. If it's not how can you offer a 'save all changes' option?

    Any official reason why memory caching is out? Would it be possible to also confirm the page file/hyberfil etc are not cloned as in previous versions?

    As if that's not enough (!) I have a few sundry questions also:

    Can the splash screen be disabled?

    Can you confirm whether the F-Prot AM scans only files saved to the real system in System Safe mode or will it scan anything you save but intend to drop on restart? In System Safe mode is the scan on execution only?

    Are the scan logs even for System Safe with all changes dropped retained somewhere, if so where are they and what is noted in them?

    How long will version 2 be supported after V3 release?

    As usual any help would be much appreciated.

    Thanks
  2. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Hello chris1341,
    The caching is dynamic now, meaning that RVS determines what it needs and then expands the cache on-the-fly when required. The process also uses both memory and disk, but you are correct to notice that the disk caching has a larger role in v3. This is leading to a new virtualization engine upgrade in later 3x versions starting with 3.1.

    The reason it is not offered in the same form as it was in 2x is due to:

    1. Limitations of memory caching as a stand-alone method, especially where saving content to the real system is concerned
    2. It plays a more appropriate role as a supporting element of the overall dynamic caching that eliminates the need to predetermine how much space you will need for any specific virtual session.

    The second part of your question is yes, these files have been removed from cloning as interference with these files can cause issues with Windows functionality, especially in Vista and Win 7.

    Not yet, but will consult the development team regarding this option.

    The Virus Guard will check when you save a file (part of real-time protection) and will scan on demand.

    There are no logs yet for AG scans and system changes but there will be an imaging/snapshot feature added in later 3x versions that will allow restoration of files and your system.

    For large customers we will be supporting 2x for a period of 6 months following the release to provide support for their evaluation and deployment requirements. For consumers, we will be sending out upgrade notices to move to the new 3.0 (2010).

    Mike
  3. chris1341
    Offline

    chris1341 Guest

    Thanks, illuminating as always.

    Can you advise what we do about missed detections or FP's in the AM part of the product. Do we report to you guys or direct to Frisk? (none yet by the way). Either way how/where do we advise, is it simply the 'Report a problem' link?

    Cheers
  4. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Hi Chris,
    As any samples sent to us will be sent on to Frisk by default, please send them to us first so our research and QA teams can test against the samples submitted. Be sure to distinguish between whether the sample is:

    1. Not detected by the AM, but is completely removed following a restart with RVS System Safe active.

    2. Not detected by Virus Guard and also bypasses the System Safe feature

    3. Is a false positive detection

    To submit, place the samples in a password protected ZIP or RAR archive and then attach it to an e-mail. Send the e-mail to support (dash) tech (at) returnil (dot) com. If you are unable to password protect the archive, simply rename it by removing the file's extension and then include the correct extension to rename it on our side in the e-mail body.

    If possible, also include as much detail as you can about where the sample came from (URL? bundled? dropper payload? malvertisement? etc). You can also include links to VT, Jotti, etc sample testing results if they exist.

    NOTE: DO NOT post those links here at the forums.

    Thanks
    Mike
Thread Status:
Not open for further replies.