McAfee Raptor BETA

Has anyone tried McAfee Raptor BETA? It is also included with their Stinger removal tool now.

Raptor BETA

Raptor BETA is a real-time behavior detection technology that monitors suspicious activity on an endpoint. Raptor leverages machine learning and automated, behavioral-based classification in the cloud to detect zero-day malware in real time.

Raptor BETA is available as a free tool and is also bundled with Stinger. McAfee plans to incorporate Raptor into future anti-malware products.

-http://www.mcafee.com/us/downloads/free-tools/raptor.aspx

 

Sounds interesting.

 

Behaviour blocker...

How to Use Raptor

 

Q: How can I get support for Raptor?
A: Raptor is not a supported application. McAfee makes no guarantees about this product.

 

And the point is?
Man, it is clearly stated that is a beta ..........

 

caught everything bar one when testing in VM. however the tray icon did not load on my real system.

 

I don't get it, what is it supposed to catch, I mean what type of behavior? It doesn't even install a driver or service? To be honest, it looks like crap on first sight.

 

How did you come to this conclusion? Have you done any testing with it?

 

No testing, but like I said it does not install a driver, so I wonder just what the hell it's monitoring, it doesn't seem to be an advanced HIPS like SpyShelter, that's for sure.

 

I was expecting something more like the old PCTools Threatfire.

 

I thought of dynamic security agent DSA.

I will give it a try.

 

You can still monitor many behavior w/out driver. Have you used Process Monitor by Sysinternals? It is very useful tool to monitor program's behavior (not limited to malware). I suppose maybe Raptor is only for monitoring and warning (not sure though), and probably McAfee want to test new technology just like F-Secure also does in different field.

Oh, don't say such warning system is useless, while recently IDS tend to be replaced by IPS, still IDS is quite useful tool especially for Linux user and definetely enhances security. And anyway once MvAfee finally integrated it to official product, prevention will come true.

 

Hmm 32bit version will not install on xp pro invalid windows application.

Is that what you get when you try to install a 64bit version on 32bit?
Maybe McAfee messed up the link?

 

Well, perhaps you can test it, but like I said, when I think of a real-time behavior detector or blocker, I think of advanced HIPS, not some simple file monitor or whatever the hell it does. And Process Monitor also uses a driver, but you probably already knew that.

 

Only supports Win 7, 8, and 8.1 so far according to the FAQ.

 

I'm using the 64bit version in Win10.

 

I wonder if it works on Vista then? I've been running it on 64bit 7 without issue. I think Ill let it stay for a while since it has no negative impact.

 

1. Write to registry HKCU autorun
2. Create process
3. Newly created process going outbound
4. File creation with non execute byte
5. Etc

 

Just noticed memory use is now at 2.4GB. Memory leak? Guess I will stop using it for now.

 

Can you perhaps post any screen-shots? Did you get to see any alerts?

 

Can't get it to work on a VM XP. Not a valid Win32 app.

 

who cares about XP --> https://www.wilderssecurity.com/threads/mcafee-raptor-beta.371700/#post-2442141

 

Some people do...

 

Just an example of the usefull things that can be monitored, see Yuki's answer

 

Buzz kill, I want to know what Raptor does.