Katie DriveSentry

Discussion in 'other anti-malware software' started by DriveSentry, May 19, 2008.

Thread Status:
Not open for further replies.
  1. DriveSentry

    DriveSentry Registered Member

    Joined:
    May 19, 2008
    Posts:
    198
    Hi tbay2athome,

    Thanks for your ideas and comments.

    I like your suggestion of the optional internet firewall install. I will suggest this to the development team. We will shortly be posting a competitor compatibility report onto the forum which should answer your questions regarding other AV products. Will keep you posted ;)

    kind regards,

    Kate.
     
  2. DriveSentry

    DriveSentry Registered Member

    Joined:
    May 19, 2008
    Posts:
    198

    Hi Andylau,

    Thanks for your comments and questions.

    1) Malware found during a scan is sent directly to Quarantine. This means that no specific results will be listed in the scanner window, but it will display the amount of malicious files detected on the right hand side of the GUI. Click on the Qurantine icon to view and delete the malicious files from disk.

    2) the target path displayed within the popup can be displayed in full when the mouse is hovered over the text window. It is also possible to highlight the text and copy it if you need to view the exact location in Explorer.

    3) Valid point. On the advanced popup the threat score is not visible. We are aware of this and will be tweaking the popup to incorporate this in a later build.


    thanks for your comments andylau.

    kind regards,


    Kate.
     
  3. andylau

    andylau Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    698
    Thanks for your answering.

    If the target path can display whole path directly is more convenient to view. Maybe the size of the Target frame can be doubled. Of course, I know if the path is really too long, it's need not to display the whole path.
    I think it's convenient for me, is there anyone think so?

    Nice to hear this news! Hoping the popup can do better.
    I think the four buttons(Allow&Remember,Allow once,Deny&Terminate and Deny Once) to be shown at the same time will be better. Therefore, need not to choose for the action columns.
    Also, in my opinion, "Disable DirveSentry for x minutes" can be removed. Add a option in the tray right-click to disable DS if neccessary.

    Is there anyone asked how to import or export the user-defined rules?

    -Andylau-
     
    Last edited: May 29, 2008
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    The options now given are not easy to use especially it,s too cumbersome to click the column9 drop down box).

    IMO there should be these options:

    Allow
    Deny
    Deny n KIll
    Allow n Remember
    Deny n Remember
    Trust This application
     
  5. andylau

    andylau Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    698
    Yes, you are right!:D
    I missed this point.o_O
     
  6. DriveSentry

    DriveSentry Registered Member

    Joined:
    May 19, 2008
    Posts:
    198

    Andylau,

    Some very interesting questions :oops: !

    DriveSentry currently does not have the ability to import or export user defined rules :( . But when installing a new version of DS over an existing version, you do have the option to keep your custom rules and settings, so nothing will be lost in this instance.

    kind regards,

    Kate.
     
  7. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    667
    Hi Katie!

    Have you licensed also AV heuristics/emulation modules or only "simple" virus fingerprints? If not the zero-day protection is not optimal. (In the future improvements of HIPS will help of course.)
     
  8. DriveSentry

    DriveSentry Registered Member

    Joined:
    May 19, 2008
    Posts:
    198

    Hi Ako,

    Thanks for your question.

    DS scans against the virus signature fingerprints. We are thinking about improving the scanner using the techniques you have described. But currently our focus is on intelligent HIPS, zero day and keeping the product light weight.


    I hope this answers your question.

    regards

    Kate :D .
     
  9. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    667
    Thanks for quick answer. DS of course can stop zero-day viruses even without virus fingerprints, but the problem can be how to decide whether the process is a virus or not.
     
  10. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    667
    Hi Katie!

    One more question: Is DS compatible with Actronis true image or other imaging tools?
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I have asked a very astute but anonomous member here to really throw some nasties at this product tonight. They know what they are doing. Will let you know when I hear back from them.
     
  12. scoopnoggin

    scoopnoggin Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    28
    thank you trjam, very curious as to the outcome.

    :thumb:
     
  13. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    will know in just awhile.
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    not to bad.
     
  15. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Maybe a lil more details? Thank you.
     
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    bottom line, it did about expected. I really cant say more. It works but like all, it isnt the Holy Grail.
     
  17. tbay2athome

    tbay2athome Registered Member

    Joined:
    May 24, 2008
    Posts:
    38
    No offense, but I wouldn't consider this as terribly useful information.
     
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Guess the Flavor of the month changed.:eek:
     
  19. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    Still tastes good to me!! It is running good and light for me.. I hope this little security app. grows and sticks around for---ummmmm life? lol. :thumb:
     
  20. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
    Running very well on my PC with other s/w on my sig, only security upgrades I would like Drivesentry to include are:

    a, Keylogger detection.
    b, Killdisk (MBR) detection.
    c, Outbound network protection.

    I'm told these will be implemented shortly. I never test security products with "test" tools by other vendors as they are always designed to highlight the benefits of their own technology. I prefer downloading a bunch of viruses and running them under VM Ware against the chosen product I want to test. Drivesentry has performed very well against real threats but I would recommend the denying access to the following in the Drivesentry rules :

    NTVDM.exe (used to emulate 16 bit apps)
    cscript.exe (used by malware to emulate VBScript and cScript)
    cmd.exe (no more batch files script attacks)
    reg.exe (used to process .reg files via the command line)

    there's probably more!

    Katie it would be good if as an option a user could select to query/block script based access via the above 4 (or more) which would save people having to set them up.

    ~interact
     
  21. tbay2athome

    tbay2athome Registered Member

    Joined:
    May 24, 2008
    Posts:
    38
    Interact,
    Could you tell us a little bit more about the virus/malware samples you used on your YouTube videos? Thanks!
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Interact, why don't you run your tests again in this combo:
    Online Armor + Drive Sentry, run the mentioned programs as runs safer in OA
    (e.g. NTVDM.exe, Cscript.exe, cmd.exe, reg.exe, hh.exe, tftp.exe, ftp.exe, winhelp32.exe).

    Embedded scripts always are a problem, but script files can be easily tackeld by ScriptDefender, when you run ScriptDefender as run safer in OA, this even adds extra protection.

    I am curious to know your findings

    Regards Kees
     
  23. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    I bought this cheap program too. I have tested it last time year ago and it's improvement a lot. Of course I'm running it without active scanner and disabled auto allow white listed/community trusted programs.
     
  24. DriveSentry

    DriveSentry Registered Member

    Joined:
    May 19, 2008
    Posts:
    198
    Hi Interact,

    I have passed all of your feedback and comments to the development team. Very interesting but a little technical for me! o_O

    thanks muchly,

    regards,

    Kate.
     
  25. tbay2athome

    tbay2athome Registered Member

    Joined:
    May 24, 2008
    Posts:
    38
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.