Twister Antivirus

I installed Twister last week and at first I was liking it, very light etc, however there was quite a few FP's, although initially that wasn't a problem but Twister started to 'kill' legit programs even though I had already asked it to trust them. So uninstalled it for now. May try again later because it seems to have the makings of a good AV.
Gordon

 

Look at this character as a test twister
ago laugh
http://www.hwupgrade.it/forum/showpost.php?p=22699055&postcount=3975

 

That isn't a detenction test. It can't be called detenction test,I know.

I only wanted to know if twister antivirus detects correctly Beagle.

But,as you can see, it classified a registry key of outpost as infected.

I made it scan 4 others file infected by large-diffusion viruses. It didn't find viruses. But it was only a additional mini test based on detencion that wasn't the aim of initial test.

 

He says this
Facendo quindi una scansione della cartella di installazione di comodo identifica un file come adware.

 

Well I got falsi positivi (italian?) which I guess means false positive, but I guess all the italian readers at wilders finds that funny.

 

I said this 'cause i think that if twister found a comodo registry key classifying it as infected it would detect some comodo files as infected.
In fact, it detect a file.

 

I don't understand what's the matter.

falsi positivi is often used as a translation of false positives

 

I know italian perfectly. Falsi positivi IS false positives. Now stop talking about the meanings and use Google Translate to translate the page.

 

I think i will put Twister on manual updates only. I got these weird requests a while ago.





I was installing Ashampoo Burning Studio when they occured. I guess the first one has something to do with certificates and the fact that Ashampoo is german.

But why trying to connect to windows update?

 

Well said emporer! This thread is about Twister, NOT an OT language discussion.

As to guard32.dll, it is a component of Comodo's Firewall Pro that sometimes is regarded as suspicious by behavior blockers. That occurs (evidently) because guard32.dll does manifest certain types of behavior that sometimes points to a malware activity. While Comodo's guard32.dll is NOT a baddie, if it's not in a certain very specific directory, it truly might be a baddie.

Please read HERE & HERE & HERE & HERE & HERE & HERE & LOTS of other websites (do a Google).

Twister includes a registry checker and a HIPS-like behavior-analytic capability (Filseclab Dynamic Defense System). These additional modules are targeted to detect zero-day nasties which are so new that signatures do not yet exist.

These sorts of security modules can & do generate FPs at times. They increase protection, but also require the user to do a bit of research at times, as is true for any & all HIPS-type security programs.

If you do not want to have that sort of protection, or if you feel uninclined or unable to do the infrequent-but-necessary research, then simply turn-off Twister's registry protector & FDDS. When you do that, Twister will become a straightforward antivirus program & FPs will become rare or non-existent for you.

 

I manually update twister as well and block all outgoing connections... I did that after it tried connecting to thawte.com and crl.microsoft.com. It was probably harmless but my thinking is to block first and ask questions later.

 

Actually, it might be a legit detection. See here:

http://msmvps.com/blogs/donna/archi...ion-while-installing-comodo-firewall-pro.aspx

 

@ sec15


You talk of respect? wilder door always respect, your moderator called Twister "coso",

filseclab software house with very good team expert, so he has failed to respect us and the filseclab team

Best Regards

 

Wild guess here (I don't have a software firewall to monitor its outbound connections) but wonder if Twister somehow acts as a proxy for all programs that access the internet. What made me think of this is a while back when I was running NOD32 V3 and Online Armor, OA would show that it was ekern.exe that was connecting out and not for example Firefox. Just a thought, I might be wrong. Perhaps one of the resident whiz kids can comment.

 

i have not had twister AV try any thing funny and have monitored it very closely it seems to only ask for access to the net at every 3hr just as it stats in it's default setting for updates and no alerts from my FW or GesWall has flagged it trying to connect without my promotion but if any one can say and prove other wise by all means post your findings so it can be addressed.

 

I had crl.microsoft.com too, i think after every rebooting. And had some thawte.com too.

The first isn't unusual for other applications too. Must be something about certificates. Probably thawte.com too, but i 've never had an application asking connection to it before.

 

Has anyone noticed a possible bug in twister av GUI?.Ive noticed that if you open the gui and and click the 3 icons (anti-trojan virus,FDD System,and registry protector) it states that they are disabled and grey out ,however realtime scanning etc is still active as can be seen from the realtime scanning log shown under the 3 icons.However if you right click the system tray icon and click "stop realtime protection" it actually does stop it.Anyone else noticed this?.Ive emailed twister support about it.
ellison

 

@ Ellison.

I confirm. I always disable it from the tray, so i hadn't noticed.

 

Apart from this little "bug" I have also found that the "Modify" selection does not work from the uninstall Window and that if you disable the FDDS and Registry Protector they will enable themselves after a short time period (24-48 hours).

However, the uninstall was very clean.

 

Usually, it will no problem for scanning large archive files, there should be other problem.

 

I am sorry we have no detection results from test organization, we have made touch with them, wish they can test our program in the future.

 

Maybe you used the Vista system, you may try to reinstall the twister to an simple path like c:\filseclab instead of c:\program files\filseclab to try again.

 

This only is a sample picture, and it is very old. We have two types license, one is lifetime license, one is the time limit license, for promotion our software, we only sell the lifetime license now, it will become to unlimited for virus definition update and software update after it registered with lifetime license. About time limit license like yearly license, we will issue it in the future.

 

Usually, the false positive is unavoidable, but we will do our best to reduce the false positive. The users can submit the false positive to us when it encountered, we will fix the virus definition as soon as possible. there have a simple way to submit the FP, disable the twister realtime protection first, submit the FP file with Twister main frame->Submission menu->Online Submit False Positive.

 

Please submit to us, you may disable the Twister's realtime protection and click Ctrl+Shift+F to submit the FP file, we will fix the virus definition as soon as possible.