What (other than Zemana) catches this?

http://www.zemana.com/keylogger_test.aspx

Threatfire: FAIL, on level 4 to boot (which recognized a fullscreen game as a potential keylogger).

GeSWall: FAIL, no notifications and no blocking of the fake keylogger.

GMER: FAIL of course. (I'm beginning to think GMER's HIPS functionality was never completed.)

Any other successes/failures? How do paid HIPS systems do? How about COMODO?

 

Update...

Wine under Debian: PASS. It never logs keystrokes at all, not even when focused.

 

geswall isnt exactly a hips, and how did you test geswall against this keylogger? if you just isolated it im not sure thats what its designed to protect from.
keyscrambler is my answer to protection against it, not catching it though.

 

Not too sure on your answer - look forward to seeing another's reply.

But I will vouch that Zemana is sensitive on the areas it says it targets, such as programs retrieving clipboard data. Received a popup from openoffice portable (right away) and faststone image viewer (only when copying and pasting filenames etc). Otherwise it's relatively quiet, set and forget.

 

comodo defense plus with all options check

 

Prevx caught it.

 

i was going to say this

 

Defencewall: PASS, Prevx: Pass

 

Outpose Firewall Pro: FAILED

 

Online Armor Premium: Pass
(Prevx flagged also)

Tried the test opened inside Sandboxie with no file or registry restrictions.

Online Armor Premium: Pass
Prevx: Pass

 

Sandboxie (rights restriction enabled): FAIL

 

GesWall deals it very well. What do u expect BTW?

 

101% agree with aigle.

 

Ah... I expected GeSWall to recognize and ask if I wanted to isolate the keylogger test even if it was run as trusted (as it would with a browser). Guess it doesn't have as much HIPS functionality as I thought.

 

TESTING 4 REAL

You have to Allow this test, and any others like it, to run. Otherwise you are NOT testing at it/them ! In fact, all you are doing is blocking the initial launch .EXE from running.

The ACTUAL test itself Never runs, so that means your defences/security against Keylogging/Screen capture etc don't even get a chance to try and prevent this, or not.

 

DefenseWall / Pass




MalwareDefender / Pass

 

U got it wrong. GesWall has nothing to do with trusted application execution.

 

https://www.wilderssecurity.com/showthread.php?t=218451&highlight=Zemana

 

your right, it doesnt have much hips fuctionality, because it isnt really a hips, its a control policy for browsers or anything you want it to work on.
why would it ask to isolate a exe if you run it trusted? and if you downloaded it from a isolated browser, it would automatically run isolated unless labeled as trusted... it only does what you ask it to, its not a hips program.

 

ZoneAlarm Pro ver 9: Pass

 

Nice to see ZA in action. It was my first ever HIPS to try and I was so much fascinated indeed. I blocked a nasty spyware while it was hooking IE. It was not cleaned by dozens of scanners and I was almost unable to connect to internet.

 

hmm i find it strange how for me Outpost Firewall Pro on Advanced mode didnt detect this test at all :/

 

i thought it wuld, i just tried and even at maximum, not a peep... can anyone else confirm this?

 

FortiClient = Fails

Heuristics in real time enabled and set to deny access on detection. It does offer Keylogger detection so fails for moi.