Sensiveguard Guard review

Hi wilders folks,

What is it?
Sensive guard is a network and data firewall

For what type of users?
Mediate security skilled

Memory usage
- bservice 3,2 MB
- bclient 6,5 MB


Installation
Out of the box with easy tick box to select functionality

 

Re: Sensitive Guard review

What's good

It has some behavorial detection whether or not a trigger is started by the user. This is good for mediate experienced user, because you do not have to know (like coreforce) what all the impact of certain dll's et cetera is on your computer's safety.

Default rules are the learning rules (only allow and warn), when after a warning a remember option is chosen, a new rule will be made. This new rule can be set to deny to make SG quite.

Bug thing, when you enter more then 10 file types (e.g. *.com, *.dll) the programs dumps. So your data firewall is limited to 10 file types.

Good thing: data firewall always includes sub directories. So when you want to allow several update releases of your favourite anti-virus, just go change the folder setting to a higher directory (e.g. for Antivir C:\documents and settings\all users\application data\antivir personaledition classic\) and SG will never pop-up again for AV-update

 

Re: Sensitive Guard review

Good things -- continued --

After training period, you can set the firewall rules from warn to deny to make SG very quite (left).
SG has default rules for windows update etc. (right)

 

Re: Sensitive Guard review

Does it work?

Yes it intercept communication and data access (you can check in the log).

Only strange behavior: You have to set the default rules inactive and replace them by custom (see post down below). Direct downloads from IE, P2P, E-mail client will be intercepted (e.g. Adobe automatic update access, flash advertisements accesssing to *.com files, etc.).

Bottem line

I will keep this free ap for a while, I like the data firewall bonus, although I have not tested it against all leak tests/program termination due to other security aps.

For my wife's PC it is important to get security aps quite (she allways chooses allow), so I will keep on trailing SG for a while.

 

Re: Sensitive Guard review

Share other experiences anyone? (Easter, Kerodo)?

 

Re: Sensitive Guard review

I found it to be light on resources and had a good number of ways to configure what an application can/cannot do. The only things that are keeping me from using it are that it gave me a bunch of BSODs and it hasn't been updated in a long while.

 

Re: Sensitive Guard review

Well BSOD's are a good reason to pass, have not encountered that (yet).

 

Re: Sensitive Guard review

Check your handle count. When I tried it over a year ago, my handle count used to climb to ~25-30000. They updated it soon after I believe but I didn't keep using it.

BTW, it's SensiveGuard, not SensitiveGuard.

 

Re: Sensitive Guard review

Thx,

It is sensiveguard, keep on making that mistake. Checked the handle count in the task manager. It stays between 12400 - 12600, so they must have fixed this issue.

 

Re: Sensive Guard review

How to replace the default file proyection rules (protection against download of executables and reading of private data).

Choose the default file protection settings (fixed allow and warn option can not be changed). Select file protection tab, select advanced, select the default rules (the top ones), choose edit policy detail (button right of the screen, marked -1), click line (marked -2-), press delete (marked 3) and select apply on th emain screen.

Default line is now inactive

 

Re: Sensitive Guard review

Creaste a new rule with settings deny instead of warn

 

Re: Sensive Guard review

And voila (for test purpose set to warn) SensiveGuard stops download initiated by user

 

Hi Kees1958,
It as been quite a while since I looked at this. I did make 3 attempts at installing onto XP pro(sp2)~ (3 clean (different) images), but the UI would not show. I could find no system/application errors to work from to try and find the problem, so to save time I have now installed onto W2K, and running well. I will play for a while.

 

Re: Sensitive Guard review

if you test it vs leak tests/program terminations/etc.. i'd love to know the results i've never heard of this program before but it seems to resemble tiny firewall pro 2005.

i have one more question kees1958, can SG stop a program from accessing/writing to the registry (like registry defender or SSM)?

 

Zopzop,

Wel yes and no. Sensitive guard does not look into the registry, so it will jump into action when a general "program with internet access" or specific program like Firefox of IE try to access the file or folder.

Most Internet and mail programs make all sorts of innocent changes in your registry. So the defense in practise would be useless (for even a small change the program has to be allowed).

Senive Guard is pretty effective in a layered approach (see pic) as damage protection/prevention.

Registry being a vulnarable file should be protected at the trigger level (e.g. ProSecurity, MJ Registry Watcher, ect).


I only did a few leaktest, because the security setup is pretty restricting. Sensitive guard worked okay (also against the no longer available BufferZone test). Only thing I came accross about SensitiveGuard is that it does not always stealth your ports (they are closed). I think Sensitive Guard is not the firewall/datawall for people not having a hardware firewall. For people owning a HW FW, it is a great program: light on resources, fast, smart (difference in user initiated actions or other) and offers data wall protection (for instance not allowing folders to be changed/read or changing specific file types like *.exe, *.dll in a directory).

Regards

Regards

 

Stem,

Would you be so kind to share your experience? I appreciate your opinion

Thx

 

Hi,

I checked this app out a while ago, and it does look powerful, but I wasn´t feeling it , I´m talking about the whole "look and feel" and ease of use. The only thing that I found to be interesting was the fact that it claims to be the only security tool that is able to recognize if actions are initiated by user, or by malware? Is this true or not and how does it manage to do so?

 

I wonder how does it recognize this?
Does user means explorer here. In that case it,s not a big deal.

 

Re: Sensive Guard review (link)

Tried it against trojan.exe blocked flawless,

Maybe stem could share some of his tests/opinions

 

Try it yourself

It known what sequence of events is directly initiated by the user, trojan.exe does not have a chance for instance.

The combination of firewall and datwall is pretty scary. A lot of macromedia programs do write to your harddisk (data wall deny's access to any program with internet connection on 10 possible excutable suffixes). Funny thing is the dynamic contect is shown correctly. Makes you wonder why? Bet that lot's of HIPS and FireWall users never had noticed this

 

Re: Sensive Guard review (link)

Hi Kees1958,
I have managed to find time to run some quick tests. But I need to get this installed on an XP box for better testing (will try to find time later, if it will install on XP on my setup)

Basic scans are being dropped, so those who go for "Stealth" will be happy with that.
Applications access: I am not completely sure as of yet, how the applications are being checked, as a change of application (application replaced/altered) does bring up a popup, but this simply askes if you want that application to be allowed internet access, it does not inform that the application as been changed. This could be a problem, as users could just think that a firewall rule is missing or corrupt and simply allow. There is the fallback of protecting the actual application from being altered via the "File security settings", but I would of liked to see a warning about an application that as been changed when internet access is being attempted by such an app.

Kill attempts: There are 2 programs showing as running for SensiveGuard:
bsclient: This can be killed without much problem, but the app is automatically started again (under bservice), and as this is simply the UI, then even while this is terminated, protection is still in place.
bservice: This appears to be the main app that provides the protection. This does servive well against kill attempts. I have only ran "APT" at this time, but out of the 12 kills, bservice servived all I could run on my setup (kill 10 would not run on my setup (requires Terminal services)). From the "Kernal kills", method 2 did shut down bservice.

I will try to find time later to play more

 

I've tried sensive guard on a win2K server machine, and I had an issue with it : bsod when shutting down the machine
Moreover, after installing sensiveguard, I had some bsod I cannot be sure it was related to this FW, but, well, I was pretty sure it was the guilty one.

Sensiveguard is defined to win 2000/XP machines, I think they mean 2000 workstation, not 2000 server.

 

I am still unable to get the UI to show after installation on my XP pro box (even with base XP pro only). It will install on VM XP pro with no problems, there must be some hardware driver conflict. I will need to make setup with 3 PC`s (rather than my usual setup of 2 PC`s+VM) to test the packet filtering

I will setup ASAP.

 

Ny not allowing programs with internet connection to access files with: *.exe, *.com, *.dll, *.tlb, *.ocx, *.vxd, *.sys *.drv, *.ini,*.hta

SensiveGuard also gives additional protection against rootkits (often attacking drv, sys, ini files)

 

Kill attemps using "SPT"

The 16 basic kill methods against "bservice.exe" failed to terminate.

Only on "elevate privledge" did method 2(terminate all its threads) and 4(Instruction Pointer (IP) modification) succeed in termination.