ProSecurity is now Real-time Defender !

Yaa, I've also thought the same thing, but I hoped that someone had some other explanation...

 

RESOLVED I reinstalled RTD and now it runs as it must run. If you ask to me " why " or " how " , I reply: I don't know.

 

Can we in this RTD setting, make as many file extensions as we prefer well beyong whats already there?

I mean it won't upset a balance or throw off the new rule right? In other words, in file associations (System Folder), is there a limit or unlimited?

Thanks

 

EASTER, I don't know if there's a limit but personnaly I have 51 rules for System Folder. And I have a total of 283 rules for all the File section (which inludes 204 rules taken from the "Block Known Malwares" ruleset made by ALCYON for EQSecure)

 

Thanks for the feedback, much appreciated.

EASTER

 

Can u post a snapshot of these rules? What does it mean: Block known malware in a HIPS rules?

Thanks

 

Kis 7 and RTD cohabitation update: if I enable the KIS proactive defense, RTD doesn't stop the files .exe that I run to install a new sw; it seems don't see them. I don't konw if it is a simply system conflict or if the KIS disable some RTD's features. The second hypothesis it's not pleasant...

 

May be I should try to unistall KIS and RDT and to reinstall at first RTD and then KIS...

 

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I dont know what to think, because the website is down, yet he did have one
up previously. Is there any official way to get any progress updates from
the dude himself/herself ?

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsFVAwUBSLQhpigagogqkM7bAQpQSBAAwYGglNqCuO3D0X2wU62FN76Y0lrP2IrP
QDR5JzUuov2htn5poo0rHYwfsimFKrnuSaNPd3a+MpJb5J7ExEu3i8HxB8hSFJXJ
jhE75X36kLVcIMJ9QaXfy+sm4mt9h8JncD9j8ByXFNQCvZN5pjAEwXUtzj3f//IB
d/YSJE7iQgS9HebqqRTPCU7yCQnZJ8t8i4XbUiKHdzvJkMc1ZuPmJruFwC7ZBs36
McBNYcHMEN2f91wOSSraMSVg2HjUfav8yOFV21P4IMsaYNG3/mYigIbHfDr7uWQH
4IyOdOEeYZ+O2V4EhmSUKKtIEP96X2pXMv+a2tsg6MAo/8NCMJ5lyhKM74dydQT2
6YPrej1jqKobULMF0hHamHil5+QtkROSH51KXft2ihS9riIZ6F1t8ANYF8yEOZCO
Gak6pyM5h1CNKp2b3i4T9Y7+coB/3rZ8W6o+qVIBrk0+FXR4wjL4VyA2NRbyyoUx
EcSOwd7yZCg8BKz4jQ5FvaCZnt5kD4CS9D4+fBbz3pF8FaWiUqqvI4zRrKsRDC7/
UdHiDZotW1W3Zb56kjr0Voq83mURnN5QUVdD09HxsmZs3OfRm8juUHgSTAvdErIP
8TAozeGpHpgrQZoSE76pZE57xfkdodpvghCgHUY0vSAbzr9tThl3FEsw4YBTaBOM
/ZINvwdl3uM=
=yK0b
-----END PGP SIGNATURE-----

 

Hi aigle. I've set all the entries below to BLOCK (create/write file). ALCYON created this ruleset in EQS, it is part of the "Blacklist" section of the EQS File Protection tab.

 

Well, I've uninstalled KIS and RTD, I ( rebooted ) cleaned my system. Then I 've installed RTD, rebooted, setted it in Normal Mode. Finally I've installed KIS 7. If I run it without the Proactive Defense, RTD runs normally. If I set the KIS in Proactive Defense ( previous giving all the authorizations for RTD in KIS ), RTD runs as I described in this 3D at the post 66. And also if afterwards I disable the Proactive Defense, RTD does'nt run more normally. This is what concern me !

What means this ? I believe that KIS doesn't take only some hooks, but also overwrites some RTD process or function when I enable the Proactive Defense. So I ask: where is self-protection of RTD ? Why RTD allows that KIS could disable partially it ?

I believe it's an important question for RTD users.

 

The RTD website has been *under construction* or altogether broken since last June. I can get a pdg website up & running in a matter of less than a week. So what is taking so long, I wonder?

Secondly, it took RTD's "new proprietor" over 2 months to release a re-branded Prosecurity as RTD 1.0, with nothing more to it than largely cosmetic changes.

Bottom Line- It seems evident that RTD is yet another 1-man show with little or no interest in maintaining communications with English-language customers. I like PS/RTD, but I grow weary of the inscrutible, uncommunicative RTD proponent.

I am waiting for life signs from RTD, hoping for the best, but growing increasingly pessimistic. Ditto for Prevx2. Ditto for SSM.

Contrast those moribund outfits with the vibrantly active Online Armor, Drive Sentry, & Comodo FWP, & I wonder why I even bother with stuff like EQS & RTD.

 

Yaa, the new SSM version - with the file protection features - should be realesed for the end of this month, but probably it will be late. But I know that his development is proceeding.

 

Thanks a lot.

But IMO these rules are not needed at all. It,s just my opinion.

 

Hi aigle,
I agree with you because anyway I have rule for .exe in C:/WINDOWS set to ASK USER. But it cannot hurt to have it since the other person who use my computer doesn't understand HIPS at all so I'm sure those malwares will be automatically blocked.

 

Hmmm.... why u think that the other person will bring malware and also exactly same malware?

All in all it,s still un-necessary IMO. If like this, then why not an AV scanner to be in place that will cover much morte than this.

 

Hi aigle, so you think that these kind of blacklist items would be intercepted by AV anyway?

 

So is this HIPS able to alert to formation of (new) folders/files just coming into contact with the directory you make a rule for?

I tried %SystemDrive%\ * and nothing happened at all, the file (.exe) easily enetered that folder, on EQS, it would have been alerted to immediately.

I also tried %SystemRoot%\ *.exe and i was still able to drop a exe in the C:\ folder without so much as whimper.

No complaints here, but you think i got the syntax wrong? Or maybe after adding a rule the PC needs a reboot first like EQS requires or the RTD app needs restarted before it takes effect?

Still this is an interesting HIPS, it definitely zeroes in on executions without a moment hesitation.

EASTER

 

Hi EASTER,

I'm not sure if I understand you well. First, you use the terms %systemdrive% and %systemroot%, don't forget to use "C:\" and "C:\WINDOWS" instead.

If for example, you want to be alerted (ask user) anytime a .exe is created in "C:\WINDOWS" or in any of its sub-directories, your select the rules as specificied in my screenshot and on the lower panel you will have access to the settings of the rule (2nd screenshot). On the left it's the Folder settings and on the right it's the File settings. You must tick the "Match all Sub-Folder's Files" for the rule to be applied to any subfolders (and sub-subfolders) into the WINDOWS directories.


No need to reboot or restart RTD the changes are immediate.

 

OK, looks like a SYNTAX error. I'll fire up the rules settings and give another try.

Thanks.

BTW, %SystemDrive% = C:\, that's what i was using. LoL

EASTER

 

Great!

 

Hmmmmm........Easter, this is a common feature of all classical HIPS which have file protection. It,s there even in EQS.

 

I am usre any good AV will catch all of them( 250) and many many more. A blacklist of an AV is much wider than this.

 

Yeah but you have to understand, some of us have a one-track mind. After SSM changed the dickens of it's GUI to add features (which were good) it also changed it's layout/settings in the registry area and i'm not about to learn a security app all over again just like Microsoft when you finally high-tune one O/S to expectations they immediately release changes like Vista or SP3 and the whole boat starts off on another course again.

However, with RTD, it's much more user-friendly IMHO, but that still doesn't prevent you from learning it's SYNTAX and other settings afresh, since not all HIPS are created equal.

EASTER

 

Thanks for your reply aigle! I will remove this blacklist since I have an AV