A new A.P.A.I.S. Version 1.0.0.3372 just released!

Discussion in 'other anti-malware software' started by Hermescomputers, Jun 20, 2013.

Thread Status:
Not open for further replies.
  1. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Advanced Process Analysis and Identification System Technician's Edition

    A.P.A.I.S. is a live system analysis tool designed to take a single process, and inspect it thoroughly to provide field technicians full spectrum identification, and analysis capability.

    It is similar to an anti-malware but without active protection or the ability to scan the entire system, as I designed it to perform tasks and interact with the user in ways impractical to ordinary anti-malware tools in order to accurately identify malicious live processes that may have somehow eluded active protection, and operate in live system memory...

    http://hermes-computers.ca/downloads.php
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Does A.P.A.I.S. also check if the process has been hijacked and for example a malicious DLL has been injected?

    btw, I suggest 1 central A.P.A.I.S. thread instead of a new thread for every update. And it would be nice if you could post changelogs.
     
  3. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Hi,

    Short answer: NO

    Long Answer:

    Currently A.P.A.I.S. v 1x identifies live or static executable processes via a number of mechanisms however none of which work exactly like an antivirus looking for hooks, or injections.

    During design I made the assumption that basic viral identification tasks are already active on the system by the active protection (Antivirus - Anti spyware etc...) So replicating the same work as everyone else seemed pointless, and I chose to focus my effort on looking at the problem from a different angle.

    A.P.A.I.S's primary function is to help technician pickup where active protection ends or perhaps failed to some degree, and to assist the tech to perform single file wide spectrum identification, and hopefully flush out malware, and spyware in the process. It is designed to be semi manual as I wanted a tool to empower me in my own analysis. It combines pretty much every techniques I personally use to manually ferret out suspicious files leading to a positive malware I.D. This is why it is called a system and not just a tool.

    It is designed to provide users with real time documentation and reporting and to make extensive use of signatures from a range of identification vectors. Like Local and Global White lists and a multiplicity of local malware and black lists further enhanced with an easy to use but powerful Internet Analysis module that combine identification, File Name Analysis and identification and Behavior Analysis, and insecurity/vulnerability assessment.

    Now this requires technical knowledge, and experience in order to correctly interpret the result of these analysis - ergo Technician's Edition

    Also the processing A.I. and the Primary Risk Analysis offer further behavioral vector monitoring. The advanced Risk Analysis goes even further but is still very much under development...

    conversely you can document your own analysis and then share the data with whoever you choose as well as having the power to create your own signatures.

    I am very flexible with integration requests, whatever you need in the field if I can add it to assist you I'll do my best.

    This said I designed this tool to integrate everything a field technician or system administrator would needs to identify a file or process he or she is confronted with in the field. In fact I designed it for my own need... :D

    Great idea!
    ...too much work doing multiple posts anyways... :)

    All future updates will be posted Here:
    https://www.wilderssecurity.com/showthread.php?t=345959

    I will also post a change log with all future posting...
    Oh, I go check that thread, I just did post the change log!

    Cheers!

    Guy
     
    Last edited: Jun 20, 2013
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.