Anyone tried Dynamic Security Agent?

Discussion in 'other anti-malware software' started by Zero3K, Jun 4, 2006.

Thread Status:
Not open for further replies.
  1. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    340
  2. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Can you give a few details on your usage please.

    Sounds good but the proof is in the pudding.

    Smooth installation ,ram usage,any conflicts with other apps ,comparable to other apps and any startup slowdowns.Ta.:)
     
  3. Get

    Get Guest

  4. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    340
    Well, for me:

    1. It didn't give any errors when installing
    2 There have been no problems in terms of app compatability
    3. No major slowdown when starting up.
    4. It takes up 10-20 MBs of RAM (I don't have an exact usage because I'm using the school computer to post this, I will edit it when I get home).
     
  5. Mucker

    Mucker Registered Member

    Joined:
    Apr 20, 2005
    Posts:
    42
    Installed OK, My question is could this program be used together with Windows XP firewall and eliminate a third party firewall since it will monitor outbound application traffic??

    Mucker
     
  6. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    340
    Yes, doing that should be sufficient.
     
  7. moonforest

    moonforest Registered Member

    Joined:
    May 17, 2005
    Posts:
    4
    It just monitor the TCP traffic and DNS request .
    Worth trying.
     
  8. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    DSA will be included in the upcoming Privatefirewall 5.0. Looks to be a decent product.
     
  9. Mucker

    Mucker Registered Member

    Joined:
    Apr 20, 2005
    Posts:
    42
    I had to uninstall because of runtime error and closing the web browser. I like the program and will look again later. Iwould like to use it together with Windows XP firewall.

    Mucker
     
  10. spindoctor

    spindoctor Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    83
    Installed it on xp home and no problems so far. DSA.exe running at 13,140k + pfsvc using another 4,456k. Seems to be easily terminated, even by task manager though.... not so good.

    I suppose you could always protect it from termination with another program like Process Guard, but of course it's better if a program can prevent itself from being shutdown, or at least warn you. I think there are more robust programs around, but not too bad for a freebie though.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I will stay away from this app until they bring out a new version, it constantly crashed my virtual OS, it might be because of conflicts, however I did uninstall other HIPS first, but perhaps not good enough. :rolleyes:
     
  12. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    This one actually works fine on a spare pc of mine. So it might be one of those that don't run well in virtual systems.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I also installed it just to see and it ran fine with no crashes at all, after a while I removed it.
     
  14. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    It's actually pretty interesting, i'll played with it for 7 days first and see how it goes.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes then it must be a virtual OS thing I guess. Does anyone perhaps know why certain apps won´t run on virtual machines?
     
  16. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Actually it also works fine on my virtual machines, so it must be a problem on your side R.

    Hmm it's great, very light, not like that pro-security I tried the other day, where responses took 30 seconds because the warning prompt appeared. R, you should really try it, you don't know what you are missing!

    It's free for personal use right? Pretty cool, but like other tools of this nature, you better know what you are doing.
     
  17. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Very advanced, and it actually works. One of the best HIPS around IMHO.
     
  18. spindoctor

    spindoctor Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    83
    I noticed after doing a couple scans with Blacklight beta, RootkitRevealer and Security Task Manager that these scanners are telling me that a part of DSA is possible malware.

    Now I realize that it probably isn't because of the nature of the program, and that these scanners work on a heurstic type of level, but I can't help being concerned about it.

    Security Task Manager actually gives DSA a 100% rating (rare for STM) that DSA is malware- that is STM says C:\WINDOWS\system32\pfproc.dll is malware.

    Similar results with the BL and RR. Both claim pfproc.dll could be malware. So does anyone know for certain that this a truely legit part of DSA and why the scanners are saying it's malware? Thanks for any info.
     
  19. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Yes, i did the same observation. I am quite convinced it´s not a malware rootkit. It looks bad, but my guess is, that this file is a selfprotection measure, to hide itself from rootkits. Fight fire with fire ;).

    This is the log from gmer rootkitscanner :

    GMER 1.0.10.10122 - http://www.gmer.net
    Rootkit 2006-06-14 13:56:29
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.10 ----

    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwClose
    SSDT \SystemRoot\system32\drivers\pwipf2.sys ZwCreateFile
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwCreateKey
    SSDT \SystemRoot\system32\drivers\pwipf2.sys ZwCreateThread
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwDeleteKey
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwDeleteValueKey
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwEnumerateKey
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwEnumerateValueKey
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwFlushKey
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwLoadKey
    SSDT \??\C:\Programmer\Softwin\BitDefender8\filespy.sys ZwOpenFile
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwOpenKey
    SSDT \SystemRoot\system32\drivers\pwipf2.sys ZwOpenProcess
    SSDT \SystemRoot\system32\drivers\pwipf2.sys ZwOpenSection
    SSDT \SystemRoot\system32\drivers\pwipf2.sys ZwOpenThread
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwQueryKey
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwQueryValueKey
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwSetValueKey
    SSDT \??\C:\Programmer\Softwin\BitDefender8\regspy.sys ZwUnloadKey
    ---- Processes - GMER 1.0.10 ----

    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Logitech\SetPoint\SetPoint.exe [108] 0x00CE0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Documents and Settings\The man\Skrivebord\gmer\gmer.exe [200] 0x00D40000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\PicoBackupOE\PicoBackupAgent.exe [204] 0x011E0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\MSN Messenger\msnmsgr.exe [228] 0x02750000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\SuperAdBlocker.com\Sponsored Ad Blocker\SCHBlock.exe [284] 0x00CF0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\PurgeIE\PurgeIE_Service.exe [320] 0x01110000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe [360] 0x00D10000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [376] 0x00FB0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Program Files\ScreenMates\Felix2.exe [400] 0x00C10000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Spamihilator\spamihilator.exe [416] 0x00DF0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\csrss.exe [528] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [552] 0x024A0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [596] 0x01320000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [608] 0x00F30000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe [720] 0x00AF0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [756] 0x00F70000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [832] 0x00C70000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [860] 0x02B90000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\EnigmaticSoftware\CacheSentry\CacheSentry.exe [896] 0x00B70000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE [1004] 0x00A50000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\WgaTray.exe [1364] 0x01550000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1380] 0x00CA0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1424] 0x00CB0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1540] 0x00C10000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Acer\eManager\anbmServ.exe [1588] 0x01800000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\VIAudioi\SBADeck\ADeck.exe [1744] 0x01EC0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\PROGRA~1\NSClean\BOClean\BOC421.EXE [1752] 0x01D20000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Google\Gmail Notifier\gnotify.exe [1768] 0x016E0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\abelhadigital.com\HostsMan\hm.exe [1776] 0x010F0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe [1784] 0x00B90000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Matinsoft\GoldTach\GoldTach.exe [1808] 0x01380000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\programmer\softwin\bitdefender8\bdnagent.exe [1852] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\ExPLabs.com\SocketShield\SocketScannerMonitor.exe [1868] 0x00EA0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\QuickTime\qttask.exe [1892] 0x00DD0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe [1916] 0x00CD0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Privacyware\Dynamic Security Agent\DSA.exe [1944] 0x02160000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\NSClean\BOClean\BOCORE.exe [1956] 0x009C0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\UnH Solutions\Easy Go Back\EasyGoBack.exe [1976] 0x00E20000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\nvsvc32.exe [2032] 0x01200000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe [2412] 0x00AA0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Softwin\BitDefender8\vsserv.exe [2580] 0x00A70000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ c:\programmer\softwin\bitdefender8\bdmcon.exe [2664] 0x00BA0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Outlook Express\msimn.exe [2676] 0x00AC0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\ShadowStor\ShadowUser\ShadowUser.exe [2808] 0x00E90000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\Programmer\Back2zip\Back2zip.exe [2960] 0x01120000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\wuauclt.exe [3268] 0x00ED0000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\pfproc.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiprvse.exe [4056] 0x00A40000 <-- ROOTKIT !!!

    ---- Files - GMER 1.0.10 ----

    File C:\WINDOWS\system32\pfproc.dll

    ---- EOF - GMER 1.0.10 ----
     
  20. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    i notice on their product page that they seem to have a close connection with computer associates.
     
  21. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Hi

    It hides from rootkits and AV as well.

    Does anybody knows this software ?

    Regards
    GMER
     
  22. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    its recognised in the windows security centre as a firewall. If you run windows firewall with this the security centre will tell you that you are running 2 firewalls etc . I found that just with dsa agent it has stealthed my ports just as windows firewall would.
     
  23. spindoctor

    spindoctor Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    83
    Thanks for the info Webster. I think your probably right. Fight fire with fire, sounds like a good motto for their product. ;)

    Interesting findings Solarpowered Candle. After I read your post I tried deleting my firewall and made sure the Windows firewall was off, and got almost the same results as you. I went to grc.com with only DSA as my firewall and also got all stealth except port 1029, that was listed as closed.

    I realize running two firewalls together is not a good idea, but on their website under the description of the product, they recommed running DSA along with a personal firewall.

    Here's a quote direct from the website:

    "DSA is therefore an ideal complement to conventional virus and spyware scanning software as well as personal and server firewall applications."

    So I would think it is still safe to run along with your normal firewall. I haven't had any problems so far myself with any kind of conflicts. But I'm going to take it real slow with this one.
     
  24. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Hmm, Spybot flags the exe and the runkey as "Tango".

    I am shure DSA is legit, but they do have af problem with scanners ;)
     
  25. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    superantispyare is fine with this .
     
Loading...
Thread Status:
Not open for further replies.