BluePoint Security product Q&A

Discussion in 'other anti-malware software' started by BluePointSecurity, Aug 31, 2009.

Thread Status:
Not open for further replies.
  1. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Agreed, many techie's systems change on a daily basis, whitelisting may be an issue at that point. But the average casual user is checking email, facebook etc it's perfect for that type of user.

    Whitelisting is definitely a challenge to implement but I would far rather work towards a smooth whitelisting solution than working with any other security model, there's just too many ways around them/flaws.

    Also, we really try to stray away from being the decision maker when it comes to "trusted" software. I wouldn't trust a vendor that decides to be the whitelisting czar. If and when they start making mistakes whitelisting apps, it would defeat the benefits of whitelisting in the first place. Just my opinion.
     
    Last edited: Sep 5, 2009
  2. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    ako

    I can't replicate the same issue in a clean vm, not seeing any problems. Can you tell me what service pack and language your vm is running? Also, what version of the .net framework is installed?
     
  3. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    663

    Code:
    --------------------------------------------------------------------------------
     
      The license associated with the Belarc Advisor product allows for free personal use only.  Use on multiple computers in a corporate, educational, military or government installation is prohibited.  See the license agreement for details.  The information on this page was created locally on your computer by the Belarc Advisor.  Your computer profile was not sent to a web server.  Click here for more info.  
     
    
    --------------------------------------------------------------------------------
     
    
    About Belarc
    
    System Management Products
    
    Your Privacy
    
    
    
    In page Links:
    
    Network Map new
    
    Software Licenses
    
    Software Versions & Usage new
    
    Missing Hotfixes
    
    Installed Hotfixes
     
    
        
     
     
       
     
     
     
    System Security Status  CIS Benchmark Score
     
    
     1,88 of 10 (details...)
     
      
     
     
      Virus Protection
     
    
     Unknown 
     
      
     
     
      Microsoft Security Updates
     
    
     1 missing 
     
      
     
     
     
      
    
    --------------------------------------------------------------------------------
      
    Computer Profile Summary 
    Computer Name:  Bb-2654cddbcdb5 (in TYÖRYHMÄ) 
    Profile Date:  5. syyskuuta 2009 23:41:00 
    Advisor Version:  8.1b 
    Windows Logon:  admin 
     
      
    Plan for your next computer refresh...
    click for Belarc's System Management products  
      
    Operating System   System Model 
    Windows XP Professional Service Pack 2 (build 2600)
    Install Language: suomi
    System Locale: suomi   VMware, Inc. VMware Virtual Platform 
    System Serial Number: VMware-56 
    Enclosure Type: Other 
    Processor a   Main Circuit Board b 
    2,40 gigahertz Intel Pentium 4
    8 kilobyte primary memory cache
    512 kilobyte secondary memory cache
    Not hyper-threaded   Board: Intel Corporation 440BX Desktop Reference Platform 
    BIOS: Phoenix Technologies LTD 6.00 12/03/2005 
    Drives   Memory Modules c,d 
    6,43 Gigabytes Usable Hard Drive Capacity
    2,72 Gigabytes Hard Drive Free Space
    
    BENQ DVD DD DW1640 [CD-ROM drive]
    Levykeasema [Floppy drive]
    
    VMware Virtual IDE Hard Drive [Hard drive] (6,44 GB) -- drive 0, s/n 00000000000000000001, rev 00000001, Not SMART   456 Megabytes Usable Installed Memory
    
    Slot 'RAM slot #0' has 256 MB
    Slot 'RAM slot #1' has 128 MB
    Slot 'RAM slot #2' has 64 MB
    Slot 'RAM slot #3' has 8 MB 
      Local Drive Volumes 
         
    c: (NTFS on drive 0) 6,43 GB 2,72 GB free 
     
      Network Drives 
      None detected 
    Users (mouse over user name for details)   Printers 
    local user accounts last logon 
     admin 5.9.2009 21:37:56 (admin) 
    local system accounts 
     HelpAssistant never  
     Järjestelmänvalvoja never (admin) 
     SUPPORT_388945a0 never  
     Vieras never  
    
    
     Marks a disabled account;    Marks a locked account    None detected   
    Controllers   Display 
    Standardi levykeasemaohjain [Controller]
    Ensisijainen IDE-kanava [Controller]
    Intel(R) 82371AB/EB PCI Bus Master IDE Controller
    Toissijainen IDE-kanava [Controller]   VMware SVGA II [Display adapter] 
    Bus Adapters   Multimedia 
    VMware SCSI Controller
    Intel(r) 82371AB/EB PCI to USB Universal Host Controller   Creative AudioPCI (ES1371,ES1373) (WDM)
    Game Port for Creative 
    Virus Protection [Back to Top]   new Group Policies 
    No details available   None discovered 
    Communications   Other Devices 
       
    VMware Accelerated AMD PCNet Adapter 
     primary   Auto IP Address:  192.168.0.104 / 24 
     Gateway:  192.168.0.1 
     Dhcp Server:  192.168.0.1 
     Physical Address:  00:0C:29:9B:E7:84 
      
    Networking Dns Server:  192.168.0.1 
       Microsoft AC Adapter
    Standardi 101/102-näppäiminen tai Microsoft Natural PS/2 Keyboard
    VMware Pointing Device [Mouse]
    USB Root Hub 
      
    See your entire network map...
    click for Belarc's System Management products  
      
    new Network Map (mouse over IP address for physical address) [Back to Top]  
    IP Device Type Device Details Device Roles 
    192.168.0.1  Router D-Link DHCP Server, Gateway, Domain Name Server, Web Server 
    192.168.0.100   Muumilaakso (in MSHOME) Browse Master 
    192.168.0.104  Windows XP Workstation Bb-2654cddbcdb5 (in TYRYHMŽ), VMware  
     
      
    Find your security vulnerabilities...
    click for Belarc's System Management products  
      
    Missing Microsoft Security Hotfixes [Back to Top]  
            These required security hotfixes (using the 08/11/2009 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed.   
    Q928365 - Critical  (details...)  
     
      
    Manage all your software licenses...
    click for Belarc's System Management products  
      
    Software Licenses [Back to Top]  
      
    Belarc - Advisor adeca0bd  
    Microsoft - Internet Explorer 55697 
    Microsoft - Windows XP Professional 55697-649-6478953-23529 (Key: RH) 
     
      
    Find unused software and reduce licensing costs...
    click for Belarc's System Management products  
      
    new Software Versions & Usage (mouse over i for details, click i for location) [Back to Top]  
       ı i  Belarc, Inc. - Advisor Version 8.1b
       ı i  BluePoint Personal Edition Version 1.0.0.66
         i  Cinematronics - 3D Pinball Version 5.1.2600.2180
         i  Igor Pavlov - 7-Zip Version 4.29 beta
         i  Microsoft (r) Windows Script Host Version 5.6.0.8820
       ı i  Microsoft Corporation - Internet Explorer Version 6.00.2900.2180
    ıııı i  Microsoft Corporation - Messenger Version 4.7.3001
       ı i  Microsoft Corporation - Windows Installer - Unicode Version 3.1.4000.1823
         i  Microsoft Corporation - Windows Movie Maker Version 2.1.4026.0      i  Microsoft Corporation - Windows® NetMeeting® Version 3.01
         i  Microsoft Corporation - Zone.com Version 1.2.626.1
         i  Microsoft Data Access Components Version 3.525.1117.0
    ıııı i  Microsoft(R) Windows Media Player Version 9.00.00.3250
         i  Microsoft® .NET Framework Version 2.0.50727.42
       ı i  VMware Tools Service Version 5.0.0 build-13124
       ı i  VMware Tools Tray Version 5.0.0 build-13124
       ı i  VMware User Process Version 5.0.0 build-13124 
    
    
    i  Mouse over to see details, click to see where software is installed. 
       ı  Marks software last used within the past 7 days. 
      ıı  Marks software last used within the past 90 days, but over 7 days ago. 
     ııı  Marks software last used within the past year, but over 90 days ago. 
    ıııı  Marks software last used over 1 year ago. 
      Unmarked software lacks the data to determine last use. 
    
      
    Audit your security posture...
    click for Belarc's System Management products  
      
    Installed Microsoft Hotfixes [Back to Top]  
    Internet Explorer 
        SP2    (SP2) 
    WGA 
        SP0 
            KB892130  on 3.1.2008  (details...) 
    Windows Media Player 6.4 
        SP0 
            KB925398_WMP64  on 4.1.2008  (details...) 
    Windows Media Player 9 
        SP2 
            KB936782_WMP9  on 4.1.2008  (details...) 
    Windows Media Player 
        SP0 
            KB911564  on 4.1.2008  (details...) 
            KB952069_WM9  on 30.3.2009  (details...) 
            KB973540_WM9L  on 5.9.2009  (details...) 
    Windows XP 
        SP0 
            KB941569  on 4.1.2008  (details...) 
        SP3 
            KB873339  on 4.1.2008  (details...) 
            KB885835  on 4.1.2008  (details...) 
            KB885836  on 4.1.2008  (details...) 
            KB886185  on 4.1.2008  (details...) 
            KB887472  on 4.1.2008  (details...) 
            KB888302  on 4.1.2008  (details...) 
            KB890046  on 4.1.2008  (details...) 
            KB890859  on 4.1.2008  (details...) 
            KB891781  on 4.1.2008  (details...) 
            KB893756  on 4.1.2008  (details...) 
            KB893803V2  on 1.1.2008  (details...) 
            KB894391  on 4.1.2008  (details...) 
            KB896358  on 4.1.2008  (details...) 
            KB896423  on 4.1.2008  (details...) 
            KB896428  on 4.1.2008  (details...) 
            KB898461  on 1.1.2008  (details...) 
            KB899587  on 4.1.2008  (details...) 
            KB899591  on 4.1.2008  (details...) 
            KB900485  on 4.1.2008  (details...) 
            KB900725  on 4.1.2008  (details...) 
            KB901017  on 4.1.2008  (details...) 
            KB901214  on 4.1.2008  (details...) 
            KB902400  on 4.1.2008  (details...) 
            KB905414  on 4.1.2008  (details...) 
            KB905749  on 4.1.2008  (details...) 
            KB908519  on 4.1.2008  (details...) 
            KB908531  on 4.1.2008  (details...) 
            KB910437  on 4.1.2008  (details...) 
            KB911280  on 4.1.2008  (details...) 
            KB911562  on 4.1.2008  (details...) 
            KB911927  on 4.1.2008  (details...) 
            KB913580  on 4.1.2008  (details...) 
            KB914388  on 4.1.2008  (details...) 
            KB914389  on 4.1.2008  (details...) 
            KB916595  on 4.1.2008  (details...) 
            KB917953  on 4.1.2008  (details...) 
            KB918118  on 4.1.2008  (details...) 
            KB918439  on 4.1.2008  (details...) 
            KB919007  on 4.1.2008  (details...) 
            KB920213  on 4.1.2008  (details...) 
            KB920670  on 4.1.2008  (details...) 
            KB920683  on 4.1.2008  (details...) 
            KB920685  on 4.1.2008  (details...) 
            KB920872  on 4.1.2008  (details...) 
            KB921503  on 4.1.2008  (details...) 
            KB922582  on 4.1.2008  (details...) 
            KB922819  on 4.1.2008  (details...) 
            KB923191  on 4.1.2008  (details...) 
            KB923414  on 4.1.2008  (details...) 
            KB923980  on 4.1.2008  (details...) 
            KB924270  on 4.1.2008  (details...) 
            KB924496  on 4.1.2008  (details...) 
            KB924667  on 4.1.2008  (details...) 
            KB925902  on 4.1.2008  (details...) 
            KB926255  on 4.1.2008  (details...) 
            KB926436  on 4.1.2008  (details...) 
            KB927779  on 4.1.2008  (details...) 
            KB927802  on 4.1.2008  (details...) 
            KB927891  on 4.1.2008  (details...) 
            KB928255  on 4.1.2008  (details...) 
            KB928843  on 4.1.2008  (details...) 
       Windows XP 
        SP3 (continued) 
            KB929123  on 4.1.2008  (details...) 
            KB930178  on 4.1.2008  (details...) 
            KB930916  on 4.1.2008  (details...) 
            KB931261  on 4.1.2008  (details...) 
            KB931784  on 4.1.2008  (details...) 
            KB932168  on 4.1.2008  (details...) 
            KB933729  on 4.1.2008  (details...) 
            KB935839  on 4.1.2008  (details...) 
            KB935840  on 4.1.2008  (details...) 
            KB936021  on 4.1.2008  (details...) 
            KB936357  on 4.1.2008  (details...) 
            KB937894  on 4.1.2008  (details...) 
            KB938127  on 4.1.2008  (details...) 
            KB938828  on 4.1.2008  (details...) 
            KB938829  on 4.1.2008  (details...) 
            KB941202  on 4.1.2008  (details...) 
            KB941568  on 4.1.2008  (details...) 
            KB942615  on 4.1.2008  (details...) 
            KB942763  on 4.1.2008  (details...) 
            KB942840  on 4.1.2008  (details...) 
            KB943055  on 5.9.2009  (details...) 
            KB943460  on 4.1.2008  (details...) 
            KB944338-V2  on 30.3.2009  (details...) 
            KB944653  on 4.1.2008  (details...) 
            KB945553  on 5.9.2009  (details...) 
            KB946026  on 5.9.2009  (details...) 
            KB946627  on 30.3.2009  (details...) 
            KB950749  on 5.9.2009  (details...) 
            KB958470  on 5.9.2009  (details...) 
            KB971032  on 5.9.2009  (details...) 
        SP4 
            KB923561  on 5.9.2009  (details...) 
            KB938464-V2  on 30.3.2009  (details...) 
            KB946648  on 30.3.2009  (details...) 
            KB950760  on 30.3.2009  (details...) 
            KB950762  on 30.3.2009  (details...) 
            KB950974  on 30.3.2009  (details...) 
            KB951066  on 30.3.2009  (details...) 
            KB951376-V2  on 30.3.2009  (details...) 
            KB951698  on 30.3.2009  (details...) 
            KB951748  on 30.3.2009  (details...) 
            KB952004  on 5.9.2009  (details...) 
            KB952287  on 30.3.2009  (details...) 
            KB952954  on 30.3.2009  (details...) 
            KB954600  on 30.3.2009  (details...) 
            KB955069  on 30.3.2009  (details...) 
            KB955839  on 30.3.2009  (details...) 
            KB956572  on 5.9.2009  (details...) 
            KB956802  on 30.3.2009  (details...) 
            KB956803  on 30.3.2009  (details...) 
            KB956841  on 30.3.2009  (details...) 
            KB957097  on 30.3.2009  (details...) 
            KB958215  on 30.3.2009  (details...) 
            KB958644  on 30.3.2009  (details...) 
            KB958687  on 30.3.2009  (details...) 
            KB958690  on 30.3.2009  (details...) 
            KB959426  on 5.9.2009  (details...) 
            KB960225  on 30.3.2009  (details...) 
            KB960714  on 30.3.2009  (details...) 
            KB960715  on 30.3.2009  (details...) 
            KB960803  on 5.9.2009  (details...) 
            KB960859  on 5.9.2009  (details...) 
            KB961371-V2  on 5.9.2009  (details...) 
            KB961501  on 5.9.2009  (details...) 
            KB967715  on 30.3.2009  (details...) 
            KB968537  on 5.9.2009  (details...) 
            KB970238  on 5.9.2009  (details...) 
            KB970653-V3  on 5.9.2009  (details...) 
            KB971557  on 5.9.2009  (details...) 
            KB971633  on 5.9.2009  (details...) 
            KB971657  on 5.9.2009  (details...) 
            KB972260  on 5.9.2009  (details...) 
            KB973346  on 5.9.2009  (details...) 
            KB973354  on 5.9.2009  (details...) 
            KB973507  on 5.9.2009  (details...) 
            KB973815  on 5.9.2009  (details...) 
            KB973869  on 5.9.2009  (details...) 
     
    
    
    Click here to see all available Microsoft security hotfixes for this computer. 
    
         Marks a security hotfix (using the 08/11/2009 Microsoft Security Bulletin Summary) 
         Marks a security hotFix that fails verification (a security vulnerability) 
     Marks a hotfix that verifies correctly 
     Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled) 
      Unmarked hotfixes lack the data to allow verification 
     
    
    --------------------------------------------------------------------------------
     
    
    a. Processor clock speed is measured at computer start-up, and on laptops may be impacted by power option settings.
    b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
    c. Memory slot contents may not add up to Installed Memory if some memory is not recognized by Windows.
    d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong.
    e. This is the manufacturer's factory installed product key rather than yours. You can change it to your product key here [url]http://go.microsoft.com/fwlink/?LinkId=45668[/url] for Windows, or here [url]http://support.microsoft.com/?kbid=895456[/url] for Office.  
    Copyright 2000-9, Belarc, Inc. All rights reserved. 
    Legal notice. U.S. Patents 5665951, 6085229 and Patents pending.  
    
    --------------------------------------------------------------------------------
     
    Last edited: Sep 5, 2009
  4. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Your opinion on ThreatFire? I consider it using a white-list (and black-list) approach, but detection instead based on behavior.
     
  5. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Haven't tested/checked out ThreatFire lately, I'll give it a look.
     
  6. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Just performed a small amount of testing with several products installed on the same vm. We'll continue more shortly, just wanted to take a quick look at things.




    WinPatrol v 16.1.2009.1
    Prevx v3.0.1.65
    Online Armor Personal Firewall ++ v3.5.0.32


    WinPatrol doesn't appear to cause any issues when combined with BluePoint.

    Online Armor seems to work fairly well with BluePoint, although I wasn't able to update BluePoint even after allowing the outbound in the firewall. I suspect that it's just a setting (didn't have time to dig through it). I disabled it and was able to update BluePoint without issues.

    Prevx and BluePoint seemed to be the most incompatible together in the same vm. The vm was very very sluggish (and this server is a dual quad core xeon!). I would not recommend running these two products on the same machine. The slowdown from Prevx alone in the vm seemed quite considerable. Prevx and BluePoint perform similar duties, I would suggest testing threats against them in a lab environment (attempt to infect) and make your own conclusions. Go with what you feel most comfortable with.

    As I've stated before I would strongly discourage running 3+ security programs at the same time especially if they are performing real-time monitoring capabilities. The result of 3+ real-time monitoring programs hooking into the same areas of your os will cause performance issues at the very least, instability is also quite likely. As a general rule of thumb, having more than one product hooked into the same areas is a dangerous proposition. Non real-time protection programs are far less likely to cause compatibility issues with BluePoint.

    Keep in mind, disabling security products doesn't necessarily remove the os hooks and these hooks are usual the causes of compatibility problems. So try to install BluePoint as a true standalone.

    Personally, instead of running 3 or 4 programs to remain protected, I would seek out 1 that can do the job alone. There are less than a handful of them I would consider up to that job. As always, choose what makes you comfortable.

    This isn't definitive and we'll continue cross testing.
     
    Last edited: Sep 5, 2009
  7. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    ako,

    Thanks for the detailed information. Nothing jumps out at me as being the problem. My strong suspicions are either a corrupt .net framework or a language issue. It doesn't like something about that vm for some reason. I can tell you if clean machines wouldn't installed we'd be flooded with support calls, so it must be something specific to that machine. I'm checking into the language your using to see if that causes any issues.
     
  8. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    I'm always happy to share my opinion as you all know! :D

    I checked out ThreatFire with my usual quick test method which is:

    1. Install on clean vm
    2. Update
    3. Reboot
    4. Attempt infection with a few common in the wild threats
    5. Attempt infection with newer less known threats
    6. Attempt to execute keylogger (we created)
    7. Attempt to destroy vm with threat that deletes key windows dll's within about 5 seconds after execution (we created)


    I rate products by how far along this list they are able to survive as threats higher in this list are more difficult to prevent, especially since they are not on defs and we created them! Most of them fail at step 4-5.

    this one made it to step 6, which while not perfect is quite good actually.

    I tend to be a security purist, meaning I look for as close to 100% prevention out of a product as possible. I look to solve the malware problem, not to cleanup their messes after the fact, I'm tired of cleaning them up. At this point I believe in technologies based upon sandboxing or whitelisting, I've personally seen all other technologies fail time after time in real world tests. I'd love to post reviews as I've seen far too many reviews performed by unqualified people (names withheld). Many of these reviewers are doing a massive disservice to users as they are "passing" products that have clearly failed at prevention, even in their own video reviews.

    Since you are aware of the technology BluePoint is based upon, you can probably guess how far down the list it survives ;)
     
    Last edited: Sep 5, 2009
  9. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Thanks for the kind invitation. when I understand well, BluePoint Security approach is: "deny the unknown".

    IMHO a direct download link to an exe file in your sig don't fit in that approach.. :rolleyes:

    <S>
     
  10. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    This thread can turn into an interesting one. :D Please provide us with names and facts to back up your statements. :)

    <S>
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    I am a GrandPa (& then some) & I understand Malware Defender (MD) pretty good, including your screenie. So also does my great-granddaughter Amy (age 9). She is adept with several classic HIPS, including D+ & MD.

    Classic HIPS enable power-users & tweak-freaks to have control-to-the-max. However, a neophyte can use MD easily by putting it in "Learn Mode" for a while, & then "rig for silent running" (Silent mode). A neophyte user of MD need never mess with (or even see) the MD screen you showed unless s/he wants to learn.
     
    Last edited: Sep 5, 2009
  12. darthsideous666

    darthsideous666 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    202
    Location:
    Secret Hideout on Coruscant
    This thread is starting to go in the wrong direction again:doubt: . Us vs Them:rolleyes: seems to be getting thrown back into it. Whether the product is beneficial to the user, how and why, that is what is important folks (I thinko_O ). Independent test results are good as well!:doubt:

    Just my thoughts.

    ds
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    for me own personal test is the best cause you prove it your self,you know some test reviewers dont tell the truth:D it is better if we as users be the judge,well after testing:)
     
  14. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Interesting... in other words, running things under a LUA, which most users normally should - but don't - ThreatFire would have been "good enough" in theory. :D Thanks for your testing and insight on my query. :)
     
  15. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    At least I definitely respect your opinion, but just as I thought, my query led to better understanding, both of the effectiveness of one of my products of choice and the philosophy, insight and professionalism of BluePoint as a company.
     
  16. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    663
    I installed BPS inside VM with english XP. Now it worked. Small test:

    Allowed: FS blacklight, Processexplorer, Hitman pro, Adobe reader, a2, CIS-installer, MBAM, Unhackme

    Blocked: IE (sic!, pic 1), Realplayer (pic 2), GMER (high risk), Quicktime, AVZ

    The analysis never allowed execution and took too much time - minute or so.

    Allowed execution of malware when installation was inside Defencewall (pic 3). (Blocked this one as unknown outside of DW.)

    Did not block a pdf-exploit (pic 4). Allowed even registry modification before seeing something! (pic 5)

    I am not convinced. :thumbd: :cautious:
     

    Attached Files:

  17. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    663
    Two more pictures: HOSTS-changed, Hitman pro scan after the exloit. (3 dead files from another test, not related to BPS.)
     

    Attached Files:

    Last edited: Sep 6, 2009
  18. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    663
    Final picture. Scanning finds all malware files (Hitman pro scan after BPS cleaning clean.) Why real-time failed?
     

    Attached Files:

  19. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Good to hear it's running in the new vm.

    Are you clicking allow to test infecting the machine? Once you click override or allow you may very well end up infected and have to resort to a scan to clean things up.

    All security apps have settings or alerts you can override, it doesn't really prove anything to override all of the alerts to show infection, it's also a bit misleading.

    A better test would be to click deny on everything during the test and then determine if anything was modified. As a side note it looks like your a few versions back, check for updates.

    The analysis will never allow execution no matter what risk rating/result we give the item. That's more prevx's style. We never allow anything that's not known to us to be safe, allowing items after analysis would be heuristics/defs and that's not how BluePoint works, whitelisting only. Allowing items that appear to be "safe" can result in failure to prevent. That's up to you the user to determine if you want to allow execution. If your browsing around and you see the notification popup, it's quite likely it needs to be denied. The latest version is also more informative with the alerts.
     
  20. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Also good to hear, a few have done testing and have reported nothing was detected when malware was present o_O . Without seeing their setup it's tough to tell why that happened (settings possibly?). Either way our detection rates are very very good (a few sites are testing as we speak). I think you'll be pleasantly surprised when our detection rate percentages are released here in the next few weeks :)
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    Blue Point Shield didnt fail,bet if you test BPS alone it will block all those malware you tested:D i recognize all those malware that you use and even more i tested againts blue point and blue point clean the house very easilly,you may have a conflic in between security software:D did you tried BPS alone like i did?try that:)
     
  22. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    I "think" he clicked allow on the items to see how it responds/deals with that type of situation. I would find a hard time understanding how that many executables were allowed to execute without permission.

    ako, let us know on this one.

    Thanks!
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    ofcourse if i click allow it will go and even like that the scaner will remove them after all:) what i do is i wait few second after running malware and for sure it will be auto-block:cool:
     
  24. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    A few test setup recommendations:

    Setup a clean vm
    Install BluePoint
    Update BluePoint
    Check settings if testing scanning detection rates

    Begin testing


    Make sure you clearly state whether you have clicked allow on any malware related items, this sort of makes the test a bit pointless as every security app I've seen has ways to override and allow malware if you really want to.

    Try to explain screenshots so everyone understands what your showing.

    We have a few groups officially testing things now, we don't mind everyone testing, just make sure your clear on how you tested. Most security vendors would probably not encourage this type of "unofficial" testing. We stand behind our prevention methods and as long as you explain your methods we don't mind.
     
  25. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    663
    Of course not. I got no warnings before the one seen in fig. 5. maybe a confict, I don't know. If Jmonge told it blocked everything I believe him.

    The version was downloaded just before testing,but seemed to be indeed old with one version number.
     
    Last edited: Sep 7, 2009
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.