Crystal Security - Discussion

Awesome, can't wait to use this product after the update...

 

Hello,

Crystal Security 3.5.0.132 released

Changelog

• Improved notification
• Added folder support for "Whitelist"
• Fixed several minor bugs
• Updated embedded heuristic database

NB! It is now possible to add folder(s) to "Whitelist" via right-click menu (under "Whitelist" section).
Please note that sub-directories are excluded.

Two different types of downloads

Download installer version of Crystal Security 3.5.0.132
Download portable version of Crystal Security 3.5.0.132

Looking forward to your feedback.

Regards,
Kardo

 

This is a neat program. Just a few things:

1. Is it correct that the software does not stop anything by suspending a process? It only acts after the scan is done while the scanned process runs in the background.
2. Shell Integration.exe is classified as suspicious when it is created. Proves that there is no hidden stuff I guess It also doesn't seem to do anything. When I run it from the shell or manually with Shell Integration.exe "c:\folder\scanme.exe" nothing seems to happen.
3. Checkup crashes when it encounters an invalid NTFS Junction. I had c:\Windows\SysWOW64\config\systemprofile\Recent\ pointing to a non existent directory.
4. How does appData\roaming\crystal Security\3.5\Quarantine\ work? Where can I manage it? And how are the *.cbqu files encoded?

All in all I like Crystal Security very much. Good work. Sometimes the same alert appears multiple times but it works pretty well.

EDIT: Error log for the Checkup crash:

Spoiler

Could not find a part of the path 'C:\Windows\SysWOW64\config\systemprofile\PrintHood'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
at System.IO.DirectoryInfo.GetFiles(String searchPattern, SearchOption searchOption)
at Crystal_Security.Main.ListFiles(String directoryPath)
at Crystal_Security.Main.ListFiles(String directoryPath)
at Crystal_Security.Main.ListFiles(String directoryPath)
at Crystal_Security.Main.ListFiles(String directoryPath)
at Crystal_Security.Main.Get_Windows_Files()
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()

 

Hi @Joe_Cool

Thank you for the interest and feedback.

1. When file is created, changed or launched then it is scanned with 4 engines by default. If file is malicious (aka unsafe) then it is blocked (quarantined).
2. Yeah. There is a FP detection in heuristic database. Will be fixed in the next version. Your issue with Shell integration is confirmed and will be fixed too.
3. Thanks for the log. You can access log files also via user interface (under Statistics section). I'll try to re-produce it.
4. You can always restore file via Blacklist section (right-click on file and click "Restore selected file"). Quarantined files are encrypted with Rijndael algorithm.

Anything else you need, feel free to let me know anytime.

Regards,
Kardo

 

Thanks for your kind reply.
My Blacklist was empty. Could be a bug. Blacklist.xml did not contain entries. When I copied the entry from Overview.xml to Blacklist.xml I could restore the file. Nice idea protecting the config with NTFS permissions

 

@Joe_Cool Thanks for the feedback.

Interesting.. Blacklist should save data when you close Crystal Security.

Yeah. Data files are protected against unauthorized modifications.

Regards,
Kardo

 

Hello,

Crystal Security 3.5.0.134 released

Changelog

• Fixed bug in Active protection
• Fixed bug in Shell integration
• Fixed several other minor bugs
• Updated embedded heuristic database

Two different types of downloads

Download installer version of Crystal Security 3.5.0.134
Download portable version of Crystal Security 3.5.0.134

Looking forward to your feedback.

Regards,
Kardo

 

Hi Kardo, nice app you built!

I do not know if you call this a bug but I wanted to inform you.
I run the portable version, downloaded the 132 version witch did auto update today as I did run it.
Now to the "bug", if you click once and hoover on top of the exe icon, on lets say your desktop, or where ever you put the file it says version 132.
But when you open the app it says 134, is this fixable?

Question: I have a few files in "uploaded" that shows unknown for a couple of days now, how long does this usually take before they are deemed good or bad

Thank you for a great app!

/E

 

Hi @Esse

Thank you for the feedback. I am glad you like it.

I re-checked executable version and it is .134. Not fixable by me. Try to refresh desktop or folder where Crystal Security file is located. Then you should see .134

Unknown state for few days? Strange... When unknown file is uploaded and added into Unrecognized list then file will be re-checked after 5-10 minutes.

Regards,
Kardo

 

Hi Kardo,
You are right, a refresh of the desktop did solve the version "bug", sorry.
My files does not leave the upload folder and it says Complete.
The Unrecognized is empty?

/E

 

Hi @Esse

Thanks for the feedback. Sorry about late reply.

Everything is correct. When you see Complete status then it means that unknown file is successfully uploaded to the server.

When unknown file is re-analyzed then it will be removed from Unrecognized section.
You should see new file status under Overview section.

Regards,
Kardo

 

Thx Kardo,
I have never seen a file in "Unrecognized", I was thinking all unknown files would be under Unrecognized until classified.
I still have unknown files in Overview that are up to 5 days old now, is that normal?

/E

 

Hi Kardo, never mind the "Unrecognized", I just saw how that works.
Maybe you will need to add something to let us allow a complete install of new software.
Now it is to much clicking to allow each exe and dll.
Just my point of view of course

/E

 

I was wanting to give Crystal Security a try. I already have Eset Smart Security installed. Will I need to disable anything for Crystal Security so they don't conflict?

 

Hi @Esse

Thanks for the feedback.

Good.

Good suggestion. Another user suggested similar idea. Will be added in the near future.

Regards,
Kardo

 

@Cutting_Edgetech Thanks for testing Crystal Security.

I hope you like it.

So far no reports about conflicts between ESET and Crystal Security.
If there is any issue then please add Crystal Security.exe to ESET exclusion list.

Regards,
Kardo

 

Hello,

Crystal Security 3.5.0.138 released

Changelog

• Improved Checkup
• Improved detection
• Improved "Settings" section
• Updated embedded heuristic database

Two different types of downloads

Download installer version of Crystal Security 3.5.0.138
Download portable version of Crystal Security 3.5.0.138

Looking forward to your feedback.

Regards,
Kardo

 

I just installed Crystal Security 3.5.0.138, and I get a message saying task manager has crashed each time I close the task manager. I'm using Windows 7X64 Ultimate. I have not installed Windows updates that were released today so that can't be it.

 

I have crash dumps for task manager if you need them. Just let me know where to send them to.

 

I'm being alerted to the crash dumps by Crystal Security. I noticed that the alerts do no give the path of the file i'm being alerted to. Should it be showing the path of the file? If not then I would recommend adding that functionality. I'm sure all users here at Wilders would always want to know the path of the file.

 

@Cutting_Edgetech

Thank you for the valuable feedback.

I guess that Self-protection is enabled? This issue is mostly caused by Self-protection feature. It is not possible to terminate Crystal Security via Task Manager, Process Hacker or Process Explorer. Currently the only workaround is to disable Self-protection under Settings. After that Task Manager works correctly. Also be sure to click on Apply too.

If you mean file path on alert then yes. To see file path user must hover on file name (Object).



I hope it helps. If there is anything else, then feel free to let me know anytime.

Regards,
Kardo

 

Yes, it was the Self Protection causing task manager to crash. I disabled it, and it's not crashing anymore. I wonder why it causes task manager to crash. That is definitely an undesired effect from the self protection. I will check to see if hovering over the file name gives the path. I would suggest giving it without the user having to hover over the file name.

 

@Cutting_Edgetech Thanks for the quick reply and suggestion.

Regards,
Kardo

 

No problem.

 

What engines does Crystal Security use? Do you use your own engine?