Cyberhawk and ProcessGuard

Discussion in 'other anti-malware software' started by one111, Nov 9, 2006.

Thread Status:
Not open for further replies.
  1. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    The two seem to be working well together. One question though,
    Cyberhawk keeps trying to make modifications in explorer exe. and
    Winlogon exe and ProcessGuard is preventing this from taking place.

    I have the option to allow this modification to take place, but I don't know what the change is exactly and if to allow it or not.

    Maybe someone from CyberHawk can explain exactly what is happening
    and why.
     
  2. TECHWG

    TECHWG Guest

    allow cyber hawk to do anything, its a legitimate program, if you block it from doing something you might be digging a grave for your OS, or making CH malfunction and lack protection
     
  3. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    The answer sucks. Also the question. No details.
    I was thinking of trying the CH.
    I am not after that.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    If u use two HIPS type application, u should expect theses type of alerts. If u don,t, better not to use it.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    If u install a security appliance, give it full freedom to do whatever it wants to do, otherwise u might invite troubles.
    Regarding technical details, only CH support can tell u better.
     
  6. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    We can't provide many specific technical details due to the proprietary nature of how Cyberhawk protects, but the basics are that in order for Cyberhawk to protect you it constantly monitors your entire system for any signs of malware behavior. It does so in an extremely intelligent way, and in ways that allow it to detect threats that other applications miss.

    Certain types of threats, such as rootkits, require our very careful examination of processes such as Winlogon and Explorer.exe. This “modification” you are seeing should be seen as a legitimate action for Cyberhawk to do in order to help track down certain types of threats like rootkits.

    Becky Dubrow
     
  7. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    Thank you :)

    Nice to have you in the forum
     
  8. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    No way. I won't even try it. I thought so, but privacy questions too much. :(
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    In that case u can safely wait until u are satisfied, or the other way.
     
  10. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    "allow cyber hawk to do anything".

    That just is something i never wanted to hear.
    Or sending files to homebase.
    It was all so nice first when i started to read this thread about it.
    How it was a behaviour hips ... then all this.

    aigle, you recommend a reformat if ever a rootkit. Now you are maybe owned. Or bought out, lol.

    EDIT
    I would not bad mouth something in an open discussion, but since this is with process guard thread that i respect as a very good product. So needed to tell. Never used prevx1 too :p
    I have nothing to hide in my PC or such stuff, but if needed information from me when winlogon or other monitoring, too much!
     
    Last edited: Nov 9, 2006
  11. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    theres nothing like a good format to sort it all out .
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Then u should not be using MS products either.
    And no use of new hardware as well.
    BTW I am still watching CH, will see how it goes.
    @ Jarmo P
    U FF is phoning google, pls remove it.:)
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Exccept if they were able to put a BIOS rootkit!!
     
    Last edited: Nov 9, 2006
  14. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    All you need is Customize Google extension and the Google Analytic cookies can't send data to Google.

    As for allowing Cyberhawk totally free rein that is insane. I use PG also and I never would allow PG total freedom. I configure PG as I want it and that is what one should do with Cyberhawk. If you can't do that then it is a suspect program. Even more suspect because the authors invoke the proprietary secrets crap rather than give you an informative answer. I have Kaspersky also and in the to be released on Monday Service Pack version, ProActive Defense was driving me nuts (wasn't causing problems in earlier beta) and was conflicting with both Script Sentry and PG. I finally had to turn it off. I suppose you think I should have just let it put iexplore.exe in quarantine and allowed it to stop Fx from updating itself, etc. I never had anywhere near these many problems with PG. So, I disabled ProActive Defense and will just use PG at least until Kaspersky has PAD more refined.

    After seeing Cyberhawk's privacy problems and the very poor responses by Cyberhawk here in regards to the issues, I won't be trying it again or recommending it.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I am not saying anyone to use it. It,s just a personal decision.

    I do think that they need to refine their privacy policy. Let,s see what they do. Also they do need to explain in a better way the what it does with explorer.exe etc, it does not make any sense to say it a secret. Do they expect that with a general description anyone can get its code? If someone wanted to reverse engineer the software, they can,t stop it anyway.

    Configuring PG and CH is something totally different. PG can be configured from its own settings, CH has no such settings( excpet for community participation) so controlling its actions by another HIPS will not serve any purpose. If I want to use it I will let it hook explorer.exe or watever it want otherwise I will not simply use it. Moreover from the very beginning it installs a filter driver so if someone has to stop that is the very first point to stop. Why installing a filter driver and stopping other action?

    I personally doubt that u can ever stop ur browser from sending data to anywhere? Can u? I am not sure though. May be someone expert can throw light on this issue. I don,t think once u go on internet there is any privacy.( BTW I am not saying that it,s OK for CH to do anything. I am no expert on this matter and will watchout what they do and what users comment/ feel about them).

    Now it,s a funny example. U need to read the OP again and then interpret my reply!
     
    Last edited: Nov 9, 2006
  16. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    yes but they are saying that if such could happen some one would need physical access to your machine to do this. in which case if some one is given physical access to your machine with destructive intentions its game over any ways .

    using microsoft kind of defeats the whole issue here as aigle hinted. its kind of like 6 months in a leaky boat. each bucket is labeled by a diffirent name and has a diffirent shape . one pg another ch and another what ever. however the waters still keep coming.
     
    Last edited: Nov 10, 2006
  17. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    it will be interesting to see if firefox corrects phoning google in the next release. however there is a lot to be said for their advertising
     

    Attached Files:

Thread Status:
Not open for further replies.