Cyberhawk and ProcessGuard

The two seem to be working well together. One question though,
Cyberhawk keeps trying to make modifications in explorer exe. and
Winlogon exe and ProcessGuard is preventing this from taking place.

I have the option to allow this modification to take place, but I don't know what the change is exactly and if to allow it or not.

Maybe someone from CyberHawk can explain exactly what is happening
and why.

 

allow cyber hawk to do anything, its a legitimate program, if you block it from doing something you might be digging a grave for your OS, or making CH malfunction and lack protection

 

The answer sucks. Also the question. No details.
I was thinking of trying the CH.
I am not after that.

 

If u use two HIPS type application, u should expect theses type of alerts. If u don,t, better not to use it.

 

If u install a security appliance, give it full freedom to do whatever it wants to do, otherwise u might invite troubles.
Regarding technical details, only CH support can tell u better.

 

We can't provide many specific technical details due to the proprietary nature of how Cyberhawk protects, but the basics are that in order for Cyberhawk to protect you it constantly monitors your entire system for any signs of malware behavior. It does so in an extremely intelligent way, and in ways that allow it to detect threats that other applications miss.

Certain types of threats, such as rootkits, require our very careful examination of processes such as Winlogon and Explorer.exe. This “modification” you are seeing should be seen as a legitimate action for Cyberhawk to do in order to help track down certain types of threats like rootkits.

Becky Dubrow

 

Thank you

Nice to have you in the forum

 

No way. I won't even try it. I thought so, but privacy questions too much.

 

In that case u can safely wait until u are satisfied, or the other way.

 

"allow cyber hawk to do anything".

That just is something i never wanted to hear.
Or sending files to homebase.
It was all so nice first when i started to read this thread about it.
How it was a behaviour hips ... then all this.

aigle, you recommend a reformat if ever a rootkit. Now you are maybe owned. Or bought out, lol.

EDIT
I would not bad mouth something in an open discussion, but since this is with process guard thread that i respect as a very good product. So needed to tell. Never used prevx1 too
I have nothing to hide in my PC or such stuff, but if needed information from me when winlogon or other monitoring, too much!

 

theres nothing like a good format to sort it all out .

 

Then u should not be using MS products either.
And no use of new hardware as well.
BTW I am still watching CH, will see how it goes.
@ Jarmo P
U FF is phoning google, pls remove it.

 

Exccept if they were able to put a BIOS rootkit!!

 

All you need is Customize Google extension and the Google Analytic cookies can't send data to Google.

As for allowing Cyberhawk totally free rein that is insane. I use PG also and I never would allow PG total freedom. I configure PG as I want it and that is what one should do with Cyberhawk. If you can't do that then it is a suspect program. Even more suspect because the authors invoke the proprietary secrets crap rather than give you an informative answer. I have Kaspersky also and in the to be released on Monday Service Pack version, ProActive Defense was driving me nuts (wasn't causing problems in earlier beta) and was conflicting with both Script Sentry and PG. I finally had to turn it off. I suppose you think I should have just let it put iexplore.exe in quarantine and allowed it to stop Fx from updating itself, etc. I never had anywhere near these many problems with PG. So, I disabled ProActive Defense and will just use PG at least until Kaspersky has PAD more refined.

After seeing Cyberhawk's privacy problems and the very poor responses by Cyberhawk here in regards to the issues, I won't be trying it again or recommending it.

 

I am not saying anyone to use it. It,s just a personal decision.

I do think that they need to refine their privacy policy. Let,s see what they do. Also they do need to explain in a better way the what it does with explorer.exe etc, it does not make any sense to say it a secret. Do they expect that with a general description anyone can get its code? If someone wanted to reverse engineer the software, they can,t stop it anyway.

Configuring PG and CH is something totally different. PG can be configured from its own settings, CH has no such settings( excpet for community participation) so controlling its actions by another HIPS will not serve any purpose. If I want to use it I will let it hook explorer.exe or watever it want otherwise I will not simply use it. Moreover from the very beginning it installs a filter driver so if someone has to stop that is the very first point to stop. Why installing a filter driver and stopping other action?

I personally doubt that u can ever stop ur browser from sending data to anywhere? Can u? I am not sure though. May be someone expert can throw light on this issue. I don,t think once u go on internet there is any privacy.( BTW I am not saying that it,s OK for CH to do anything. I am no expert on this matter and will watchout what they do and what users comment/ feel about them).

Now it,s a funny example. U need to read the OP again and then interpret my reply!

 

yes but they are saying that if such could happen some one would need physical access to your machine to do this. in which case if some one is given physical access to your machine with destructive intentions its game over any ways .

using microsoft kind of defeats the whole issue here as aigle hinted. its kind of like 6 months in a leaky boat. each bucket is labeled by a diffirent name and has a diffirent shape . one pg another ch and another what ever. however the waters still keep coming.

 

it will be interesting to see if firefox corrects phoning google in the next release. however there is a lot to be said for their advertising