CyberHawk-- Is this normal?

Discussion in 'other anti-malware software' started by aigle, Feb 24, 2007.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi CH users, I want to ask is this normal regarding CyberHawk service I/O bytes history?
    Thanks
     

    Attached Files:

    • CH.jpg
      CH.jpg
      File size:
      82.2 KB
      Views:
      429
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi Aigle,

    I thought CyberHawk was really a marvellous security feat with the protection level and ease of use they realised in their first software releases.
    This is because behavorial protection has some architectural disadvantages and user friendlyniess advantages.

    Because they were so good, they were compared with classical HIPS, Sandboxes and Antivirus software applications. To fill in the blind spots (very hard to detect with behavorial analysis), they included a blacklist. This new feature needs I/O, therefore you see this IO characteristic. I should not worry, just a pitty that a champion in its class crosses to another mean of protection, black listing (I have an AV for that=black lists, so CyberHawk please stay the champion of behavorial detection, I do not mind that you do not catch things you were not designed for).

    Regards K
     
  3. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Same here... :(

    I already told to developers to improve the resources usage, but until now...
     
  4. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi all,

    That's why i've tried nearly all builds and uninstalled them a couple of days after :'(
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    But until now they say that blacklist is only used when a maliious behaviour is discovered.
     
  6. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    You should not be worried about 372 bytes/s and probably it isn't actually writing or reading.
    For example for Jetico 1 there is a lot of I/O activity (mainly Other I/O) but the actual writes and reads are minimal:
     

    Attached Files:

    • J1.png
      J1.png
      File size:
      10.3 KB
      Views:
      373
    • J2.png
      J2.png
      File size:
      7.3 KB
      Views:
      381
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Stil seems much more here.
     

    Attached Files:

    • CH.jpg
      CH.jpg
      File size:
      58.8 KB
      Views:
      380
  8. EASTER.2010

    EASTER.2010 Guest

    In one way i can understand what Novatix is trying to strive for with the blacklist but i really have to agree with the above, it's really not needed and is only complicated what has been a very formidable interceptor/Terminator! of suspicious files.

    I was very amazed at it's lightning fast rapid response to suspicious behavior when it first came out and it quickly won me over when i discovered it also could Terminate files on a dime when commanded. Later releases did not fair as well with my system mostly, such as causing a Lag like some AV's used to do, plus i had some trouble uninstalling it too.

    Now with this latest release all those earlier issues have disappeared finally but new ones have surfaced although not anything like previous system lags, instead i got a load of Possible Keylogging prompts from about every process from Notepad to IE and on at least 2 of my TRUSTED programs that "are" keyloggers, they were quickly flagged by CH and yanked right away into quarantine which is a good thing i suppose, but i would have rather made that decision for myself. Even if CH malfunctions and pulls a good file into quarantine, it is easily restored so no real damage is possible from that new feature, just a little un-needed IMO.

    I do hope Cyberhawk at least breaks up their versions into one WITH and one WITHOUT a blacklist if they feel the need to keep it that way, because just like you allude to, an Anti_Virus pretty much supports those duties.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    As I know latest release has fixed this issue.
    Never experienced so BTW.
     
  10. EASTER.2010

    EASTER.2010 Guest

    I see Cyberhawk in behavioral blocking as a pioneer in much the same way as SSM is to HIPS and RKUnhooker is to ARK's.

    That is they have early on set a form/standard for others to follow. I hope they continue on that path and not deviate as some seem to suggest they are finding.
     
  11. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    Hi all--

    Please see my other post here on the blacklist issue.

    Cyberhawk does NOT compromise security by using a blacklist. Our use of a blacklist is only complementary to the initial behavior detection technology, and is used to facilitate some user interactions AFTER a known malware has already been detected through behavior analysis. In fact, it may help to not think of it as a blacklist since that term has other connotations and meanings not in play here. Instead, perhaps think of it simply as a database that is checked ONLY after a malicious behavior has been detected.

    Becky Dubrow
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi Becky, no comments about the original topic of thread?

    Thanks.
     
  13. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    Unfortunately, no. :) That's a bit outside my area of expertise, so I'd direct you to our technicians at http://www.novatix.com/support. They're very quick to respond and can quickly let you know if what you're seeing is normal.

    Becky
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ok, thanks.
     
  15. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Aigle,
    Please keep us posted. Thanks. ;)
     
  16. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Lately I noticed that each time members of this forum have questions and posted them here, often receive a kind reminder from Becky at CH to redirect their querries directly to CH support. I would regard it as a change of heart; Folks at CH may or may not aware that CH has been widely tested by members of this wonderful forum. A member's concern could very likely be ecohed by many others, and these people would like to know the solution as well. Sending question to support is often regarded as a private matter. If folks at CH opinion this forum is not an appropiate place to discuss or address problems openly, then I would strongly suggest them to open thier own somewhere out there. Problems surely bring in solutions and often businees progress can be followed thereafter. If CH's tec can reply concerns in e mail, I can logically assume they can equally reply them by posting here. Just Loony sense.
     
  17. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    The lack of posting and returning posts about specific questions is because we were asked to refrain from doing so, and which we are trying to at least, respect, by the Admins of this forum. I apologize if it seems rude.

    About the I/O Bytes History, yes that is normal. Cyberhawk is monitoring the system for RK behavior, hence the pulsing I/O stats that you see. The amount depends on what you have running. On one system with the McAfee suite, the I/O reads around 202KB, with Comodo, VMware, outlook, Skype, Msnmessenger, ff etc... it reads around 310KB.

    Daniel
     
  18. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Hi daniel, I am very pleased that you have come out to clear the air. I did not know that this forum does have some kind of restrictions of postings, especially from respectful developers. I do hope the ADM. of wilders can re-evalue its policy to allow certain types of reply to be posted, not only will our members be benefited, but also will encourage us to participate more discussion and healthy debate. Again, just my loonie sense. Have a nice one.
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks for reply.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    That,s OK I think.
     
Thread Status:
Not open for further replies.