Cyberhawk v. 2.0 just released

Discussion in 'other anti-malware software' started by Cyberhawk Support, Jan 15, 2007.

Thread Status:
Not open for further replies.
  1. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
  2. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    I tried to terminate CHService.exe using APT 4.0. To determinate whether the real-time protection was working or not I ran the spycar hosts test and TowTruck. The computer was restarted after every succesfully termination attempt.
    "Yes" means the hosts test ran succesfully (CyberHawk was terminated/not working).
    "No" means the hosts test was blocked by CyberHawk.

    Suspend 1 Yes
    Suspend 2 Yes

    Kill 1 No
    Kill 2 No
    Kill 3 No
    Kill 4 No
    Kill 5 Yes
    Kill 6 No (Alert from Cyberhawk)
    Kill 7 No
    Kill 8 Yes
    Kill 9 Yes
    Kill 10 No
    Kill 11 No (Alert from CyberHawk)
    Kill 12 No

    Kernel Kill 1 Yes
    Kernel Kill 2 No

    Crash 1 Yes (Reported by APT as unsuccessfully)
    Crash 2 No (Alert from CyberHawk)

    For Suspend methods, Kill 5 and Crash 1 CHService.exe remained running but was not working (hosts modification allowed).
     
  3. EASTER.2010

    EASTER.2010 Guest

    Thanks for posting to alternative link webster.

    Just got wind of this release today but the Novatix website is still displaying that aforementioned message instead of loading Cyberhawk Home Site.
     
  4. PhoenixWeb

    PhoenixWeb Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    76
    Location:
    Southampton, UK
    Does CyberHawk v. 2.0 protect other security applications against termination?
     
  5. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    One of our web servers was down for a bit yesterday which caused some folks to see this message. The problem's been corrected and all should be able to access the site without trouble now.

    Becky
     
  6. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    Thanks for running these tests on Cyberhawk, ggf31416!

    I've forwarded your results internally here to see if we can reproduce. We're always working on further hardening Cyberhawk and I'm sure we'll be able to use these tests to further improve its security.

    Becky
     
  7. guest

    guest Guest

  8. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    Yes--Cyberhawk currently watches out for a rather extensive list of other security apps, and we have plans to expand on that list as we can.

    Becky
     
  9. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    Thanks, guest. We'll continue looking at these tests, too!

    Becky
     
  10. guest

    guest Guest

  11. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    Thanks again, guest.

    We're already aware of those tests, and Tod and VaMPiRiC_CRoW pointed out some test results earlier in this thread.

    I'm sure you can expect to see additional protections added in to the next update of Cyberhawk. We're always working on improvements!

    Becky
     
  12. galileo

    galileo Registered Member

    Joined:
    Dec 10, 2005
    Posts:
    72
    @becky

    Now that the "for money" version is in play...what is the status of your forums for Cyberhawk? I think that your userbase really does need that type support environment ASAP......;)
     
  13. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    Hi galileo--

    This is still pending. We haven't forgotten about it, but right now our priorities are still focused on improving the core product.

    We certainly understand user input is important in that regard, but we currently offer other ways for users to get in touch with us and provide feedback--online support center, email, phone, outside forums, etc.--and we hear from folks through all these various means, so right now that's working until we have time to implement something else/something better.

    Becky
     
  14. EASTER.2010

    EASTER.2010 Guest

    OK CyberHawk. So far, so good. Like some others i enjoy the new additions and apparently, at least on my units so far, no over-bearing or HEAVY pull on the performance end. A welcome relief indeed from former versionS.

    However, Cyberhawk Support, can you explain or make clear why i am seeing this in a HijackThis scan?
    At first that HJT report convinced me that maybe System Safety Monitor had intercepted and blocked something from the CyberHawk install, so i unistalled it and closed all security programs including SSM, then re-installed only to discover that same (file missing) afterwards.

    Now i checked the C:\Program Files\COMMON FILES\Novatix path and it lead directly to the exe file. I also checked and it appears that the CyberHawk "SERVICE" is definitely working as i established an initial CUSTOM RULES and CH jumped up as usual to some applications i generated at it to see if it was alive or sleeping.

    In your view is this file missing line in the HJT report have something to do with CyberHawks new RootKit Scan? as in perhaps that particular feature activates a kernel-mode driver but only at the time you're using that scan? It's a known fact HJT program can display discrepencies or be evaded from detecion by some programs/malware.

    Thanks: EASTER
     
  15. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Does the ImagePath string value data at the below registry location match the file system location ?

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CHService
     
  16. EASTER.2010

    EASTER.2010 Guest

    Done a quick check with RegCrawler and mine seems to indicate differently than yours, perhaps reflecting latest & newest version?

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cyberhawk

    However checking the registry key for the image path , both the COMMON FILES PATH are equal, that is C:\Program Files\Common Files\Novatix\Cyberhawk\CHService.exe of course the reg key displays service at the tail end of the path, at any rate Cyberhawk still seems to be working as usual. :blink:

    I have no clue right now but will look into this more. Thanks Bubba
     
  17. vhick

    vhick Registered Member

    Joined:
    Jan 21, 2006
    Posts:
    224
    Location:
    Noypi.........
    thanks for this and congratulation to all cyberhawk team. i hope lesser and lesser in recources, more detection and less in false alarm and most of all, free....;)
     
  18. guest

    guest Guest

    "Cyberhawk Support"

    Perhaps if you say all the cases to us in which your software acts we help you adding some cases. For example if it acts when something tries to copy itself in the Windows folder ...

    Sorry for my english
     
  19. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    And about avoid to use polling to check new entries in registry?
     
  20. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    922
    Location:
    Big Apple USA
    I seem to be having an issue w/ the latest version:

    Upon re-boot / start, only CHservice starts. In order to see CHTray, I have to start CH from All Programs. I've tried un-installing / re-installing, same results.

    ...screamer
     
  21. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO
    Hi Easter,

    We are glad to hear Cyberhawk is behaving in your Windows environment and are happy with the update so far.

    The "(file missing)" comment by HJT, for CHService, doesn't mean that the file isn't there, as you verified, it can also mean HJT cannot see the file. This is likely due to the protection on that particular directory. You'll see this with other Security apps as well like, Symantec. As Cyberhawk grows up and becomes more known we need to protect it from attacks. This was implemented in a early phase of self protection.

    Thanks!

    Armando
    Novatix Corp
     
  22. duente

    duente Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    2
    is this a bugo_O
    started all of a sudden a few days ago.happens mainly when i type a message in a forum,but again,not always.never did that before.i scanned my pc again and again,all clear,i have the feeling this has to be some strange bug or conflict or something..

    browser Opera
    running
    Jetico
    Antivir premium
    Cyberhawk free
    Peerguardian
    Spyware terminator
    using ad-aware and spybot too
    any help?....o_O

    edit:confirmed just a bug soon to be fixed.thank you Cyberhawk Support :)
     

    Attached Files:

    • wtf.jpg
      wtf.jpg
      File size:
      27.4 KB
      Views:
      533
    Last edited: Jan 18, 2007
  23. Cyberhawk Support

    Cyberhawk Support Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    140
    Location:
    Boulder, CO


    Hi Screamer,

    Do you have a high number of apps loading to the systray? What might be happening is CH is asking the taskbar to display the tray icon and the taskbar isn't ready for that call or because a high amount of activity during logon the CH message is getting lost. Something we can try is to clear out the history for these icons that load. Below are some instructions from Microsoft hopefully it will help. There are a high number of steps involved but the extra steps help save a restart, in theory.

    1. Run regedit: click on Start > click on Run > type "regedit", without quotes > OK
    2. Navigate to
    HKEY_CURRENT_USER
    \Software
    \Microsoft
    \Windows
    \CurrentVersion
    \Explorer
    3. In the Explorer folder change the value of EnableAutoTray to 0.
    4. Right click Start (or anywhere on the taskbar) and select Properties.
    5. Click the Taskbar tab.
    6. Clear the Lock the taskbar option.
    7. Check Hide inactive icons.
    8. On the Taskbar tab, click Customize.
    9. In the Current Items section, select each of the items as "Always Hide". Click OK, then OK again.
    10. Start all over, re-open the properties dialog box, and select each item as "Hide when inactive" in the Current items section. Click OK, then OK again.
    11. Navigate in the registry to
    HKEY_CURRENT_USER
    \Software
    \Microsoft
    \Windows
    \CurrentVersion
    \Explorer
    \TrayNotify
    12. Delete the IconStreams and PastIconStreams values.
    13. Close the Registry Editor.
    14. Close all open programs.
    15. Open Task Manager: click on Start > click on Run > type "taskmgr", without quotes
    16. Click on the Processes tab.
    17. Click on explorer.exe in the image name column.
    18. Click on the End Process button.
    19. Confirm Yes to kill the process. This will close the desktop except for Task Manager.
    20. In Task Manager select the File menu command.
    21. Click on the Create New Task button.
    22. In the Open box type: explorer
    23. Click OK.

    Let me know if this doesn't help, you can contact me via out support site there are some other things we can try.

    Regards,

    Armando
    Novatix Corp
     
  24. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Same thing happened to me. Cleaned the iconcache with CCleaner, but why do Cyberhawk do this ? o_O
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    You know what I don´t get about this tool? Why doesn´t it alert me about every suspicious behavior? I mean let´s say that CH only alerts about certain behavior when it thinks that a certain app is malicious. Isn´t this a bit strange then? I mean if this really is true then does CH in fact claim to be able to identify ALL malware? Otherwise what´s the point? o_O
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.