ewido security suite 3.5 beta

Discussion in 'other anti-trojan software' started by quexx88, May 27, 2005.

Thread Status:
Not open for further replies.
Page 6 of 10
  1. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    605
    Location:
    Australia
    fish25,
    ewidoguard.exe has 9,209 handles open... somewhat unusual behaviour
    Looking at it using process explorer most of the handles are of type Process and there are multiple open handles for each process

    Disabling "Realtime Protection" and then enabling it again results in a minute or so of high CPU use by ewidoguard and the open handle count increasing by another 2,000 odd (to 11,190)
    (NB: 72 processes currently running with 543 threads)

    As well as that problem, what is the guard doing straight after enabling ?
    It might be nice to popup a little dialog box saying "scanning memory" (or whatever) as part of the enable

    It would be good to have an about dialog or show all the details in the status screen so we now exactly what version of the beta we are reporting against....
    Known threats: 163,030
    Last Update: 8/06/2005
    Version of database: #1306

    I have an Engine.dll update ready to be installed by the look of it, as there is an engine.dll.update waiting to be applied and an entry in HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations.

    Oddly both the existing engine.dll and the newer slightly bigger one have exactly the same file version (4.0.0.1), how come you don't change the version to distinguish between the different files ?

    Just out of interest why just schedule the dll replacement on reboot when an application restart was all that was needed

    After the application restart with the new dll in place, the file handle increase is less severe each time the guard is disabled and then enabled again. Launching the main program using right click on the guard increases the file handles by 100 odd each time and through repeated enable/disables

    Symptoms exhibited on this PC when the high handle consumption was happening were that it was very sluggish to respond to mouse clicks for no apparent reason... until I found the handle consumption that is ;)

    Thanks
     
    gottadoit, Jun 8, 2005
    #126
  2. Just wondering

    Just wondering Guest

    Just completed a scan after latest updates...No false positives, and scan time
    was a lot faster.
     
    Just wondering, Jun 8, 2005
    #127
  3. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Is there a way to bulk remove from quarantine? There's 100's of cookies and it's a pain to click each one.
     
    lynchknot, Jun 8, 2005
    #128
  4. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    You can use "shift" to select multiple entries :)
     
    peter.ewido, Jun 8, 2005
    #129
  5. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    thanks fish25 :)
     
    lynchknot, Jun 8, 2005
    #130
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I'm seeing this as well.. the processes window is stable now, however :)
     
    Notok, Jun 9, 2005
    #131
  7. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    I managed to do some tests and this problem has been fixed with 3.5 beta.

    You'll also be pleased to hear that ewidoguard.exe and ewidoctrl.exe combined have lower Mem Usage than a-squared's guard.

    No more 100% CPU usage either.

    Suffice to say I am impressed with this new version of ewido.
     
    Defenestration, Jun 9, 2005
    #132
  8. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    I use Offline Explorer Pro from MetaProducts, and when I start it ewidoguard scans for a long time with CPU usage going up to 95%.

    All other apps are scanned quite quickly when started. why does Offline Explorer take so long to be scanned ?
     
    Defenestration, Jun 10, 2005
    #133
  9. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    I just downloaded the latest version,I hope. I ran a scan and it found 90 cookies in Firefox. On my system the mem on Task Manager for ewidoctrl and guard comes to about 55,000 . How does that compair to what you see.
     
    Last edited: Jun 10, 2005
    WilliamP, Jun 10, 2005
    #134
  10. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    This screenshot is a collectors item, you know why?
     

    Attached Files:

    gerardwil, Jun 11, 2005
    #135
  11. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    rdsu, Jun 11, 2005
    #136
  12. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    The 100% cpu bug should be fixed as well as the memory usage of the guard should be lower now. Next is the handle problem of the guard and new signatures with less false positives :)
     
    peter.ewido, Jun 13, 2005
    #137
  13. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    I had posted above that mem. usage was 55,000. It was at first then it dropped to about 18,500. Now it is about 19,050. I had removed 3.0 because of CPU problems. I haven't had any problems so far with 3.5 BETA. Thanks.
     
    WilliamP, Jun 13, 2005
    #138
  14. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    I'm testing the guard, and it seems that use the same resources than v3.0...
    Maybe the v3.6 will make a real improvements in this area...
     
    rdsu, Jun 13, 2005
    #139
  15. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    Any news on if this problem will be addressed ?

    Scanning of applications on startup by ewidoguard is just too slow IMO, with the scan time of OE Pro on startup being unacceptably slow.
     
    Defenestration, Jun 15, 2005
    #140
  16. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    when will there be a new beta version for ewido??

    will there be or after 3.5 its the offical versiono_O

    coz wat i don't like is that it has alot of false positives.
     
    chaos16, Jun 15, 2005
    #141
  17. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    this will be fixed in a short time :) explanation allready given ;)
     
    Infinity, Jun 15, 2005
    #142
  18. .....

    ..... Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    312
    Ewido has already had some engine updates in the BETA stage.

    About False positivies - submit them to the ewido team to fix.
     
    ....., Jun 15, 2005
    #143
  19. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    One more "Complete System Scan" with the default settings more "Scan every file" enable...

    I've scanned all this files on "Virus Total" and "Jotti" websites, with NOD32, avast!, a-squared, so I think that just could be a False Positives...

    Code:
    ---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:			15:41:59, 15-06-2005
 + Report-Checksum:		8A2A3853

 + Scan result:

	:mozilla.53:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Regnow
	:mozilla.54:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Regnow
	:mozilla.111:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Myway
	:mozilla.112:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Myway
	:mozilla.113:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Myway
	:mozilla.114:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Myway
	:mozilla.115:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Myway
	:mozilla.116:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Myway
	:mozilla.117:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Myway
	:mozilla.118:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Myway
	:mozilla.119:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Myway
	:mozilla.135:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Wwwhbo
	:mozilla.141:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Yandex
	:mozilla.147:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Com
	:mozilla.148:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Com
	:mozilla.168:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Imdb
	:mozilla.184:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Metareward
	:mozilla.185:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Metareward
	:mozilla.210:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.211:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.212:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.213:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.214:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.215:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.216:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.246:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.E-centives
	:mozilla.247:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.E-centives
	:mozilla.266:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookies.txt -> Spyware.Cookie.Wwwdownload
	:mozilla.53:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Regnow
	:mozilla.54:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Regnow
	:mozilla.111:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Myway
	:mozilla.112:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Myway
	:mozilla.113:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Myway
	:mozilla.114:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Myway
	:mozilla.115:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Myway
	:mozilla.116:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Myway
	:mozilla.117:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Myway
	:mozilla.118:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Myway
	:mozilla.119:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Myway
	:mozilla.135:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Wwwhbo
	:mozilla.141:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Yandex
	:mozilla.147:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Com
	:mozilla.148:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Com
	:mozilla.168:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Imdb
	:mozilla.184:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Metareward
	:mozilla.185:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Metareward
	:mozilla.210:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.211:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.212:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.213:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.214:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.215:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.216:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Tcmagazine
	:mozilla.246:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.E-centives
	:mozilla.247:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.E-centives
	:mozilla.266:C:\Documents and Settings\Rui Umbelino\Application Data\Mozilla\Firefox\Profiles\7x801q6o.default\cookiesnew.txt -> Spyware.Cookie.Wwwdownload
	C:\Program Files\Compare It!\wincmp3.exe -> Backdoor.Rbot
	D:\Downloads\axis\xml-security-bin-1_2_0.zip -> Heuristic.Suspicious-Zip
	D:\Downloads\axis\xml-security-bin-1_2_0.zip -> Heuristic.Suspicious-Zip
	D:\Downloads\axis\xml-security-bin-1_2_0.zip -> Heuristic.Suspicious-Zip
	D:\Downloads\axis\xml-security-bin-1_2_0.zip -> Heuristic.Suspicious-Zip
	D:\Downloads\axis\xml-security-bin-1_2_0.zip -> Heuristic.Suspicious-Zip
	D:\Downloads\axis\xml-security-bin-1_2_0.zip -> Heuristic.Suspicious-Zip
	D:\Downloads\axis\xml-security-bin-1_2_0.zip -> Heuristic.Suspicious-Zip
	D:\IRC\anaconda\mirc.ini -> Backdoor.Zapchast
	D:\IRC\AnacønÐa ns2.10.zip/anaconda/mirc.ini -> Backdoor.Zapchast
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\FAQs\Install Apache PHP MySQL\www.internetmaster.com\hts-cache\new.zip -> Heuristic.Suspicious-Zip
	D:\Software\Internet\Browsers\Maxthon\plugins\Toolbar\Fillthy 0.4.zip -> Heuristic.Suspicious-Zip
	D:\Software\Internet\Chat\Instant Messaging\MessenPass 1.03.zip/mspass.exe -> Backdoor.VB.aam
	D:\Software\System\OS Enhancements\XPlite Professional 1.6.0286.zip/XPlite.exe -> Heuristic.Win32.Backdoor3


::Report End
     
    rdsu, Jun 15, 2005
    #144
  20. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493


    If you submit the false positives they definetely fix them. I had a few false positives when I first installed. I submitted them and several updates later I get no false positives.



    Starrob
     
    Starrob, Jun 15, 2005
    #145
  21. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    Latest update:

    #1312, june 19, 163.328 signatures
     

    Attached Files:

    • beta.gif
      beta.gif
      File size:
      743 bytes
      Views:
      362
    gerardwil, Jun 19, 2005
    #146
  22. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    Any engine/guard updates with #1312, or is it just sigs ?
     
    Defenestration, Jun 19, 2005
    #147
  23. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,008

    Most of the files are from the cookies file of Mozilla... and that's not a false positive... Firefox puts all cookies in one text file that it uses. And there can be nasties in that of course. And I'm pretty sure you don't want to see that file deleted.
     
    Edwin024, Jun 19, 2005
    #148
  24. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    I'm talking about the other files... ;)
     
    rdsu, Jun 19, 2005
    #149
  25. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,008
    well, ok.. it's just not easy to read through half files and such ;)
     
    Edwin024, Jun 19, 2005
    #150
Page 6 of 10
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...