ewido security suite 3.5 beta

just updated:

heuristic.dat

 

Thanks

 

No more handle leak

 

Major program update as well as sig update(1313)

 

Any chance ewidoguard can be optimised so that scans faster when starting appications, as I previously mentioned in this post.

Currently it is too slow. To see what I mean, startup Task Manager and watch the amount of CPU usage of ewidoguard when starting an app (eg. Offline Explorer is a good one for the test). You will see it scans for a long time before the app is finally allowed to start.

 

A new heuristics part and again a load of false positives... Will this ever be solved? I don't see Ewido getting out of beta if every update brings new fp's, alas...

 

I don't think so... It's the engine that takes all the power (e.g. when the emulation has to run)... However, I already have some ideas to improve this but it will take some time...

@Edwin024: false positives are one of the last few things we are currently working on...

 

In trying to do a complete system scan with the latest release, the securitysuite.exe keeps shutting down and will not complete a scan. Any ideas?

 

It's a known bug, unfortunately we can only reproduce it by scanning our very large whitelist -> fixing could take some time

 

Another "Complete System Scan" with the default settings more scan every file:

Code:

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:			12:32:20, 27-06-2005
 + Report-Checksum:		6C637275

 + Scan result:

	C:\Program Files\NeoTheme\NeoTheme.exe -> TrojanDownloader.Sahat : Ignored
	C:\WINDOWS\inf\biosinfo.inf -> Trojan.WinINF.Delreg : Ignored
	D:\Aulas\Simulacao\Python 2.3.2.zip/Python 2.3.2.exe -> Spyware.VirtualBouncer : Ignored
	D:\IRC\anaconda\mirc.ini -> Worm.Randon : Ignored
	D:\IRC\AnacønÐa ns2.10.zip/anaconda/mirc.ini -> Worm.Randon : Ignored
	D:\Software\File Managers\rjhExtensions 1.3.zip/Install.exe -> Spyware.eZula : Ignored
	D:\Software\Internet\Browsers\IE plugins\Macromedia Shockwave Player 10.1.0.11.zip/Macromedia Shockwave Player 10.1.0.11.exe -> Spyware.eZula : Ignored
	D:\Software\Internet\Browsers\Mozilla Firefox\Plugins\Macromedia Shockwave Player 10.1.0.11.zip/Macromedia Shockwave Player 10.1.0.11.exe -> Spyware.eZula : Ignored
	D:\Software\Internet\Browsers\Opera\plugins\Macromedia Shockwave Player 10.0.1.4.zip/Shockwave_Installer_Full.exe -> Spyware.eZula : Ignored
	D:\Software\Internet\Chat\Instant Messaging\ICQ 5.04 build 2321.zip/icq5_setup.exe -> Spyware.VirtualBouncer : Ignored
	D:\Software\Internet Security Suites\ZoneAlarm Security Suite 5.5.094.zip/zaSuiteSetup_55_094_000.exe -> Spyware.VirtualBouncer : Ignored
	D:\Software\Security\Firewall\Outpost Firewall\Outpost Firewall PRO 2.7.485.412.zip/OutpostProInstall.exe -> Spyware.VirtualBouncer : Ignored
	D:\Software\Security\Firewall\Outpost Firewall\Plugins\PC Flank WhoEasy 1.0.zip/whoeasy.exe -> Spyware.VirtualBouncer : Ignored
	D:\Software\System\OS Enhancements\XPlite Professional 1.6.0286.zip/XPlite.exe -> Heuristic.Win32.Backdoor3 : Ignored


::Report End

 

Most of the fps should now be fixed...

 

Fish: working on it sounds great! I hope 3.5 will be as stable as 3.0 but better in every aspect. And it looks like that!

 

Maybe this screenshot will help...

 

I still got more than a few FP's on my last scan with the database released today. I already sent in a list of the files.

 

Me too... and again new ones...it's amzing

 

fish25,
When I start the securitysuite.exe why does it poll the following keys multiple times per second ? Is there some other process out there that is going to change them that would need the main executable to respond in near-real time

Would it be worth considering polling less frequently to help reduce unncessary context switching (for those of us still suffering the burden of having a single cpu) ?

Here are the keys I see on this system, quite possibly the ones with odd characters are specific to each install....

 

"Complete System Scan" with the default settings more scan every file:

Code:

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:			19:54:30, 27-06-2005
 + Report-Checksum:		60E55C0D

 + Scan result:

	C:\Program Files\NeoTheme\NeoTheme.exe -> TrojanDownloader.Sahat : Ignored
	D:\Software\System\OS Enhancements\XPlite Professional 1.6.0286.zip/XPlite.exe -> Heuristic.Win32.Backdoor3 : Ignored


::Report End

Only 2 FP

 

I am running 3.5 BETA and this morning Process Guard had Ewido blocked because something had changed. Then I had to reboot to be able to get into Firefox. Was there an update that needed to reboot?

 

yes, ewidoguard.exe, securitysuite.exe, engine.dll etc. have been updated...

 

Thank you Fish. The 3.5 BETA has been doing good on my system.

 

fish25,

it will be possible to add support for 7-Zip and Ace archives?

Regards

 

latest update?

Is anyone else having trouble getting the latest update. Last night ewido deleted it's definitions and said a new update is available. About 5.2 Mb. It gives me a "connection timeout error" about 2/3rds of the way through everytime. I've tried 5-6 times. My internet connection is fine other than being dial up and thus slow. I e-mailed support but only got an automated message so far.

 

Re: latest update?

The processes list seems to be crashing on mouse-over again.. (same issue, no crash when mouse software is disabled)

 

Re: latest update?

Nothing has been change on that part Which mouse software?

 

Sorry but I don't think so... It would take too much time and isn't used very widely...