lukfol mine seemed to freeze after it appeared to install. will try it again and let it sit for a while. cruel sister. yes shadow defender is a great program. used it years ago. then I went to quietzone which was just as good and their forum is right here on wilders. problem started if you look at that forum here when I lost all contact with them and all of their web pages on Facebook ect was gone. asked a mod about it he said would let me know when he heard further info. never did hear anything and since it was a yearly subscription and it was about to expire I just dumped it. your test of petya looks good. the only problem is if you try install software that requires a reboot. the whole program will be gone on reboot unless you click commit. then all changes are saved. I think the first program I used that did something like SD was Microsoft program I cant remember the name of right now. Rasheed yes this program is not using the cloud at present but plans to in the future. cruelsister have you tried your collection against appguard in default mode yet?
ok just reinstalled in shadow mode and waited about 5 min and then everything seems to be working fine . not that I need another security program.
ok, actually installed the little app for testing: 1- got a lag at installation (intentionally installed it aside several security Apps), except that no issues so far. Total Ram usage: 3 processes for ~100mb. suggestion: 1- a import/export function in "Manage Applications" would be useful. 2- show blocked applications/processes (if any) on GUI main window.
Can you perhaps confirm that FSS is purely behavioral monitoring based? If so, I would advice to give an option to turn the "cloud/phoning home" function completely off. I think a lot of people are bothered by this. But you never answered my question, how does FSS exactly work? Does it look for specific file system operations, like getting a list of files, and rapidly trying to modify files? Does it also look for code injection and process hollowing?
Sorry for delay in answers... Yes it is purely based on behaviour monitoring, but we need cloud to improve application (increase detection rate/lower false alerts), by getting samples etc... Also in short future most suspested files (like scripts opened from web browsers etc) files will be sent to cloud and tested automatically on virtual machines- tested behavoiurly... This way some malware would be prevented even before beeing executed. For now we're monitoring only for, as you wrote- getting list of files & trying to modify/delete/rename (some ransomware do not modify file- just write encrypted version in new file and delete the old one). We will add more features/dangerous behaviour patterns in future, like code injection, even some subset of exploits.
OK, cool to hear that it's behavior based monitoring. Like I said, I would like an option to turn off the cloud feature. Also, there should be a way to disable protection and exit the app via tray-icon. BTW, I think you guys should team up with Datpol, SpyShelter could use your pro-active detection methods. I think you should keep it simple, and keep focusing on monitoring the file system. False positives could be solved by implementing a white-list of trusted publishers. However, if you block process hollowing, a lot of ransomware will be blocked in the first stage, if I'm correct. Only certain variants try to directly encrypt files, without using a system process like explorer.exe.
Great to monitor for unsigned file opens and registry access, after all 95% of the malware is unsigned. When it also block injection (of unsigned) than malware has a tough job using credentials of regular signed software. Lag was limited considering the fact it has to monitor a lot of file and registry access. Looks promising
Respective to the previously mentioned Shadow Defender, I have a quicky Question in context and hopefully not off topic. If ransomeware of various strains raises its ugly head and bites us in the arse, will rebooting from shadow mode alone remedy an infection??.. I appreciate the ingenuity of these types of apps discussed here and elsewhere in other threads. Oh, but the convenience of merely rebooting from virtual mode is so enticing... I'll gladly forgo the elaborate circuitry in lieu of a simple on/off switch if it's as equally effective.
If you are in a Shadow-Session and malware changed your files, these changes are reverted after a reboot. More info can be found in the corresponding Shadow Defender-thread
So, Shadow Defender (a love affair of my own for several years and wouldn't be without) based on your response is that SD trims the fat off the pig's **** with the likes of HMPA, this app thread, the Malwarebytes effort to quash ransomware, etc., ad nauseum. I hate it when that happens. Now I gotta decide whether to buy matchy matchy wall paper for that on/off light switch or to shave my dearest pet pig Arnold and call it a x-mas dinner in the making. /Edit: with all due respect.
stillborn HUH? it's easy to find matching wallpaper in this day and age. are you sure your pig is a male and not female? you obviously saw cruelsisters words of praise for SD. and it appears you like SD from your post or maybe not. I am too old to understand the coded jargon
It gets worse my friend. Switched from 30 Marlboros a day to vaping and always keep a bottle of Maker's Mark within reach; worn the same Eraserhead (as in David Lynch) tee-shirt for 3 days now and just finished Shogun-- the best book I've read to date. Go figure....
FYI. The direct download URL was not removed, just de-linked: https://www.wilderssecurity.com/threads/foltyn-securityshield-beta.389957/#post-2631843
Seems to be that the driver is not digitally signed. You can try to install it in a 32bit-VM or disable the driver signature enforcement in your 64bit-VM if you want to install the software.