Katie DriveSentry

Discussion in 'other anti-malware software' started by DriveSentry, May 19, 2008.

Thread Status:
Not open for further replies.
  1. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    I would like a firewall in the sense of out bound control only, kinda like vista firewall control. Leaving the OS firewall alone. Keep it light and let M$ take the heat for the inbound protection. Would also suggest the ability to omit the firewall feature during installation, so people can decide for the selves which firewall to run.
    Just my 2 cents...
    :thumb:
     
  2. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris

    HURST,

    All malicious programs such as Keyloggers, Trojans, Viruses, Spyware and Rootkits all have one or more similar ideologies:

    A, Stay resident after a reboot.
    B, Infect other files (to do A or cause damage).
    C, Hook into host O/S (either by replacing system files or changing settings).
    D, Hide in the host O/S folder structure. (to do A, B or C).
    E, Inject code into another running process (e.g. buffer overflow).

    If you look at A->E they either change a folder, file, registry or memory. Drivesentry is based around a filter driver model not standard kernel (API) hooking which means it monitors process starts, file IO, memory mapping, write process. This consolidates A->E in one driver at the very bottom of the kernel stack which typically means it has much higher priority. The filter driver approach makes it much more stable with other security tools as each filter driver is allocated a unique layer in the O/S cake. API hooking can be bad news as drivers can fight over multiple hooked APIs and even be unhooked!

    Drivesentry could be termed HIPS but I see it as intelligent HIPS + behavioral + scanning in one product with all the various parts working together. Drivesentry monitors what processes are writing out and where e.g files, folders, reg and memory etc. and if triggered then it follows three logical paths:

    1, If it's good (whitelisted) then let it through.
    2, If it's bad (blacklisted) then kick it out.
    3, If it's unknown then see what the community says and determine the risk (behavioral/heuristic) and give a pop-up.

    The background real-time scanner is another layer of defense which most likely reassures people more used to traditional A/V.

    I would like to see point (3) more intelligent, enhancements to security and an outbound firewall. Apart from that my AntiVirus Shodown video demonstrated to me that Drivesentry has become a very good product.

    I found a really good 3 part blog which has just come out on this subject which discuses the very subject we are discussing and references Drivesentry, Bit9 and others. A very interesting read to anyone wishing to get to grips with these new ideologies.

    read more here

    ~interact
     
    Last edited: May 23, 2008
  3. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Interact, thanks for your post.

    I would like to know more about "3". Is there really behavioral analisys or does it just ask the "community" for the opinion on the process? I mean, if it's a zero day, with NO feedback, will it determine the risk (low, critical, etc)... if it's a bad behavior, but most users made a mistake and allowed it, is it intelligent enough to bypass the users wrong feedback?
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    DS performs behavourial analysis to unknown programs.
     
  5. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Time to try... for what i've read, i might even grab the credit card...
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    but... how good those are, we are still unsure. :D
     
  7. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Re: DriveSentry

    it did not fix DriveSentry for me.

    after installation, DriveSentry is fine, it works... tray icon can be accessed and the GUI/Program can load on my command.

    however,

    after 1 reboot, GUI can no longer be accessed, tray icon is useless and does not even show me any options and the main program/GUI does not load at all.

    program is still activated in the background however, as i still recieve the pop ups etc.

    http://forum.drivesentry.com/viewtopic.php?f=5&t=159

    i await and see.
     
  8. dogma

    dogma Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    138
    Re: DriveSentry

    Forgive me if someone has already answered this.

    If I purchase drivesentry, can I install it on multiple systems? I have 2 laptops and 1 desktop btw.

    I am a safe-surfer, can I use it my sole anti-malware app?
     
  9. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    Re: DriveSentry

    Could Also try e-mailing support? support@drivesentry.com :thumb:
     
  10. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    Re: DriveSentry

    Not sure about the licensing restrictions, but you are only looking @ $30.00 (worst case) for life on your systems. That sounds like a deal to me!
    Sole anti-malware app? I am taking an onion approach to security----its in the layers!
    I am following INTERACT's lead...see his sig. It is working for me:thumb:
     
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    test 1 does not work
    test 2 does not work

    installed on a fresh-clean system, no reminants of DriveSentry are there.

    still, after a reboot....... nothing available, although i do still get the pop ups so its obviously still running in the background.

    gui not possible, tray icon useless, does not even show the options on it.

    all programs>drivesentry>drivesentry.exe causes an error message and then "drivesentry has stopped working...."

    not a happy chappy.


    everything runs fine, until i reboot ONCE.

    *hope you dont mind me posting it here 337 :eek:
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Hi, can you post two screenshots of DS pop ups for these viruses( one of critical risk and one major risk)- for the viruses u used in ur youtube video.

    Thanks
     
  13. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
  14. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    I don't mind as long as DS support doesn't mind. I clipped that from a support e-mail to me and Test 1 fixed my issue!! I was getting the same error you were getting-----smooth sailing now! Their support team was fast and friendly! Finally found an app. that I can endorse 100% despite the glitch!
    Crap, does that make me a fanboy? LOL!!:D
     
  15. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    One other feature that has been getting a lot of press is a HTTP scanner.. Could ya'll look in to that?
    :cool:
     
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I am taking a more "patient" look at this one now. It is interesting. I can tell you the license is good for 1 computer only. But at 10 bucks, well, it is still a deal. Liking it, just want to see some testing besides a B rated movie on You tube.:cautious:
     
  17. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    John @ support helped me with the issue, they HAVE been able to recreate this problem, and gave me a different build to use.

    its not perfect... but it does fix my main issues.

    3.0.3.8
     
  18. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    nevermind, i take it back.

    one more reboot and the same problem is here.
     
  19. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Thanks.

    Isn,t it that DS has just gave alert on disc access by Virus? If so then the alert is insignificant as it will give for any disk write.

    I wonder what it will tell in Detailed View for these alerts?
     
  21. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris

    aigle,

    Drivesentry displays a different message on the popup based on the potential risk. If it detects a known virus by signature then it display a different popup with the name of the threat.

    ~interact
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,348
    Location:
    Hawaii
    2 Questions for Katie...

    Comodo Firewall Pro just issued a change whereby it now protects against buffer overflow. So also does Comodo's Memory Firewall. So also does Threatfire.

    Q1- Does Drive Sentry have buffer overflow protection?

    I have an SPI/NAT router as incoming firewall. I do not want to run a software firewall but I DO want a HIPS that monitors outgoing connections (as is done by ProSecurity, System Safety Monitor).

    Q2- Does Drive Sentry monitor/alert on outgoing connections?
     
    Last edited: May 25, 2008
  23. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I am using the beta and nothig else on this machine and it is working very well. Bel, I would think it protects against BO. But as time goes by, DS will evolve even more. But I put my trust in it now.
     
  24. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
    Drivesentry monitors certain types of BO attack using Writeprocess and Filemapping. I don't think it protects against bad programming which is the ultimate cause of BO :argh: I'm running it standalone especially now that Drivesentry is certified by Westcoast labs which all the major players use, search for a vendor here. PC Tools are also certified which is good to see!

    ~interact
     
  25. Fam Money

    Fam Money Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    9
    Looking at the DS site and in their forums I did not see any mention of x64 support. Will this work for Vista x64?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.