it detected the first malware along with its created files. not a peep for the other 2 malwares. its mainly to show the warning popup better quality video can be download here http://www.filedropper.com/record20150102185820191_1
Thanks, I wonder how it spots the malware, for some reason I have a feeling it's not really pro-active, looks like it's using signatures, perhaps from the cloud? But anyway, looks like it is indeed crap.
Woops, I wrongly thought PM don't use driver though surely some of its function will need driver. I googled about it and find PM uses a bit of trick to hide its driver, i.e. the driver is combined in its installer exe and will be extracted to %SYSTEMROOT%\System32\Drivers\ temporary, then it will be loaded into memory and driver file will be erased. Sorry for my misunderstanding. Still, as Kees illustrated, many things can be monitored w/out driver and w/out admin privilege. Considering even only metadata can be enough to distinguish malware, it's no wonder if info obtained w/out driver is enough to classify malware by their machine learning system, though I don't know if Raptor really don't load driver. See the link anon posted, it clearly states that it is behavior-based technology leverages machine learning, so no need to rely on any signature, while most current BB rely heavily on behavior sig (so they are not much proactive but just being generic). And I don't see why you say it's crap. It's just an PoC program for future adoption and automated classification by machine leaning definately have future. Considering BB is one of the weakest part of McAfee, it's good attempt for them.
Yes, some apps do this, but they can't fool HIPS. I already explained why, it's because I expected something more advanced, and besides, I'm not even into true BB's, they will always miss things, as seen in the test from treehouse786.
I downloaded, installed, and tested this out on my WIN 7 x64, SP1 machine today. Don't know if anyone noticed or looked at their firewall logs? My WIN 7 firewall log showed blocked inbound connections for svchost.exe coming from port 443 from the following IPs: 65.55.83.125, 98.138.79.20, 157.56.74.250, and 206.190.56.191. And this was only for the hour I had Raptor installed. I just run with the std. inbound rules BTW. It also borked my DHCP incoming from broadcast address; I had a slew of those in the log. Not a trace of any of this in the Raptor log. So Raptor is not just a behavior blocker ............. Don't know what the hell it is. It's startup is a joke. It's via runonce registry mechanism. Well, that hung up my boot since Raptor requires admin privileges to run and I have UAC set at it's highest level. So the boot stopped with UAC prompt. It also appears to reinstall itself on each boot since the runonce entry points to where you downloaded it. Not ready for prime time is my verdict.
