Neoava Guard beta3

Discussion in 'other anti-malware software' started by aigle, Jul 26, 2007.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Neoava Guard beta 3 looks very nice and impressive. I am using it since since few days. GUI of po ups is reallgood and tray icon looks neat and elegant. It seems good for people who complain of pop ups as it gives far less pop ups after configuration wizard.

    On XP SP2, it is working without significant problems along with GW, Antivir, CPF and CH( I uninstalled SSM free due to some BSODs).

    Some of screenshots here.
    Main windows, execution alert and tray icon.
     

    Attached Files:

  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Outbound firewall alert.
     

    Attached Files:

  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Detects and blocks all of four methos of SysSafety keylogger, Martin,s Undetecable Keylogger and two of three method of AKLT. I tried Home keylogger that was blocked as well.
    keylogger detection.jpg
    MUK.jpg
    Home keylogger n globa hook2.jpg
     
    Last edited: Jul 26, 2007
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    A very nice feature is detection and blockage of an executable copying itself that detects the worms very nicely.
    I tried it against Brontok worm, very nicely blocked.
     

    Attached Files:

    • Worm.jpg
      Worm.jpg
      File size:
      45.5 KB
      Views:
      1,190
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Registry strat up protection and windows start up folder protection
     

    Attached Files:

  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Detection of hooks, and it differentiates between global hooks( used by keyloggers) and hook injection into a specific process like IE( can be used by spywares). SSM and EQSecure do not defferentiate the two while ProSecurity, ZAP and KAV PDMs( mostly) do.

    hook1.jpg
    hook2.jpg
    hook3.jpg
     
    Last edited: Jul 26, 2007
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It can qurantine a suspicious process after a said no of suspicious actions( the no of these actions can be changed), a nice feature again.
     

    Attached Files:

  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Write into other process memory, Overwrite executables alerts.
     

    Attached Files:

  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Protection against IE plugins and add-ons.
     

    Attached Files:

    • IE1.jpg
      IE1.jpg
      File size:
      43.1 KB
      Views:
      1,126
    • IE2.jpg
      IE2.jpg
      File size:
      43 KB
      Views:
      1,135
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U can mark fles and folders secure and only trusted process can acess these files/ folders. I made a folder in my documents secure and tried to read in via IE.

    Interception of driver install by Rustok B rootkit

    rustk.jpg
    rustok.jpg
    secure files.jpg
     
    Last edited: Jul 26, 2007
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Detection of change in Services: I tried XP Killer trojan( this trojan deletes three services: widows update, system restore and windows firewall), very nicely blocked by NG even after I allowed the execution of trojan.
    Out of all HIPS I have tried NG is the only one that stops this trojan ead after a single pop up( U need to allow execution of the trojan to test ur HIPS fully).

    Another thing- it is supposed to protect partition table so it might protect against KillDisk virus but I can,t check as I have no VM. Also I will like to heck it agaisnt a chineese trojan, Zushan, that also damages partition table but I even don,t know how to get this trojan:( ( there was some info posted by Sukarof about it).
     

    Attached Files:

    Last edited: Jul 26, 2007
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It also gives termination protection against a special kill method where PG and SSM free failed. But u ned to secure Regmon in NG rules to give it protection from termination. See this thread.

    https://www.wilderssecurity.com/showthread.php?t=172653&highlight=HIPS

    Prueba malware, discussed here, escaped NG. NG could not intercept it once its execution was allowed.

    https://www.wilderssecurity.com/showthread.php?t=179003&highlight=ssm

    Qucan worm once allowed to execute was able to disable Task Manager and RegEdit, NG failed.
     

    Attached Files:

  13. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    So it has outbound firewall capabilities? This looks like a nice program! Thanks aigle. Goodness, too much software to choose from!! o_O
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ya, it has. It seems more promisable than SSM free atleast. Can,t say of SSM pro as I don,t use that. I am using it now instead of SSM free or EQSecure.
     
  15. glentrino2duo

    glentrino2duo Registered Member

    Joined:
    May 8, 2006
    Posts:
    310
    thanks for the heads up, aigle. am not using any hips at the moment, just sandboxie, and will play at NG in a few minutes... :)
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, It,s very nice HIPS. Interestingly it uses very low resources, especially very low CPU usage that I realy like.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Just take care of any conflicts with SBIE.
     
  18. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Great job aigle! Very good explanations and screen shots, now I want to try this proggy :D

    dja2k
     
  19. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Thanks Aigle for this excellent Job to introduce the last beta of this prog called Neoava Guard

    Regards,

    MaB
     
  20. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    Too bad for me I can't get this to start up, system stays at a blank black window upon reboot.
    Clean install XPproS2 with no programs installed.
    Dell xps200. :thumbd: :isay:
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    That,s strange as I am using it on XP Home SP2 with Antivir, CPF, GW, CH and WindowSsteady State. If i like u can report in the bugs section on official forums that will help the developer.
     
  22. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Nice review Aigle. Even NG is in its childhood it is a very promissing software, has a very ambitionated developer. Promissing !!
     
    Last edited: Jul 26, 2007
  23. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    The installation and running of this program requires InstallShield. I had to manually start IKernel in Program Files/Common Files. Even though I went through the wizard, the program locked me out of my antivirus. I set all programs to trusted. This did not help. I had to uninstall Neoava Guard.
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I tried beta 3 for a few hours. Looks promising but presently lacks a registry protection module. The HIPS I use must have such a module. I don't want to use a stand-alone app to do this fundamental HIPS function.
     
  25. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    aigle That,s strange as I am using it on XP Home SP2 with Antivir, CPF, GW, CH and WindowSsteady State. If i like u can report in the bugs section on official forums that will help the developer.
    Going to try again but this time as the wizard walks me through Im going to set everything to lowest and see what happens.
    Was able to intall using the wizard and setting everything to low & no prompts normal interface. However with these settings I am unable to do any tweaking, nothing, unable to access the interface of the program. Reinstalled program again with the normal settings unchanged, after reboot system stalls and hangs at the windows is starting up screen, and thats it nothing else happens. I'm bummed.
     
    Last edited: Jul 27, 2007
Thread Status:
Not open for further replies.