nProtect MBR Guard

Discussion in 'other anti-malware software' started by safeguy, Dec 23, 2011.

Thread Status:
Not open for further replies.
  1. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    Well, I kind of came across this link (and tool) and it has not been mentioned elsewhere it seems.

    Get out nProtect MBR Guard for free:
    http://en-erteam.nprotect.com/2011/03/get-our-nprotect-mbr-guard-for-free.html

    Direct download link: -http://avs.nprotect.net/FreeAV/NPMBRGuardSetup.exe-
    VirusTotal report (Result 0/43) ~ VirusTotal Results Removed per Policy ~

    Their English blog: http://en-erteam.nprotect.com/
    WOT scorecard (Green): http://www.mywot.com/en/scorecard/nprotect.com
    More information on INCA Internet (nProtect) here: http://en.wikipedia.org/wiki/INCA_Internet

    P.S. I've not tried this program and I don't know whether this supports x64 (64-bit). Seems like an alternative to MBRGuard developed by BlueRidge but which is no longer offered as a stand-alone program and is incorporated into AppGuard instead.
     
    Last edited by a moderator: Dec 23, 2011
  2. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Wondering if it supports 64 bit system.. But I'm hesitant to try it.
     
  3. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Good info Safeguy..:) It might be a worthy software..:)
    It seems to have a flash screen and tray icon compared to completely silent BlueRidge MBR Guard.
     
  4. yhjeon

    yhjeon Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    4
    Location:
    seoul
  5. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Good to know that it supports 64 bit..:)
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,128
    Location:
    USA
    Can nProtect MBR Guard block the TDSS rootkit which I believe infects the MBR on Windows 64 bit? Are there any known conflicts with other security applications, such as Norton Internet Security?
     
  7. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Also are there any conflicts with Disk snapshot utilities such as CTM?
     
  8. yhjeon

    yhjeon Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    4
    Location:
    seoul
    Hi guys~
    I asked about those questions and.
    Our testing team members are going to test for those.
    I'm gonna let you know after the testing.
     
  9. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
  10. yhjeon

    yhjeon Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    4
    Location:
    seoul
    1. Can nProtect MBR Guard block the TDSS rootkit which I believe infects the MBR on Windows 64 bit?

    When MBR Guard is installed first then we try to attack with TDSS rootkit, it protected MBR sector. (in XPSP3_x86 environment)
    But the test system was freezed due to bunch of operations of malicious code.
    They thought that the freezing wasn't MBR Guard's problem but due to continous trying of malcode.
    And in Win7 x64 environment, since executing malicious code sample dyed our PC to BSOD, they couldn't test.


    2. Are there any known conflicts with other security applications, such as Norton Internet Security?

    There hasn't been reported about the conflict with any other security SWs. Please let us know if you got a clash while your using.


    3. Also are there any conflicts with Disk snapshot utilities such as CTM?

    We expect that our product is only monitoring about writing activity; therefore snapshot program won't affect ours.

    Sorry sg09, we hasn't converted it to english version.

    Thanks. John.
     
  11. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Hello, are you planning on translating it to english? :D
     
  12. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Hi yhjeon

    Not quite sure what you mean re. the effect on 64bit systems. Are you saying that nProtect interfered with the malware sample and the result was a BSOD or that the BSOD was caused by the malware sample before nProtect could do its job, or are you just not sure at this stage of testing?

    Thanks in advance.


    Balders :D
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,128
    Location:
    USA
    Here is some information about TDSS (TDL 4) and the way it gets around patchguard on 64 bit Windows.

    http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4
     
  14. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Thank you for that.I think I'll try it out on a VM :thumb:
     
  15. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    And so?

    I suppose there is not a conflict with legit programs that change the MBR, like Truecrypt, Acronis True Image, Comodo Time Machine, Rollback RX, and so on. I suppose the software must be disabled before allowing that legit program to upgrade or change the MBR. Am I right?
     
  16. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    I've been thinking about that too. I'd be afraid that if the SS type app messed up, as they have been known to do, this product might prevent restoring the MBR. I uninstalled CTM once for my monthly defrag and imaging with ZSoft by mistake and nuked my Vista laptop but I was able to restore the MBR with Paragon.
     
  17. yhjeon

    yhjeon Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    4
    Location:
    seoul
    I asked, but they said not sure.

    Hi baldrick.~
    In x64 environment, BSOD happend as soon as we executed TDSS sample.
    It can be changed by samples but, we couldn't test normally.
    And we can try to test if you got a sample.

    You are right. To use safe, I think we don't need to be adventurous.
     
Loading...
Thread Status:
Not open for further replies.