Patriot NG new hips

Discussion in 'other anti-malware software' started by Nizarawi, May 12, 2011.

Thread Status:
Not open for further replies.
  1. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    131
    Patriot is a 'Host IDS' tool which allows real time monitoring of changes in Windows systems or Network attacks.

    Patriot monitors:

    Changes in Registry keys: Indicating whether any sensitive key (autorun, internet explorer settings...) is altered.
    New files in 'Startup' directories
    New Users in the System
    New Services installed
    Changes in the hosts file
    New scheduled jobs
    Alteration of the integrity of Internet Explorer: (New BHOs, configuration changes, new toolbars)
    Changes in ARP table (Prevention of MITM attacks)
    Installation of new Drivers
    New Netbios shares
    TCP/IP Defense (New open ports, new connections made by processes, PortScan detection...)
    Files in critical directories (New executables, new DLLs...)
    New hidden windows (cmd.exe / Internet Explorer using OLE objects)
    Netbios connections to the System
    ARP Watch (New hosts in your network)
    NIDS (Detect anomalous network traffic based on editable rules)


    website : http://www.security-projects.com/?Patriot_NG
     

    Attached Files:

  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    very interesting :) winpatrol's like;)
     
  3. Night_Raven

    Night_Raven Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    388
    Not really. WinPatrol is light. This "thing" takes up 30-40MB. Seems like it has a very bad capabilities/resources ratio.
     
    Last edited: May 12, 2011
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Yeah it does sound a bit like WinPatrol, in some ways, but has other nice features. Worth testing i think.

    Installed Winpcap but didn't reboot, as i'm in SD mode. Whether not rebooting effects anything ?

    It took several minutes to Totally launch ! I thought it had crashed etc at first :D

    RAM usage about 25 Megs on XP/SP2.

    Demo videos available :thumb: but in Spanish :D

    @ Nizarawi

    Thanks for posting :thumb:
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Is this freeware? Should it be under lightweight HIPS?
     
  6. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    this app is too hardcore for me :D
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    To test it i installed several Apps that between them installed LOTS of Registry entries & also a few Services & Drivers.

    Not a peep out of it ?

    Also on R-clicking the taskbar icon to show Status, instead it showed Stopped ?

    As i mentioned earlier, i didn't reboot after installing the required WinPcap, but i would have thought that would only affect the network etc stuff ?

    Be nice to see others do something similar & show what alerts etc they get, or not.
     
  8. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Indeed:

    Whois Record For Security-Projects.com

    Registrant:
    Whoiscontactsprotection.com
    Girona 81-83 local 6
    Malgrat de Mar, 08380
    +34.937611042

    http://whoiscontactsprotection.com/
     
  9. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    OK...it looks "not bad" and I have installed it. After installation WinPcap restart was no needed, after installation Patriot - the same. Inteface is a bit like All Seeing Eye (IMO) - you can fix features (protected areas) in one window, but there is no system scan...looks like behavioral blocker?...no "black/white lists, no predefined rules(?)...
    4 processes still work in system and their memory usage is about 45-50 MB RAM
    P1.jpg
    And now something strange...agter updating "NIDS rules" process "stoper-NIDS.exe" becomes as child process
    P2.jpg
    Patriot correctly detects itself
    P3.jpg
    new connection opened by browsers, new opened port
    P4.jpg
    and changing the IE homepage
    P5.jpg
    Ptriot is not "anti-executable"...I am running various programs (FreeCommander, XMPlay, Media Player HC, CCleaner, Regseeker) and there was no reaction. But the most interesting is now...
    try to run registry entries finder like Regseeker,
    in searching box type the word "patriot"
    and than remove all entries that you see
    And what?...nothing...we have no reaction from Patriot and all features are becoming disabled. We have no protection(?!) Patriot has no "self-protection"(?!). It's a bug?...what do you think about this?
     
  10. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    That's what happened to me when I didn't run it as an administrator.
     
  11. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Ok, thanks :thumb:

    I've since found that if you keep relaunching PNG it spawns copies of it's .EXE's & therefore the memory usage goes up !

    Shame about the "self-protection" Might be a bug, or it's not built into it yet, early days ;)

    Except i am in Admin ?
     
Loading...
Thread Status:
Not open for further replies.