ProSecurity is now Real-time Defender !

Discussion in 'other anti-malware software' started by johncage, Aug 19, 2008.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,770
    Location:
    U.S.A. (South)
    Yes, it is "NOT" reasonably reliable or for that matter accurate and is for all purposes obsolete. Still some sites, like in this case, subscribe to a tendency to leave old comparison tables sit beyond newer versions and findings that have vastly improved so that table cannot be relied on IMHO.

    On another note, i run a chain of tests (Closed EQS, although installed), and with RTD "allowed dll injections" whereby old CyberHawk immediately stepped in to cover and terminated the dll injections. As for me, that much is proof enough for the time being old version Cyberhawk is still a reliable Behavioral Blocker which can safely and accurately intercept in the event something of this nature would escape RTD, which by the way, DID NOT!

    Nice work, RTD.

    EASTER
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,770
    Location:
    U.S.A. (South)
    If a review of my present SSDT table (Ice Sword) can be of any use for anyone studying deeper into this, i screened this view for overview and examination of just some of the hooks. The list for RTD hooks (not seen because of length) is immeasurably much more then i ever noticed before with other versions which again indicate to me more coverages per interception ratios.

    Opinions anyone?
     

    Attached Files:

    • E.jpg
      E.jpg
      File size:
      104.4 KB
      Views:
      1,323
    Last edited: Aug 21, 2008
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,010
    Location:
    Canada
    I tried it on my test image (Thanks to Leapfrog!) and sadly it slows down my browsing quite a bit. Some pages would even take a few seconds to open. Removed it and everything came back to normal.

    Does any of you experience the same problem? maybe it does not like my system.I must say that I am running very light right now, only defenseWall, Kerio 2.1.5 and the old version of Cyberhawk. My computer is running quite fast, so maybe it's normal that I see a difference?
     
  4. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    I also try it on a FD-ISR image.

    I have a dual core and I don't see any difference at all.

    Ref: browsing speed, how can it slow down Internet? I don't understand, try with another browser to see.
     
  5. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,010
    Location:
    Canada
    Yeah, I know it's odd but I tried it with Opera and Firefox with the same results.Anyway I may try to reinstall it once more and test it again later this week.
     
  6. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,092
    Location:
    Europe, UE citizen
    I'm using Real Time Defender: no problem with KIS 7.0.1.325, and no problem running Opera or IE 7. It seems a bit lighter than PS 1.43.
    I forgot: no problem running Returnil 2.0.1 too.

     
    Last edited: Aug 22, 2008
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,770
    Location:
    U.S.A. (South)
    AFAIK it was very ambitious of them to iron out some bugs and release this.

    I must admit no slowdowns here with a slight exception when i briefly teamed it up with EQS as a dual HIPS test. Didn't try it with FD-ISR so that might be another matter that made for what was experienced.

    I will say that in tandem with a reliable old CyberHawk version, it runs smoothly for my enemic 512Mb memory module on XP Pro SP2 and doesn't hinder CynerHawk's behavioral blocking at all when allowed to pass RTD's alert here.

    EASTER
     
  8. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    on my last post (#35) I said that went importing my File Protection rules the path have changed from "C:\WINDOWS" to "%systemroot%". I'm not sure it's a bug but if the path is set to %systemroot% the rules do not apply to sub-sub folders.

    As example I've set a rule to "Ask User" for "*.bat" files in C:\Windows + match all subs directories. With "%systemroot%" as path I got a prompt when I create a .bat in "C:\Windows\system32" but NOT in "C:\Windows\system32\*\*". With "C:\WINDOWS" I got a prompt in all sub directories...

    Same goes with %systemdrive%.
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,770
    Location:
    U.S.A. (South)
    Would you mind expounding a bit more on this? As to exactly where you are finding this new change and can that be an issue at all of concern? This HIPS, is new to some of us, especially after a long run with EQSecure.

    And i don't suppose theres any setting or rules that could guard folders like EQS is able to do is there? I mean you can set any directory, system or otherwise to be monitored in EQS to watch for any file entries whatsoever and alert immediately to it. And is it accurate to assume RTD is a mostly execution protection HIPS at the moment an executable or other file is launched, which it does seem to jump at and suspend.

    Thanks EASTER
     
  10. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Today I had two unexpected system restarts from RTD o_O
     
  11. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    there is no redirecting to various sites anymore at rtdefender.com.
    Instead this line is shown
    "Website is under construction... Real-time Defender Inc."

    Cheers
     
  12. johncage

    johncage Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    70
    reported the issue to RTD team, they confirmed the bug, will fix it ASAP.
    Please set the path back to "C:\WINDOWS" for security reasons.
     
  13. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi Johncage,

    How to you report to RTD team?
     
  14. johncage

    johncage Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    70
    They have a program tester in a Chinese forum.
     
  15. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99

    Wow, thanks for reporting this johncage! That's good news I'm glad they will fix it!
     
  16. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,092
    Location:
    Europe, UE citizen

    I spoke too-early :( . Does someone try RTD with KIS 7 ? I installed RTD in the right way - I used PS some times ago -, and after the reboot I turned RTD in normal mode: it regularly sees new processes and new applications running, but if I run a file .exe stored in my data partition ( D ), to install a new sw, sometimes RTD sees and stops it and send to me an alert, sometimes no. The setting is all right, I compared it with a friend who run RTD but not the KIS: we have the same setting, but RTD in his system runs perfectly and sees all, in my not.

    Note: when I used PS 1.43 with KIS 7 I had not this problem - and in the RTD installation I 've given to the KIS all the permission for RTD.

     
    Last edited: Aug 22, 2008
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    KIS has a HIPS module. Is it running? If so, it may be arguing with RTD.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,770
    Location:
    U.S.A. (South)
    I'm dumb as a box of rocks when it comes to RTD johncage, is there a screenshot you could post to better indicate exactly where this change should be made?

    Thanks whatever you can do, and nice find.

    EASTER
     
  19. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    EASTER,

    Simply go to the "File" menu / "System Folder" section and in the right panel the rules + paths will appear. Double-click on any rules to change the path from "%systemroot%" to "C:\WINDOWS"
     

    Attached Files:

  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,770
    Location:
    U.S.A. (South)
    Thanks Remouald, got to the right section finally.

    Many thanks for the screen and more.

    EASTER
     
  21. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,092
    Location:
    Europe, UE citizen
    Yaa, but I enabled only the application analyzer. But the point is, as I wrote, that when I used PS 1.43 I had the same KIS versione and the same settings, and all runned regularly. This is the reason for I posted.
     
  22. panda01

    panda01 Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    5
    I am trialling RTD 1.0 with my current setup in a FD-ISR snapshot now.
    Have used Prosecurity 1.43 before.
    My setup is using OA AV+ (131) and BOClean and Linkscanner Pro.
    I use Firefox with Noscript and Adblock Plus and Firekeeper.
    (Note: have just bought and started using Sandboxie as well now).
    Running smoothly after installation and will put it report back.
    I have always preferred PS over other apps such as SSM etc
    and always believed in and loved OA.

    regards
    phil
     
  23. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    137
    tks
    plz the link for try thi hipsl;)
     
  24. l0_0l

    l0_0l Registered Member

    Joined:
    Mar 29, 2008
    Posts:
    18
    I would really appreciate it if someone can PM me the download link. Been patiently waiting for this. Thanks in advance. :D

    Update: Received, thanks!
     
    Last edited: Aug 25, 2008
  25. johncage

    johncage Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    70
    Maybe KIS 7 updated something caused a conflict with RTD. RTD team didn't change a lot of code in v1.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.