ProSecurity is now Real-time Defender !

Discussion in 'other anti-malware software' started by johncage, Aug 19, 2008.

Thread Status:
Not open for further replies.
  1. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Hi Aigle,

    Folder creation rules are not so straightforward in EQS 3.41. Don't know what it's like with EQS 4 beta. From the screenshots, it seems easier with RTD.
    Can anybody please PM me a link to RTD. I'd like to have a play.
     
  2. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Got it. Thanks all.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    May be u r right. It has been a long time so i don,t remember exactly. But I am sure u cam make similar rules in EQS as well.
     
  4. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    There is no single rule for blocking creation of folders in EQS. I used Alcyon's method using a combination of two rules which must be located at the end of the ruleset. Certainly not as user-friendly as RTD appears to be.
     

    Attached Files:

  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,393
    Location:
    U.S.A. (South)
    That's odd. I been using Alcyon's Folder Guard (new) rule and it alerts or can block altogether folder creation in various directories.

    I'll see if i can find his post to it or maybe he will repost it again for you.

    In the meantime you can try this prevent folder creation rule by Alcyon:
    https://www.wilderssecurity.com/showpost.php?p=1215529&postcount=157

    Folder creation is easily prevented with his Folder Guard rule, i been using it a very long time and import it to all units i run EQS on and works PERFECT.

    Right now i'm on a unit with strickly RTD and testing it this week, dunno why but still experiencing some problems on both dropping files and folder creation with RTD as it prevents neither for me, but it's very new and i haven't gone over all the rules yet to get them to work.

    The best i'm able to accomplish so far with RTD is running the "WIZARD" and changed the paths to C:\Windows\ in place of %systemroot%\ and at least it does alert but ONLY on execution, not manually dropping a file or folder.

    EASTER
     
    Last edited: Aug 28, 2008
  6. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Thanks Easter. The folder creation rule by Alcyon is the one I use. When I import the XML file it creates the two rules you see in my screenshot. It's just a clever combination of two separate rules for detecting creation of new folders. That's how I understand it. Point is, you appear not to have to do anything clever to produce the same thing in RTD.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    Ok, why u want to intercept folder creation if u can ultimately block creation of an exe, dll etc inside the folder anyway? Is there any special benefit?
     
  8. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    I have a small bug with RTD. It follows a rule that is not there. RTD alerts me of any files created in system32 folder though I don't have such a file rule. Also the rule has %systemroot% path structure. Can anyone else test this?
     

    Attached Files:

  9. johncage

    johncage Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    70
    don't have the issue here, did you check all your file rules?
     
  10. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    Yes, and I even unchecked all my file rules and I got the same pop-up o_O
     

    Attached Files:

  11. johncage

    johncage Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    70
    try go to the Application setting, check your EXPLORER.EXE rule setting, did you have any file/folder setting there ?
    pic.png
     
  12. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    I have a few file rules for EXPLORER.EXE but not the "%systemroot%\system32" rule...
    :(


    edit: it's not a problem with an EXPLORER rule. I've justed test it with XYPlorer (an alternative to explorer) and I got also the pop-up when copying the .txt to system32. So it's really from the "File protection" rules.
     
    Last edited: Aug 29, 2008
  13. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    Well, I give up. I checked everything, even scanned my ruleset ini file, the rule is still invisible. My guess is it happens during the upgrade from PS 1.43 to RTD. I've had this rule when using PS 1.43 but I've disabled it or deleted it (don't exactly remember). Still, it is strange...
     
  14. johncage

    johncage Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    70
    I've PM the issue to the RTD program tester, wait his reply.
     
  15. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    Thanks johncage, I appreciate that.
    :)
     
  16. Smirs

    Smirs Registered Member

    Joined:
    Mar 24, 2007
    Posts:
    24
    Does anybody know if Prosecurity 1.43 was Vista compatible? I keep getting a kernel error whenever I try to install it on my computer.
     
  17. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    I've read some users like you who got plenty of errors trying to install PS 1.43 on Vista. According to the changelog it's compatible since v1.40 but I would advice to wait for a fully supported Vista version.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,393
    Location:
    U.S.A. (South)
    I done a fresh install with the new and bug-fixed RTD some weeks ago. Aside from having to make a manual change in the settings from %systemroot% to C:\Windows, after all this time i'm very satisfied with it.

    CyberHawk (old free 1.1.1.3 ver) continues to defy logic and buck that old adage about whats obsolete is no longer useful. It compliments RTD for me with amazing! success. It takes but simply allowing RTD to "allow" say a dll injector to attempt to infect any running process or inert executable, and CyberHawk IMMEDIATELY! takes control with an alert & suspension, and after passing your DENY signal to it, the source originating offender is totally terminated leaving only a manual removal with ease, since CyberHawk (and RTD for that matter) indicates for the user an exact path.

    I still and always will remain loyal to my favorite EQSecure 4, but i am also more than thrilled to peaches with the abilities RTD offers as an effective alternative. :thumb:

    EASTER
     
  19. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    243
    How is CyberHawk superior than its successor ThreatFire?
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,393
    Location:
    U.S.A. (South)
    Greetings and Hello ParadigmShift

    CyberHawk (old versions) are no different then even todays several different releases. You will always discover that perfect median with a single or few other versions that can prove to trump even a latest new release.

    As far as superior, i don't pit it as better or worse than TF frankly. Only that the one i thoroughly tested performs up to expectations enough to be a very useful security compliment, and further, the same also applies to some version(s) of TF. It's simply the nature of developers who even by accident sometimes, come upon that one or two perfectly reliable creation, but due to the nature of the business they are in, they are compelled to press ahead with newer versions, and more often then not, it doesn't always equate to being better then their predecessors.

    EASTER
     
  21. wizzard2

    wizzard2 Registered Member

    Joined:
    Sep 14, 2008
    Posts:
    2
    Hi,

    can you please send me a dl-link for rtdefender?
    And its working on Vista sp1?

    Greetings
    wizzard2
     
  22. johncage

    johncage Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    70
    PLS check your PM.
    It's not ready for Vista sp1 now.:)
     
  23. wizzard2

    wizzard2 Registered Member

    Joined:
    Sep 14, 2008
    Posts:
    2
    thank you very much.

    Greetings
    wizzard2
     
  24. Thebazman

    Thebazman Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    7
    hi
    could somebody please pm the download link for this

    thanks
     
  25. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,119
    Location:
    Hawaii
    Check your PM box. Aloha
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.