Rising AV - free edition

Just add Opera to application protection, has teh same effect

 

OK, I admit it. I'm addicted to Rising AV.

 

I like Rising AV (and FW) a lot so far.

 

Just out of curiosity, who has configured the HIPS this way,
https://www.wilderssecurity.com/showpost.php?p=1274286&postcount=57

Regards Kees

 

Why change the Malicious Behavior detection (heuristics) to low?

 

Hi Kees,.............I have..... but occasionally tweaking to a small degree to stop pop-ups whilst maintaining security--I hope.

Gordon

 

False Positive, plus by adding custom rules to HIPS your sort of concentrate on the core OS-functionality. When you use SBIE/SafeSpace/GW/DW it the behavioral protection only slows down your PC (while effectively adding very little to security, due to the Custom setup of Rising's HIPS)

 

just did, brillant as usual.


Mike

 

I followed the photos you posted.

Dave

 

TIPS/suggestions for improvement, I will promise to collect them and ran some testing against it (to discover impact). I always like useability improvements (less pop-ups), so I welcome suggestions.

Reason for doing so: my wife sort of allows every pop-up on the XP box, so user interaction should be as less as possible (is the weakest link in the chain anyway) and my son does not want game interfering on his Vista64 box.

 

I was using NOD32 and Commodo D+ and WinPatrol. After a month, I got tired of the bloat in Commodo.

So, for the last several days, thanks to your excellent posts, I have also tried DW with Threatfire and Alvira Antivir. I also tried GW, but had some problems.

Now I have DW 2.45 beta and Rising AV and FW with your settings. I also switched WinPatrol for Anvir Task Manager after reading one of your posts. I kept Alvira for the right click Scan On Demand only for downloads, just as a double check. I use FD-ISR Pro and ShadowProtect for ISR and imaging.

So far, your setup has been tight as a tick, fun to use, and very light on resources. Thanks to you I am really beginning to understand this stuff. Your help is much appreciated.

Silver

 

Today I received an Email supposedly from UPS saying that a package was undeliverable. There was an attachment with the email (obviously malware). I did some checking and UPS is aware of it and sent out warnings. Panda was the first company out with a warning that the file contained a trojan.

I had Rising on my system for a trial. I saved the attachment to a directory and had Rising scan it. Nothing found.

Bye Bye Rising.

 

If you had DW, that would not have been a problem as long as you have your mail reader set to Untrusted.

 

you know, not to sound like a rising apologist, but there are LOTS of times when certain AV software finds a virus that others miss. it's not just rising, heck check jotti any given day to see what i'm talking about.

even if rising missed this one, it's HIPS would have been there to pick up the slack if it was run. this according to panda (the people who discovered this virus first) :
http://pandalabs.pandasecurity.com/

userinit.exe is one of the files SPECIFICALLY protected by rising HIPS.

 

Rising of all AVs has a different approach relying heavily on HIPS than just signatures alone which makes sense on a system that doesn't have net access or updates are not that frequent. I prefer it to just updates as there can be a gap between updates and getting infected. HIPS is the wave of future for all AVs, even Avira is conteplating it for their next version.

 

It seems that the assumption being made is that the HIPS portion of Rising is high quality. Personally I would question this as the AV already proved itself as lacking.

Although I like to fish in troubled waters by trying new security products, I think that it's time to throw this one back.

 

my findings after updating Rising AV with Kees tweeks, is that the pop-up response increased with POC's, but on several after denying, Rising lacked the horsepower to actually halt the process manipulation. i had a very small malware collection (11) which i ran against Rising AV & FW. Rising stopped cold the first 8, got to 9 )trojan-psw.qqcy.12.b (not absolutely sure about the 'cy' and have since deleted) Rising poped-up, i clicked delete, trojan ran anyway, jumped Returnils system drive protection and infected my D & E drives. fortunately i had AVZ onboard which found and cleaned d:\d.exe and the same for E drive, as well as autorun.inf's.

pretty disappointed, as i wanted Rising to replace my current primary snapshot security apps. i am sure my findings will meet with resistance, but it is what it is, and now Rising on my system is no longer.


Mike

 

could it have been : trojan-psw.qqspy.12.b ? hmm i wish you still had the sample i'd love to test it against other popular HIPS.

i agree, since rising mentions that it monitors global hooks as part of it's system reinforcement. what's more disappointing is that it seems that there's no way to contact these people to let them know what's going on.

 

to Risings credit, it did identify the trojan, but was unable to stop it from running. i am not well versed enough to know if it was bypassed by utilyzing hooks or not.

i should be able to find the sample again. i will pm you when i do.


Mike

 

Mike good testing, I can not recal (on a different image now) whether I had set global hook testing on in System Reïnforcement.

 

No, you didn't set it on. It is now set on in my setup.

Thanks for the info.

Silver

 

Silver,

Would you post a screenshot of it in the original thread, I am on a different image now

Thanks

 

Kees1958,

Here you go. I also posted it in original thread.

Silver

 

Did anyone test RAV hips against aklt.exe keylogger test? I get varying results when I tested it but my general conclusion was that RAV hips fails against aklt.exe.

 

i did, and yes it does.


Mike