RogueKiller V13

Discussion in 'other anti-malware software' started by Tigzy, Sep 19, 2018.

  1. Tigzy

    Tigzy Developer

    Joined:
    Sep 12, 2012
    Posts:
    91
    Location:
    France
  2. guest

    guest Guest

    Maybe you could describe your product (for those who don't know it).

    Tested it with standard scan:
    For a 33gb system, scan speed was good (around 20mn).
    I turned On all settings ,
    I set VT upload to ask (had the prompt as expected),
    I got some FPs which was expected.

    However i will suggest to allow user to add exclusions. Some FPs i got were for files i knew will be flagged.

    I bet the registered version allow to remove ads and turn Off telemetry, right?

    Overall : useful tool , nice design (especially the dark theme), nice display of the report (the table style is very easy to read opposed to the usual text files output)

    Good Job
     
  3. Tigzy

    Tigzy Developer

    Joined:
    Sep 12, 2012
    Posts:
    91
    Location:
    France
    Thanks for testing :)
    Ok so RogueKiller is an Anti-malware, description can be found here: https://adlice.com/download/roguekiller

    Exclusions is scheduled, it will be part of a 13.1 release I think. There's a bunch of major features yet to add, like automatic signatures updates, and custom scan.
    As for telemetry, the option will be switchable as soon as beta program is over, we need it to speed up the release. Telemetry is anonyme, it only sends internal program information.

    And yes, the ads are removed with Premium (you can try the Trial to see).
    Thanks :)

    Have you tried the Cloud upload?
    This is what it looks like (with a Adlice Diag report, but it works the same with RK) : https://diag.adlice.com/report.php?id=a2da097e6eb37b5584c92a9aaa1d260d

    EDIT: Can you tell me what FPs you got? (You can upload report and give permalink in private if you want)
     
  4. guest

    guest Guest

    not yet, i just did a quick test.

    one is an endpoint security software agent that creates a 2 processes and a service; those will always be flagged because the agent is unique and created by the user's management console.
    others are from Acer (my laptop vendor) which create a folder (DriverSetupUtility) in Program file (with exes, dlls, bat files, etc...).

    nothing catastrophic :)
     
  5. Tigzy

    Tigzy Developer

    Joined:
    Sep 12, 2012
    Posts:
    91
    Location:
    France
    I guess it's flagged as VT.Unknown right? But it's still better to whitelist the FPs, when possible.
     
  6. guest

    guest Guest

    I didn't even bother uploading it at VT. If I create a new agent, it will probably be flagged again because its code will change.
     
  7. KevinYu0504

    KevinYu0504 Registered Member

    Joined:
    Mar 10, 2017
    Posts:
    120
    Location:
    Taiwan
    I had try Version 12 about a week ago , the scan speed is slow ,
    did V13 improve the scan speed ?
     
  8. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    145
    Location:
    Bulgaria
    Hi Tigzy,

    Nice to see you continue to improve your tool. I am sure that all malware removal specialist members will agree with me. :)

    Do you have any changelog?

    Regards,
    Georgi
     
  9. guest

    guest Guest

    33gb SSD on i5/8gb Ram machine with standard scan = 20-25mn
     
  10. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,432
    Location:
    Land of the Light
    No. :mad:
     
  11. KevinYu0504

    KevinYu0504 Registered Member

    Joined:
    Mar 10, 2017
    Posts:
    120
    Location:
    Taiwan
    Testing on my VM system ,
    CPU with 2 core , 6 GB RAM , HDD ,
    after install some malware and Adware , the RogueKiller full scan take 45~46 min .

    Malwarebytes takes 23~24 min ,
    Zemana takes 28~30 min .

    Did RogueKiller using any Cloud service ?
    i still feel RogueKiller's scan speed is slow ,
    really hope they can improve this part .
     
  12. KevinYu0504

    KevinYu0504 Registered Member

    Joined:
    Mar 10, 2017
    Posts:
    120
    Location:
    Taiwan
    Thanks .
    I just test new version 13 yesterday ,
    the scan speed is slow just like old version ... :(
     
  13. Tigzy

    Tigzy Developer

    Joined:
    Sep 12, 2012
    Posts:
    91
    Location:
    France
    A WHOLE lot. On regular machine, V13 quick scan runs in seconds (~30 secs) while standard scan runs in about 30 minutes (this scan is more subject to how many files you have on the machine).

    The Changelog isn't uploaded yet, I'll provide for next beta.

    It was improved, can you give a shot to V12 see if there's a noticeable difference?
    We have added multithread scanner, improved the signatures and scan locations.
     
  14. KevinYu0504

    KevinYu0504 Registered Member

    Joined:
    Mar 10, 2017
    Posts:
    120
    Location:
    Taiwan
    I am using the free version , as i remember , only full scan can be used .
    my VM system just install few houes only , however i indeed install some Malware and Adware from China for testing different secure tool ,
    the RogueKiller Version 12 takes 39 min for full scan , Version 13 takes 45~46 min .

    Yes , indeed there is some little different ,
    my VM system had already scan by RogueKiller 12 and reboot , after that i use RogueKiller 13 to scan it again ,
    RogueKiller 13 found some new threats , as i remember is PUM and Trojan .

    It's good to see RogueKiller 13 had improve the detection rate ,
    but the scan takes more time , if RogueKiller can improve scan speed , that will be great .
     
  15. Tigzy

    Tigzy Developer

    Joined:
    Sep 12, 2012
    Posts:
    91
    Location:
    France
    Then I don't think you are on the V13 version. Have you used the links from my first post? You should have the choice between Standard / Quick scan.
    The scan SHOULD be faster, one a Quad-core it scans 4 times faster (multithreading)
     
  16. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    145
    Location:
    Bulgaria
    Hi Tigzy,

    The Report button doesn't seems to work?

    I made some screenshots of the false positives I encountered. Some of them are severe:

    imgur.com/a/RTPdYvm


    Regards,
    Georgi
     
  17. KevinYu0504

    KevinYu0504 Registered Member

    Joined:
    Mar 10, 2017
    Posts:
    120
    Location:
    Taiwan
    Yes , i download the program from your link ,
    i am sure it is V13 .
    the icon is a little black virus in a circle , version mark as " 12.99.9.0 64bit " .

    But i i do apologize , i made a mistake , i was wrong ,
    indeed the scan function can choose between Standard / Quick / Custom scan .
    because the standard scan had mark " recommanded " , so i didn't try the quick scan yet .

    Compare other products , RogueKiller's Standard scan seems takes more time ,
    maybe because my VM system only had 2 core CPU , but this is because i still had a host system are runing ,
    so i limit it .
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,965
    Location:
    The Netherlands
    I've tried older versions in the past but it always seemed to perform sluggish, didn't like it. But what type of threats does it detect? BTW, I did enjoy all the articles that you wrote on your site, so good job with that.
     
  19. Tigzy

    Tigzy Developer

    Joined:
    Sep 12, 2012
    Posts:
    91
    Location:
    France
    This was reported once, but I couldn't reproduce. What operating system? Are you able to open reports from the "History" / "Reporting" view?
    This isn't "as bad", the svchost processes are just killed (and not removed) because RogueKiller knows svchost is a system file. They're flagged because not started by services.exe (like it should be), and this is often the case with hollowed processes or poorly coded software. The remaining will be added thanks;

    Well it really depends on how many items are scanned, and how many items are "really scanned". Many vendors are filtering by file type (we do as well), giving the false impression that the whole filesystem is scanned, but in the end only a small portion of files are really opened and searched for signatures. 45 mns for the whole system scan is not too bad TBH. How long is the Quick scan? Should run in less than a minute.
     
  20. Tigzy

    Tigzy Developer

    Joined:
    Sep 12, 2012
    Posts:
    91
    Location:
    France
    We don't limit threats, everything malicious or potentially malicious is added. Thanks :)
     
  21. KevinYu0504

    KevinYu0504 Registered Member

    Joined:
    Mar 10, 2017
    Posts:
    120
    Location:
    Taiwan
    Yeap , it's really quick , as i remember , only takes 1 min and few sec only .
     
  22. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    145
    Location:
    Bulgaria
    Hi, OS is 8.1 x64. Btw I am using the portable version. Also there is no folder with logs. I checked the %Programdata% folder where usually RK saves them. And the History is empty.

    Ok, good to know. Maybe it's because I hardened OS a bit and disabled some of the unnecessary services (for me) like Server etc (since I don't use file sharing).

    Glad to help. Keep up the good work!


    Regards,
    Georgi
     
  23. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    697
    Location:
    Europe
    @Tigzy
    I downloaded the 64 bits version, and in the main screen it's said 'Free', not 'Beta' version. Are you sure this is the Beta version ? :doubt:
    ProcessHacker.exe is found. This is a FP.

    Could you tell us more about MalPE module ?
     
  24. Tigzy

    Tigzy Developer

    Joined:
    Sep 12, 2012
    Posts:
    91
    Location:
    France
    Ok then, so I think 1mn / Quick , 45 mns Standard isn't that much unexpected. We benchmarked 30 secs / 30 mns, and this can vary with the amount of items to scan.

    I feel like it's an issue with ACLs, do you have specific rights on the ProgramData folder, do you see the RogueKiller folder there? Who's owner?

    If it's version 12.99 then yes, it's not labeled as Beta.

    Do you have the report or just the line with detection name (and path of installation)?

    MalPE module is still in beta, and will be improved a lot as from 13.2. It's an heuristics module looking for PE manipulation (packers, non-standard structure). It gives a score and if above threshold it triggers a detection.
     
  25. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    145
    Location:
    Bulgaria
    Nope. The ACLs are default:

    i.imgur.com/GXkaiIO.png

    and no, as I said there is no created folder in the %Programdata% by RogueKiller.

    Also the History tab => Reports is empty after the scan is done.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.