Sensiveguard Guard review

Discussion in 'other firewalls' started by Kees1958, Jan 15, 2007.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi wilders folks,

    What is it?
    Sensive guard is a network and data firewall

    For what type of users?
    Mediate security skilled

    Memory usage
    - bservice 3,2 MB
    - bclient 6,5 MB


    Installation
    Out of the box with easy tick box to select functionality
     

    Attached Files:

    • SG1.JPG
      SG1.JPG
      File size:
      137 KB
      Views:
      35
    Last edited: Jan 16, 2007
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Sensitive Guard review

    What's good

    It has some behavorial detection whether or not a trigger is started by the user. This is good for mediate experienced user, because you do not have to know (like coreforce) what all the impact of certain dll's et cetera is on your computer's safety.

    Default rules are the learning rules (only allow and warn), when after a warning a remember option is chosen, a new rule will be made. This new rule can be set to deny to make SG quite.

    Bug thing, when you enter more then 10 file types (e.g. *.com, *.dll) the programs dumps. So your data firewall is limited to 10 file types.

    Good thing: data firewall always includes sub directories. So when you want to allow several update releases of your favourite anti-virus, just go change the folder setting to a higher directory (e.g. for Antivir C:\documents and settings\all users\application data\antivir personaledition classic\) and SG will never pop-up again for AV-update
     

    Attached Files:

    • sg2.JPG
      sg2.JPG
      File size:
      68.6 KB
      Views:
      23
    Last edited: Jan 16, 2007
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Sensitive Guard review

    Good things -- continued --

    After training period, you can set the firewall rules from warn to deny to make SG very quite (left).
    SG has default rules for windows update etc. (right)
     

    Attached Files:

    • sg4.JPG
      sg4.JPG
      File size:
      104.6 KB
      Views:
      11
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Sensitive Guard review

    Does it work?

    Yes it intercept communication and data access (you can check in the log).

    Only strange behavior: You have to set the default rules inactive and replace them by custom (see post down below). Direct downloads from IE, P2P, E-mail client will be intercepted (e.g. Adobe automatic update access, flash advertisements accesssing to *.com files, etc.).

    Bottem line

    I will keep this free ap for a while, I like the data firewall bonus, although I have not tested it against all leak tests/program termination due to other security aps.

    For my wife's PC it is important to get security aps quite (she allways chooses allow), so I will keep on trailing SG for a while.
     
    Last edited: Jan 17, 2007
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Sensitive Guard review

    Share other experiences anyone? (Easter, Kerodo)?
     
    Last edited: Jan 15, 2007
  6. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    340
    Re: Sensitive Guard review

    I found it to be light on resources and had a good number of ways to configure what an application can/cannot do. The only things that are keeping me from using it are that it gave me a bunch of BSODs and it hasn't been updated in a long while.
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Sensitive Guard review

    Well BSOD's are a good reason to pass, have not encountered that (yet).
     
  8. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Re: Sensitive Guard review

    Check your handle count. When I tried it over a year ago, my handle count used to climb to ~25-30000. They updated it soon after I believe but I didn't keep using it.

    BTW, it's SensiveGuard, not SensitiveGuard.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Sensitive Guard review

    Thx,

    It is sensiveguard, keep on making that mistake. Checked the handle count in the task manager. It stays between 12400 - 12600, so they must have fixed this issue.
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Sensive Guard review

    How to replace the default file proyection rules (protection against download of executables and reading of private data).

    Choose the default file protection settings (fixed allow and warn option can not be changed). Select file protection tab, select advanced, select the default rules (the top ones), choose edit policy detail (button right of the screen, marked -1), click line (marked -2-), press delete (marked 3) and select apply on th emain screen.

    Default line is now inactive
     

    Attached Files:

    • SG5.JPG
      SG5.JPG
      File size:
      138.8 KB
      Views:
      12
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Sensitive Guard review

    Creaste a new rule with settings deny instead of warn
     

    Attached Files:

    • SG6.JPG
      SG6.JPG
      File size:
      134.9 KB
      Views:
      8
    Last edited: Jan 16, 2007
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Sensive Guard review

    And voila (for test purpose set to warn) SensiveGuard stops download initiated by user
     

    Attached Files:

    • sg7.JPG
      sg7.JPG
      File size:
      141.3 KB
      Views:
      6
    Last edited: Jan 16, 2007
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Kees1958,
    It as been quite a while since I looked at this. I did make 3 attempts at installing onto XP pro(sp2)~ (3 clean (different) images), but the UI would not show. I could find no system/application errors to work from to try and find the problem, so to save time I have now installed onto W2K, and running well. I will play for a while.
     
  14. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    Re: Sensitive Guard review

    if you test it vs leak tests/program terminations/etc.. i'd love to know the results :D i've never heard of this program before but it seems to resemble tiny firewall pro 2005.

    i have one more question kees1958, can SG stop a program from accessing/writing to the registry (like registry defender or SSM)?
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Zopzop,

    Wel yes and no. Sensitive guard does not look into the registry, so it will jump into action when a general "program with internet access" or specific program like Firefox of IE try to access the file or folder.

    Most Internet and mail programs make all sorts of innocent changes in your registry. So the defense in practise would be useless (for even a small change the program has to be allowed).

    Senive Guard is pretty effective in a layered approach (see pic) as damage protection/prevention.

    Registry being a vulnarable file should be protected at the trigger level (e.g. ProSecurity, MJ Registry Watcher, ect).


    I only did a few leaktest, because the security setup is pretty restricting. Sensitive guard worked okay (also against the no longer available BufferZone test). Only thing I came accross about SensitiveGuard is that it does not always stealth your ports (they are closed). I think Sensitive Guard is not the firewall/datawall for people not having a hardware firewall. For people owning a HW FW, it is a great program: light on resources, fast, smart (difference in user initiated actions or other) and offers data wall protection (for instance not allowing folders to be changed/read or changing specific file types like *.exe, *.dll in a directory).

    Regards

    Regards
     

    Attached Files:

    Last edited: Jan 27, 2007
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Stem,

    Would you be so kind to share your experience? I appreciate your opinion

    Thx
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Hi,

    I checked this app out a while ago, and it does look powerful, but I wasn´t feeling it , I´m talking about the whole "look and feel" and ease of use. The only thing that I found to be interesting was the fact that it claims to be the only security tool that is able to recognize if actions are initiated by user, or by malware? Is this true or not and how does it manage to do so? ;)
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I wonder how does it recognize this?
    Does user means explorer here. In that case it,s not a big deal.
     
  19. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Sensive Guard review (link)

    Tried it against trojan.exe blocked flawless,

    Maybe stem could share some of his tests/opinions
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Try it yourself

    It known what sequence of events is directly initiated by the user, trojan.exe does not have a chance for instance.

    The combination of firewall and datwall is pretty scary. A lot of macromedia programs do write to your harddisk (data wall deny's access to any program with internet connection on 10 possible excutable suffixes). Funny thing is the dynamic contect is shown correctly. Makes you wonder why? Bet that lot's of HIPS and FireWall users never had noticed this
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Sensive Guard review (link)

    Hi Kees1958,
    I have managed to find time to run some quick tests. But I need to get this installed on an XP box for better testing (will try to find time later, if it will install on XP on my setup)

    Basic scans are being dropped, so those who go for "Stealth" will be happy with that.
    Applications access: I am not completely sure as of yet, how the applications are being checked, as a change of application (application replaced/altered) does bring up a popup, but this simply askes if you want that application to be allowed internet access, it does not inform that the application as been changed. This could be a problem, as users could just think that a firewall rule is missing or corrupt and simply allow. There is the fallback of protecting the actual application from being altered via the "File security settings", but I would of liked to see a warning about an application that as been changed when internet access is being attempted by such an app.

    Kill attempts: There are 2 programs showing as running for SensiveGuard:
    bsclient: This can be killed without much problem, but the app is automatically started again (under bservice), and as this is simply the UI, then even while this is terminated, protection is still in place.
    bservice: This appears to be the main app that provides the protection. This does servive well against kill attempts. I have only ran "APT" at this time, but out of the 12 kills, bservice servived all I could run on my setup (kill 10 would not run on my setup (requires Terminal services)). From the "Kernal kills", method 2 did shut down bservice.

    I will try to find time later to play more
     
  22. gagman

    gagman Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    68
    Location:
    France
    I've tried sensive guard on a win2K server machine, and I had an issue with it : bsod when shutting down the machine
    Moreover, after installing sensiveguard, I had some bsod I cannot be sure it was related to this FW, but, well, I was pretty sure it was the guilty one.

    Sensiveguard is defined to win 2000/XP machines, I think they mean 2000 workstation, not 2000 server.
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I am still unable to get the UI to show after installation on my XP pro box (even with base XP pro only). It will install on VM XP pro with no problems, there must be some hardware driver conflict. I will need to make setup with 3 PC`s (rather than my usual setup of 2 PC`s+VM) to test the packet filtering

    I will setup ASAP.
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Ny not allowing programs with internet connection to access files with: *.exe, *.com, *.dll, *.tlb, *.ocx, *.vxd, *.sys *.drv, *.ini,*.hta

    SensiveGuard also gives additional protection against rootkits (often attacking drv, sys, ini files)
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Kill attemps using "SPT"

    The 16 basic kill methods against "bservice.exe" failed to terminate.

    Only on "elevate privledge" did method 2(terminate all its threads) and 4(Instruction Pointer (IP) modification) succeed in termination.
     
Thread Status:
Not open for further replies.