Some tests I ran on Dynamic Security Agent

Another detail- sometimes i click show details (because nothing really substancial is on the warning), and it simply goes away, no details, no block or allow. I have a hard time figuring out what just happened. Did i block it?

 

GW never hangs on my system for RegTest 2 and it even doesn,t allow the system reboot. Totally passed.

 

Hi, how I can do that in BIOS. Any problems anticipated?
Any loss of functionality?
Thanks

 

hello aigle
i think he means that the regtest2 hangs not the system itself. regtest2 hangs and doesn't change the registry or force a reboot of the system.

 

Thanks zopzop.
I just misunderstood it!

 

Well, do you never stop and restart services, and use cmd tools, etc, etc - just kidding , you do what you want, heh. Anyway, I wasn't 100% right either, since quarantined process seem to launch prompts too (according to help file "select 'Allow' and the item will be removed from Quarantine and added to the Trusted Process list"). Not logical to me, I expect a quarantined process to be blocked automatically, but that's how it is. Well, quarantining and removing from the list will have the same effect indeed...

Kareldjag? He's been busy these days, and doesn't have time enough to care about his blogs; it's a pity because we have done more tests since DW, but publishing/writing was never finished - I was busy too.

Sorry bellgamin, but since I've always disabled this module after install, I can not help. The best would be to ask them, they're very quick to reply.

Cheers,

nicM

 

Never happened to me Did you check the process lists after having such issues, to see if the process involved was added to one of the list?

Cheers,

nicM

 

It was about processes already in the list!

This too!

I'm sure it's detecting something different (or i hope), but no info is provided, in the warning or GUI. Sure, if only i saw the details..

 

Used DSA for a long time, never hapened to me either. However, I found that when you quarrantine a process, the next time it tries to start, DSA will alert you that a previoulsy quarrantined process is trying to (fill in the blanks). Sometimes it does it once (which I believe is normal), sometimes twice. Never more than that in my experience.

 

In fact, I always click on "Details", to see what is the alert about, and this small "preview" popup is not very handy, when all is said and done. I think we've a suggestion to submit , Lol. I mean, wouldn't it be better if we would get the full popup directly, instead of two, among which one is almost useless?

Thanks for the tip, that's something I didn't see anywhere in the help file!

 

YES! One box is enough, and i want to read everything in one

EDIT:
One thing: sometimes i am able to read the details. When i can't, i usually have a window open, like Antivir, or Opera.
Maybe the warning on the install was trying to say something..

 

Have you tested GeSWall?

 

In the context of my particular system set-up & computer usage, I have found the System Anomaly module to be a valuable added layer of security. Namely, it can detect certain types of suspicious behavior that other HIPS which I have tried do NOT detect.

Once System Anomaly was nicely trained, I simply tweaked its sensitivity level a few times, until I arrived at a setting where the number of pop-ups is small, & the level of their significance is sufficiently high.

All in all, now that DSA is trained on my computer, it is nearly invisible in terms of interfering with my productivity, and when it DOES do a pop-up it almost always has something important to tell me.

 

Hi Nicm,

No I do not restart services. I have checked what services I needed. Because I used SSM-free initially and it only warned for startup of services. I tried the SSM-Pro paid version (got a lisence), but it is quite a bit slower compared to the free version. So as a protection I used the hardening-tip of Kareldjag's blog to change the autorisation of the registry section of services with regedit.

About quarantaining feature of DSA: I respect the work you guys are doing for us (test's and info, etc), so I immediate committed my error. Later on I thought, hang on, am I missing something? I looked it up in the manual (see pic), but did not want to argue about it with you (as I said I really appreciate what you and others are doing).

Regards K

 

On the same help file page shown in the above screenshot, it goes on to say...

I put a *certain* antivirus program's infamous "notifier" in quarantine several days ago. Once I followed the instruction quoted above, DSA now blocks the notifier whenever I update that *certain* antivirus program, without bothering me about it. Shazam -- no more nags!

 

Ok, that's cleared out.
Overall, i like the simplicity and approach.
But i still feel it has some issues to resolve. And more info, more options. 2.0, if it surfaces, should be an interesting development.
Or the firewall should be interesting.

 

Hi Kees,

No problems, I discovered it too by looking at the help file, and was quite surprised, as I said in the post you quoted. Thought the change in my statement was more obvious then .

@ lucas1985: No, Geswall wasn't tested.

Cheers,

nicM

 

Thanks nicM But, since GeSWall is similar to Defensewall (policy sandbox), I can extrapolate (to some degree) the results of DF to GW.

 

OT: oh man, if we're talking about tests, how about the latest SandboxIE?
I can make bold statements if you need the incentive (prove me wrong )

 

Hi lucas1985,

Maybe to a certain extent, probably.

Btw I've got some news, so stay tuned about these tests I was talking about, it should be released soon .

On my side, I've started to do some more tests with DSA, but I do not know if it will be published as a review; I started tests on DropMyRights a long time ago, bunches of tests, but did fall through the "website building" step- Man, I got sick from computers during 6 months because of that , I don't want the same to happen another time!

nicM

 

At first boot of DSA Free 1.0.8.8, I was asked about these two Skype processes (that I did allow):
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe

But I noticed my Vtech USB7100 Skype Phone screen says, "USB missing".

The following five process also did not start, and I did not receive any message from DSA about them.

Adobe Reader Synchronizer (c:\program files\adobe\reader 8.0\reader\adobecollabsync.exe)
Vtech Cordless Phone Suite - usb7100 (c:\program files\cordless usb phone\vtech cordless phone suite.exe)
FastStone Capture (c:\program files\faststone capture\fscapture.exe)
Folding@Home (e:\mydocs\folding@home\winfah.exe)
Tiny Watcher (c:\program files\watcher\watcher.exe)

Mike

 

I

If you check the "require user approval for each alert". the details box will be the only one to pop-up.

 

DSA saved me from a malicious trojan last week. Antivir, NOD32 and Kaspersky all missed it but DSA blocked it. I'm looking forward to the next version.

 

Were u running three AVs at a time? Pls tell us few details how it saved u.

 

I run Antivir realtime guard, Nod32 IMON/on-demand and KAV 4.5 on-demand. In this case, the trojan tried to replace svchost.exe (or services.exe) and connect to the net. DSA blocked both actions.