StormShield Personal Edition

Discussion in 'other anti-malware software' started by Kernelwars, Mar 1, 2011.

Thread Status:
Not open for further replies.
  1. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    None of these two commands work for me. I have WinXP Home Edition if this matters.
     
  2. Ishan

    Ishan Registered Member

    Joined:
    Mar 4, 2011
    Posts:
    9
    Hi,
    sorry for the delay but we had to configure a Windows Xp Home environment ;)
    This is bad news but I think that your problem is definitely BIOS related...
    Everything is working just fine in our XP Home environment and on top of, it we rely on Microsoft APIs to query the state of NX/XD mode used by Windows.
    The fact that the NX/XD state isn't displayed in the BIOS doesn't mean that it is activated, we already had the issue with some sony laptop...

    We'll try to investigate a bit further to confirm the diagnosis.

    Best regards,

    Skyrecon SPE R&D team
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    How does the vulnerability protection work? Obviously it uses DEP, but could you explain more?
     
  4. Ishan

    Ishan Registered Member

    Joined:
    Mar 4, 2011
    Posts:
    9
    There are two different kernel images shipped with 32bit version of Windows (since Windows XP SP2) : ntoskrnl.exe and ntkrnlpa.exe
    The features required by our protection are only present in the image loaded when NX/XD is activated.
    (This stands for the personal edition, the professional edition uses some more advanced techniques that do not require NX/XD...)

    Best regards,

    Skyrecon SPE R&D team
     
  5. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    I'm using ACER Aspire One AOA150 ZG5 with latest BIOS and WinXP SP3 32bit also fully updated.
     
  6. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    It has some personal white list or something?

    Because I installed CCleaner and it did not even notice anything, but I opened Chrome and he said there was a change in registration. So the question, the installation of CCleaner which in theory modify much the windows registry, there was no warning. Chrome was just open it and there was a warning.

    I'm not testing it on my main system, but in the virtual machine, then I use Windows 7 Home Premium x64 (Without SP1).

    Thanks!
     
  7. Ishan

    Ishan Registered Member

    Joined:
    Mar 4, 2011
    Posts:
    9
    Ok...
    To be a 100% sure, please follow this steps :

    1) download and extract DbgView.exe from microsoft technet :
    http://technet.microsoft.com/en-us/sysinternals/bb896647

    2) launch DbgView, open the 'capture' tab and select 'capture kernel', 'enable verbose kernel output' and 'log boot'

    3) close dbgview and reboot your computer

    4) Open your session as usual and launch dbgview again, you should see the log captured during boot time

    5) scroll up to the beginning of the logs, if you see a message like :

    ">>> Overflow Protection: Warning PAE not activated, NO NX/DX support.
    >>> Overflow Protection: Warning DEP not activated, please check boot.ini for the /noexecute option
    (if your processor support this feature)"

    Then you are 100% sure that it is a BIOS or hardware issue (since your boot.ini is fine)...

    Best regards,

    Skyrecon SPE R&D team
     
  8. Ishan

    Ishan Registered Member

    Joined:
    Mar 4, 2011
    Posts:
    9
    Hi !

    No there is no such thing like 'personal whitelist' inside SPE ;)
    SPE only monitors registry keys that have been found to be used by malwares. Since CCleaner doesn't use any of these keys, you won't get any warning when installing it.

    If you wish to be sure that the protection is running with CCleaner :

    1) launch CCleaner
    2) open the settings tab
    3) select the 'Run CCleaner when the computer starts' option

    You should immediately get an alert since CCleaner will try to set up a key in the registry to launch automatically at startup :)

    Best regards,

    Skyrecon SPE R&D team
     
  9. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    Thanks, but now I got the warning!

    This software is surprising me, maybe soon he comes in my main machine.

    Congratulations software, and once again thanks!
     
  10. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Following your guide, but all i got were 5 lines in log and none have the data you mentioned.
     
  11. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Ok, my mistake, i rmeoved StormShield and did the logging without it. Now i got the info but it says PAE and DEP are not enabled. Stupid. I have the CPU with DEP, i have the OS with DEP, it's the stupid Acer BIOS that has DEP disabled by default with no way of enabling it. Sigh.

    Is this "Degraded protection" mode even worth using?
     
  12. Ishan

    Ishan Registered Member

    Joined:
    Mar 4, 2011
    Posts:
    9
    Part of the protection is still active but not the 'best' part, sorry :doubt:
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Perhaps upgrading the BIOS will help? I have an Acer too and there is nothing about DEP on the bios but DEP works fine.
     
  14. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Was thinking of trying it, but it requires Framework Microsoft .Net 2.0 :thumbd: which i don't have/want.

    Anyone use StormShield Personal Edition with say Prevx and/or Zemana etc ? If so, how they gey along together ?

     
  15. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Refusing to accept .NET these days is like refusing C++ runtime libraries.
    .NET is great, i don't know what got into ppl's heads that they all hate .NET.
    Why exactly?

    @BoerenkoolMetWorst
    I do have the latest BIOS version, apparently Acer thinks i don't care about DEP since i have a netbook...
     
  16. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,584
    Location:
    Romania
    A review that i found on youtube.What do you think guys?
    Even if it's the free version,i think it needs a lot of work,as it seems to be useless as it is now.

    -http://www.youtube.com/user/TheLecobra#p/u/2/maD2Gq2RNyI-
     
  17. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    556
    Location:
    Sonoran Desert
    I noticed it was used as it is set up by default, which is to alert on keylogging protection and registry protection instead of block.

    I'm no expert but it doesn't seem a true test of it's full potential.

    I am trialing StormShield now and am interested as to what others think about it. It does not impact system performance at least that I can tell and it works properly under a LUA. Not sure but I think SpyShelter may offer more comprehensive protection.
     
    Last edited: Mar 14, 2011
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    It sets same protection as EMET, adds some hooking protection and autorun registry options (the most common ones, not the full autoruns protection). When you run windows7/Vista with UAC it is a nice add-on for the few disk I/O's and CPU time it will cost you.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.