Testing bifrost against various HIPS/sandboxes...

Re: what a hell APPdefend is INSECURE

@aigle ok i will download it thank you.

 

Re: what a hell APPdefend is INSECURE

Pls let us know of ur results. NG beta 3 has some install problems, so during install before you reboot, mark all ur security software as trsuted to avoid any problems.

Were you able to know the problem of ur testing with EQS? Are u testing in VM/ shadow/ real system?

 

Tried NG beta 3 under ShadowMode of SS. It seems to pass the test.

Examined SSDT using RKU. On my system under sahadow mode, it showed 33 hooks by NG.

1- I executed server.exe, NG gave execurion pop up- allowed
2- NG gave baloon alert from tray area that server.exe is stopped from accessing memory directly( direct memory access is denied by NG for any executable by default without any popup).
3- NG gave popup that server.exe is trying to modify memory of explorer.exe- denied

Nothing more and server.exe was dead.

Again launched RKU and examined SSDT.All the hooks were in place, no unhooking at all.

As before I am posting results as text files, so u can examine. These are 2 text files.

1- Base-line SSDT in ShadowMode before running server.exe
2- SSDT after running server.exe against EQS

If I allow direct memory access to server.exe via NG, it removes 7 hooks of NG on my system.

Thanks