Trusteer Rapport and EMET

Discussion in 'other anti-malware software' started by itman, Jun 12, 2013.

Thread Status:
Not open for further replies.
  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Decided to give Trusteer another chance on my WIN 7 X64 SP1 build. Although a bit heavy on resources, 17K for mgmt service and 34K for service, appears to be running fine under IE9. No noticable slowdowns so far.

    I did not realize that supposedly TR is not compatiable with EMET. I installed TR with EMET 3.0 running and no issues so far. IE9, Abobe, etc. all covered under EMET. EMET settings are DEP opt out, SEP opt out, and ALSR opt in. I have not set any setting in EMET for TR services yet. Don't know if that is advisable?
     
  2. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    me using Trusteer Rapport and EMET beta on W8 64 bit. So far no issues with system performance. All seems to be going well. No slow downs with firefox either ;)

    Am also interested in the below question...
    I have not set any setting in EMET for TR services yet. Don't know if that is advisable?
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    First, I found a pretty good guide to the recent version of Trusteer here: http://www.winhelp.us/trusteer-rapport.html. It covers EMET issues plus how to install in compatiability mode on WIN 8. Don't know if the latter applies since I think the latest ver. of TR in now OK for WIN 8.

    EMET issues appear to be "hit or miss" depending on the ver. of TR you install. I would would leave EMET settings alone unless you have a browser issue. And that should show itself right away when you try to open the browser.

    I have also read most of the latest 250 page(yikes) user manual and there are a number of interesting things about this latest ver. of TR. I have noticed since I installed it that I am getting frequent dial outs fron TR. Appears there is a anti-malware component to it that is scanning your system for malware. If TR finds any, it will open a "locked down" virtual browser on any of it's 300 known SSL secure web sites or any you select as such. It will also warn you that malware exists on your PC. I am still chewing over that one. Smacks of bank "cover your ass" stuff along the lines that if your bank account does get hacked, the bank can always claim your PC was infected, they warned you about via TR, and you ignored the fact. Some potentially risky legal liability stuff there.

    The difference however between this latest ver. of TR and the ver. I tried a year and a half ago of so is "like day and night." This sucker has more protection than Zemana and Spyshelter as it applies to SSL web sites.

    Also what I did differently this time installation wise was I selected the download for my specific bank from the TR web site. I don't recollect doing that on the old ver. I installed a while back.

    Anyway, I am going to end this thread and start another with what stuff TR found in just accessing two SSL sites.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    What I have noticed so far is Trusteer is hammering away at NIS 2013 auto-protect feature i.e. ccsvchst.exe. I have seen seen quite a few blocks in my NIS firewall log for rapportmgmservice.exe. That might play into the screen shots I am posting of what TR blocked from just visiting two SSL sites; one being my AOL e-mail sign-on screen. TR detected "keylogging type activity" there? -EDIT- I just realized the keylogger event text is standard stuff just notifying your that the key strokes were captured and encrypted by TR.

    I am hoping all these "events" are related to NIS protection since my PC is clean as far as I am aware off. Will get with Symantec on that issue.
     

    Attached Files:

  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I have come to the conclusion that Trusteer Rapport must be one of the most misunderstood security products in recent history.

    First, the current release bears no resemblance to its initial versions. Also there is nothing equal to its protection on partner web sites. On those sites, a secure tunnel is established at site connection time. Basically, it's impossible to breach it's protection during the entire site connection. Zeus and Spyeye organized hacking attempts have been attempted multiple times against TR.

    I read the previously test results done by Wilders forum posters. First, that testing was not done on recent versions of TR. Next, since the testors were not TR partners, the site tunnel was not in effect. Note that there are two parts to TR; the software installed on the client PC and software that is installed on the partner's server.

    Here is an article on TR from a respected security industry source: http://www.scmagazine.com//case-study-suntrust-bank-and-trusteer/article/230810/1/.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    The truely paranoid types might want to steer clear of Trusteer.

    There is an active cloud element to it and it is constantly dialing out; on the average every 20 mins. but sometimes less than that depending on your browser activity. It's part of their constant monitoring processing which includes what I spoke of in my first posting; informing your bank when you sign on that TR has detected malicious activity during the banking session. You can disable this but somewhat agree with TR that you immediately want your bank to lock down online access to your accounts and inform you a possible breach has occured.
     
    Last edited: Jun 15, 2013
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Also I would recommend Trusteer to NIS 2013 x64 users as supplemental protection for everything that is missing in NIS; kernel and non-kernel keyloggers, screen capture, global hooking, dll injection, browser alterations, etc.

    BTW - I do have non-kernel leylogging protection turned on in TR and I have had zero conflicts with NIS's "supposed" anti-keylogging protection. In other words, there is no keylogging protection in NIS x64 period.:argh:
     
  8. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA
    You have had no problems with it?

    I am concerned about problems it has had with mouse and keyboard drivers.
     
    Last edited: Jun 16, 2013
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Initially, no. However in the last couple of days, IE9 has been hanging up. Looks like Trusteer and WOT don't like each other. I am not totally surprised since WOT does dial home a lot and I suspect Trusteer is trying to shut that activity down. Uninstalled WOT and no browser issues since.

    I did have two WIN Explorer hang ups this morning. Don't know what that was about but hung culprits was dui70.dll and ntdll.dll. I suspect these might be related to the WOT uninstall. I might have to reinstall my graphics drivers.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Besides the review at Malware Research Group on Trusteer, Matousec also reviewed it last year. In that testing, only Kapersky and Trusteer passed:
    http://www.kaspersky.com/downloads/pdf/online_payments_threats_report_matousec.pdf.

    After fooling around with NIS 2013 Safe Web a hour or so yesterday, I finally got that to work as a replacement to WOT. Don't know what the problem was with Safe Web. Maybe it had to sort itself out with Trusteer since I had the plug-in disabled in IE when I had installed Trusteer.
     
Loading...
Similar Threads
  1. emmjay
    Replies:
    5
    Views:
    775
  2. lodore
    Replies:
    3
    Views:
    654
Thread Status:
Not open for further replies.