Crystal Security 3.5

[Secondmineboy]

No problem, maybe ill find more

Who knows?

PS: Crystal Security is now running on my grandpas PC since its the only Protection software next to Tiranium
that can still run on it. (Malware borked it up)

 

[JakeXPMan]

No problem, maybe ill find more

Who knows?

PS: Crystal Security is now running on my grandpas PC since its the only Protection software next to Tiranium
that can still run on it. (Malware borked it up)

Can he renew the OS to factory default? Or find the original registry setting point to restore with...?

 

[Secondmineboy]

Nope, clean installed Win 7 and we dont have the DVD anymore. It was my fathers one.

But a new PC would be better anyway. Or Linux.

 

[JakeXPMan]

Nope, clean installed Win 7 and we dont have the DVD anymore. It was my fathers one.

But a new PC would be better anyway. Or Linux.

Linux is a smart idea, if its used to go on internet and not run games and programs which require Windows.

 

[Secondmineboy]

Nope. only Internet

 

[Deleted member 21043]

Hello Kardo,

Was the new self-defence implemented in the latest version? Crystal Security can be terminated via Task Manager (which uses the WINAPI function TerminateProcess, which means ZwTerminateProcess will be called anyway) and by external programs?

Cheers.

 

[Kardo Kristal]

Was the new self-defence implemented in the latest version? Crystal Security can be terminated via Task Manager (which uses the WINAPI function TerminateProcess, which means ZwTerminateProcess will be called anyway) and by external programs?

@kram7750 Yes. it is implemented.

Try to kill it with Process Explorer or Process Hacker (without Admin rights). Please note that If you are logged in as Admin then you can kill it with Task Manager. This method is against targeted attacks (malicious processes) and not against Admin.

Regards,
Kardo

 

[MalwareT]

Russian website COMSS rated CS 3 out of 5 stars :

I think he will test it when he got time.

 

[Deleted member 21043]

@kram7750 Yes. it is implemented.

Try to kill it with Process Explorer or Process Hacker (without Admin rights). Please note that If you are logged in as Admin then you can kill it with Task Manager. This method is against targeted attacks (malicious processes) and not against Admin.

Regards,
Kardo

Don't worry, I see what you mean now. Yes, it does protect against Process Hacker (without admin rights).

 

[Kardo Kristal]

Russian website COMSS rated CS 3 out of 5 stars :
I think he will test it when he got time.

@Malware Test Thanks for the information. Crystal Security average rating is 4 out of 5.

COMSS: 3
Softpedia (Editor's): 4
MajorGeeks: 5
.. and so on..

Regards,
Kardo

 

[Kardo Kristal]

Don't worry, I see what you mean now. Yes, it does protect against Process Hacker (without admin rights).

@kram7750 Thanks for the feedback Mark.

This method is also better because previous method protected against 3 programs only and caused errors etc... This method is much better and seems stable and protect against any malicious process. It is actually partially good that Admin can close it (in case something goes wrong in program).

...and it works without driver/DLL injection.

Regards,
Kardo

 

[Deleted member 21043]

This method is also better because previous method protected against 3 programs only and caused errors etc... This method is much better and seems stable and protect against any malicious process. It is actually partially good that Admin can close it (in case something goes wrong in progran).

...and it works without driver/DLL injection.

Yes, much better than the last self-defence. But, if malware is run as administrator, it can bypass the method (which is why I don't like it as much), and many people get infected by malware running with administrative privileges, especially people who don't know much about how it all works and securing their system.

The reason I suggested DLL injection (code injection could also be used) is because this method allows you to write to the process memory to overwrite the instructions at the target address and prevent it from even being able to make the request call to the function to terminate your process in the first place. However, this would also protect against processes running as admin. (user-mode based, but injection can occur from kernel-mode as well).

As for a driver, that'd be the most secure option. But it isn't needed for now.

Good work though, it should be all okay.

 

[Kardo Kristal]

Good work though, it should be all okay.

@kram7750 Thanks for your opinion Mark.

Regards,
Kardo

 

[Secondmineboy]

Hi Kardo,

Crystal Security crashed on me after installing the newest version of Shadow Defender, i cant find any logfile
in the programs folder

 

[Kardo Kristal]

Hi Kardo,

Crystal Security crashed on me after installing the newest version of Shadow Defender, i cant find any logfile
in the programs folder

@Secondmineboy Thanks for the feedback.

Logs are located in AppData folder: C:\Users\<username>\AppData\Roaming\Crystal Security\3.5\Logs

Regards,
Kardo

 

[OokamiCreed]

Not sure if anyone else noticed, but Crystal (the current version at least) is detected by Kaspersky heuristics so I sent it in as a false positive. Even after excluding it from every possible module it still happens. Also take note that I set the heuristics on max and I'm using 2016 RC. Figured I'd send it in anyway to get that problem cleared up.

The install file is trusted however it isn't very known to Kaspersky itself. I had to manually add it as trusted otherwise it's on low restricted.

Source: http://whitelisting.kaspersky.com/advisor#search/afa82f780a89ca4474cc80045721e104

 

[Secondmineboy]

@Kardo Kristal : Heres the logfile

 

[Kardo Kristal]

Not sure if anyone else noticed, but Crystal (the current version at least) is detected by Kaspersky heuristics so I sent it in as a false positive

@OokamiCreed Thanks for the information and help.

@Kardo Kristal : Heres the logfile

@Secondmineboy Thanks! I'll look into it.

Regards,
Kardo

 

[OokamiCreed]

Kaspersky told me they can't reproduce the results which most likely is because of increase of my heuristic setting (which is what detects it). Told me to send screenshots if the problem persists (which I will do). The exclusions are set to completely ignore Crystal Security in every single module. I might have missed something though. Will uninstall, reinstall, and reconfigure. The exclusion problem might be a bug in the RC version. Never had a problem with Kaspersky 2015 and Crystal Security after all.

 

[WinXPert]

Time to give Crystal Security a spin.

Spoiler: Error

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
at System.Windows.Forms.ListView.OnHandleCreated(EventArgs e)
at System.Windows.Forms.Control.WmCreate(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ListView.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
Crystal Security
Assembly Version: 1.0.0.0
Win32 Version: 3.5.0.139
CodeBase: file:///C:/Program%20Files/Crystal%20Security/Crystal%20Security.exe
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5491 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5491 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
8b6ffd7b33b24b5e8cd424d8adb130ae
Assembly Version: 1.0.0.0
Win32 Version: 3.5.0.139
CodeBase: file:///C:/Program%20Files/Crystal%20Security/Crystal%20Security.exe
----------------------------------------
System.Xml.Linq
Assembly Version: 3.5.0.0
Win32 Version: 3.5.30729.5420 built by: Win7SP1
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml.Linq/3.5.0.0__b77a5c561934e089/System.Xml.Linq.dll
----------------------------------------
System.Core
Assembly Version: 3.5.0.0
Win32 Version: 3.5.30729.5420 built by: Win7SP1
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
System.Management
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5483 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Management/2.0.0.0__b03f5f7f11d50a3a/System.Management.dll
----------------------------------------
System.Configuration
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5483 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
Interop.SHDocVw
Assembly Version: 1.1.0.0
Win32 Version: 1.1.0.0
CodeBase: file:///C:/Users/Mommy%20Remy/AppData/Roaming/Crystal%20Security/3.5/Interop.SHDocVw.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.