FMA Intel-Secure: (CCSU PR-Guard) Edition 2014 Official Release

[Nico@FMA]

Hello Guys

I got news for you,
You guys might remember what said before in the other FMA topic? Well if not let me remind you all:
FMA Intel-Secure is NOT going to play nice, it will fight dirty, it will fight cheap but boy o boy will it be effective.
And thats a promise..

Now here i am to honor that promise, Iam VERY proud to present:
FMA Intel-Secure (CCSU PR-Guard) Edition 2014

Sounds brilliant n.nvt ...uhhh but what is it?
Well let me show you.

FMA Intel-Secure™ forensics & intrusion analysis software (FMIAS) is a highly advanced digital forensic investigation and analysis tool.
Which allows system administrators and network specialists to collect, preserve and reveal digital evidence on windows based systems and networks.
FMIAS has the ability to perform memory and file analysis of a specific host and collects information about running processes and drivers from memory using basic and advanced techniques.
It gathers advanced file system meta data, registry data, event logs, network information, services, tasks, and Internet history.
Amongst many others, FMIAS’s features include other advanced options to read, scan, cross-reference and extract any data from multiple known and unknown sources within the Windows based operating systems and networks.
Our downloadable version of FMIAS is a very comprehensive tool that allows you to ultimately reveal any malicious data and traces to the source which allows you to reverse engineer and stop potential & actual cyber threats.

Note: This program is written for Windows 7 (32&64bit)
Full Feature List:
Low memory usage (Less then 35mb)
Low CPU usage (less then 5%)
Real time process monitoring
Real time data stream monitoring and logging
Advanced automated analyses capabilities (point to point analyses (PPA)
Next Generation system software analysis and logging
Next Generation active & hidden processes analysis and logging
Advanced process handler analysis and logging
Extended services status analysis and logging
PPA Kernel validation and corruption analysis
Next Generation system driver and signature analysis
PPA Kernel Transaction analysis and backtracking
Next Generation PPA HASH analysis and validation + extended logging
Windows services and malicious services analysis and logging
Limited log based Spyware detection (Manual detection)
Limited log based Exploit detection (Manual detection)
Limited log based Browser Trojan detection (Manual detection)
Limited log based Rootkit detection (Manual detection)
Limited log based Worm detection (Manual detection)
Limited log based Hooking detection (manual detection)
Firewall state inspection and logging
Full firewall extended logging
Advanced MCB scan, logging and repair
Start-up hash validation and backtrack changes
Driver validation and backtrack capacity
Group policy corruption and intrusion analysis
Data resources monitoring and logging
Hard disk volume analysis and serial logging
Advanced start-up scan and logging
Windows boot manager analysis and logging
System Policy analysis and logging
Group Policy analysis and logging
Advanced Internet connection repair and logging
DNS analysis, logging,repair, cleaning
ARP tables analysis, logging, repair, cleaning
Full IP INT analysis and reset capability
Advanced firewall analysis and repair
Firewall helpers analysis, logging and repair
Logging of all allowed programs
Logging of current profiles and repair
Deep level firewall configuration analysis and repair
Deep level ICMP configuration analysis, logging and repair
Full Inspection firewall services and dependencies (Logging and repair)
Firewall state inspection and logging
Full firewall extended logging
Advanced MCB scan, logging and repair
Advanced open ports scanning, logging and repair
Advanced firewall rule inspection, repair and logging
History logging for historical firewall notifications
Extended firewall OP mode scan and repair
Advanced winsock readout, logging and repair
Past and present full route information readout & logging
Hard drive health status and possible corruption analysis
Shadow copy health & validation capacity
Valid and rogue connections scan and logging
IP routing table analysis and logging
All active listening TCP and UDP connections scan and logging
Active TCP connections and (PID) logging
Logging statistics TCP, UDP, ICMP, and IP protocols
Bytes and packets sent and received statistic logging
Analyze and log components for all executables
Advanced internet connection repair and logging
DNS scan, logging,repair, cleaning
ARP tables scan, logging, repair, cleaning
Full IP INT scan and reset capability
Advanced firewall audit and repair
Firewall helpers analysis, logging and repair
Logging of all allowed programs
Logging of current profiles and repair
Deep level firewall configuration analysis and repair
Deep level ICMP configuration scan, logging and repair
Full Inspection firewall services and dependencies (Logging and repair)
Advanced open ports scanning, logging and repair
Advanced firewall rule inspection, repair and logging
History logging for historical firewall notifications
Advanced full reset and repair of Windows firewall, profiles, policies, rules, ports and dependencies
Full registry audits, deep level checks and cross call function referencing

I assume you guys want some eye candy to right? And while we are at it i might as well add the download link

Also it will soon be available on a special USB stick with additional programs.

For people who are going to use the program please take note of the following information:
The program has 3 analysis buttons and you start with the first one and work your way down to the last one so let me clarify:
* 1 Data Analysis
* 2 Network Analysis
* 3 Security Analysis
And most important WAIT till each command is finished do not run multiple scans at the same time it will crash. This has been coded in such way.

There are so many things changed that the program itself does not even remotely resemble the previous versions, not in a million years.
The previous versions where already pretty darn good, however this new version is a full Next generation application that does not screw around.
And yes these are strong words, and i do realize that, so here is the deal:

Test it, try it, review it and see for yourself.

NOTE: Please make sure you do not mix up different kind of tests and do not run tests simultaneously so start with Data Analysis, then Network and then Security.
In that order to produce the best results.

I have taken the time and effort to listen to idea's and i have taken the time and effort solve as many bugs as possible and while there might be a few bugs left i am 100% confident that this version is just off the scale in terms of performance and ability.
With that being said i ask you all to take the time and seriously reply to this topic as now its my turn to ask questions.

1 What do you think about the old version of FMA?
2 What do you think now seeing the new version?
3 What do you think of its features?
4 What do you think this software is capable of?
5 Did you ever use this software or are you planning to?
6 Any other comments, idea's or suggestions?
7 Are you going to test it?

Final note: Even tho this is my little baby, my little project and my little dream which i have been working on for the past year and i have done nearly for years of extensive research, this software is just as much MT as its mine thanks to the huge amount of support by individual members and by MT itself, and for that i respect you all very much and i hope that the road we all started does not end today, because if it would be up to me then this is just the beginning.

Kind Regards Nico

To know about the older versions please check this topic
And if you want to see the very first test done by @Umbra Polaris please look here
Visit our website or add us on twitter

 

[Nico@FMA]

Post updated and finished enjoy guys.

 

[Deleted member 178]

impressive list of features, i like the reset/repair capabilities of the previous versions , this one seems to go even deeper.

will test it and give my observations in some days.

 

[Nico@FMA]

impressive list of features, i like the reset/repair capabilities of the previous versions , this one seems to go even deeper.

will test it and give my observations in some days.

Yes this is so much deeper...

 

[BoraMurdar]

I am so happy to see people that are innovative in this section of the security where there is a little room to improvement and new stuff.
But in the same time, sad, because I'm hardware limited to test this project fully.
I saw the source code, saw the features and the only word I am capable to express now is WOW.
File comparison, data stream comparison and monitoring, registry/files/processes that are changed on the host machine where FMA is installed and monitoring (about everything) is totally awesome. Log files are so detailed that it cannot miss anything.
This product is capable and I just didn't had time to explore all it's features.
So far, I can only say good job and keep it up

 

[Nico@FMA]

I am so happy to see people that are innovative in this section of the security where there is a little room to improvement and new stuff.
But in the same time, sad, because I'm hardware limited to test this project fully.
I saw the source code, saw the features and the only word I am capable to express now is WOW.
File comparison, data stream comparison and monitoring, registry/files/processes that are changed on the host machine where FMA is installed and monitoring (about everything) is totally awesome. Log files are so detailed that it cannot miss anything.
This product is capable and I just didn't had time to explore all it's features.
So far, I can only say good job and keep it up

 

[Deleted member 178]

yep data streams are one of the way to evade AV's detection, i would reinstall Win7 just for it, but for that i have to reformat 2 OS , lol.

i will just wait the Win8 or Linux version

 

[Terry Ganzi]

Big respect goes out to you & your product for what you have accomplished,big hail to you and all the people that made this possible thank you Champ.

 

[imsoadude]

Downloaded and install and i have to say it looks good, a couple issues though:

- not big issue avast detects the rar file as virus i just disabled so i could test
- i ran a security analysis and then clicked open log folder and i got critical error 'FMA/logs. does not exist or has been corrupted. please reinstall our software to resolve the issue

now for what i would ask to improve is the file monitor if you could get it to do the most recent first (at the top) or to have it following/scrolling down automatically so i dont have to keep scrolling to see the most recent change especially since it updates fast on my system. you might also think of adding a setting like start deleting log results if they are *so many minutes* old

also when i click on the table headers for the process monitor it would be nice if it could sort them by whatever column header you click

i also had a question if you open the program then open a new process will it pick up that process because i opened hitman pro and filezilla after i started the program and i couldnt find them in the task list it might be a bug. the open folder and kill function work well and works very quickly.

all that i have said could be because im on windows 8.1 as it says for windows 7 on the program. otherwise i think it has so much potential and cant wait to see the program grow

 

[Nico@FMA]

Downloaded and install and i have to say it looks good, a couple issues though:

- not big issue avast detects the rar file as virus i just disabled so i could test
- i ran a security analysis and then clicked open log folder and i got critical error 'FMA/logs. does not exist or has been corrupted. please reinstall our software to resolve the issue

now for what i would ask to improve is the file monitor if you could get it to do the most recent first (at the top) or to have it following/scrolling down automatically so i don't have to keep scrolling to see the most recent change especially since it updates fast on my system. you might also think of adding a setting like start deleting log results if they are *so many minutes* old

also when i click on the table headers for the process monitor it would be nice if it could sort them by whatever column header you click

i also had a question if you open the program then open a new process will it pick up that process because i opened hitman pro and filezilla after i started the program and i couldn't find them in the task list it might be a bug. the open folder and kill function work well and works very quickly.

all that i have said could be because im on windows 8.1 as it says for windows 7 on the program. otherwise i think it has so much potential and cant wait to see the program grow

Alright thank you for testing however i want to make a couple of remarks regarding the errors you have.
1 The program is written for Windows 7 32 and 64 bit so running it on Windows 8 will produce errors.
2 The program has 3 buttons and you start with the first one and work your way down to the last one so let me clarify:
* 1 Data Analysis
* 2 Network Analysis
* 3 Security Analysis

In that order otherwise you will get errors as its designed to produce a critical error to protect the logs as the sequence is vital to exact results. But ill guess i could make a update and number the buttons to avoid this from happening.

About Avast i was not aware that they class the RAR as possible virus however i can assure you the files are 100% clean.
On Virus Total there are exactly 4 or 5 scanners claiming a virus but again its FP.
The main reason my program is being flagged is simple, it uses advanced algorithm and commands that are usually not found in other programs and it does not have a big user base. On top of that the executables are compressed files which is a technique often used by malware packers so most AV vendors have a problem with UPX compressed files by default regardless if they are clean or not.
Symantec is one of them, but as shown in the previous test by @Umbra Polaris my files are clean beyond the reasonable doubt.

If you still have doubts then i encourage you to submit the files to any AV vendor of choice as i know by default that they will report them back as clean and legit.

In regards to the file monitor it is going to stay like that as it has a option to save the log for "easy" review there is no point to keep it highlighting a change as it would scroll permanent due to the many changes on a system specially in case of a infection / intrusion / corruption so i did this on purpose in order to keep it easy for your eyes.

In regards to the process monitor i understand that you want to sort things but it really does not serve a purpose on my program as the processes are static within the real time monitor so you can just eye ball trough them for a specific process, however i might change that in the future.
Hitman pro and filezilla are witin the process monitor but since you are on windows 8 there might be a issue with reporting but the Analysis itself would highlight them. Again as you said yourself you are running windows 8 and my program was not written for that so i am amazed that the program even runs.
Other then that i want to thank you for using my program and testing it.
I also want to thank you for reporting back to me on the issues and as far as it goes i have taken note and will make the necessary changes when i see fit within the development schedule of the program, as i said before i might change some things however due to the very complex structure i have to pick and choose the priorities and as such i might leave it like this depending if it worth changing the code having in mind it runs so stable as it does. See my point?

Anyway i encourage you to run a VM or real pc in Windows 7 and repeat the test, i am 100% sure the results you are getting will be pretty darn impressive.
That being said i want to thank you again for testing my program.

Kind Regards
n.nvt

 

[Deleted member 178]

Again as you said yourself you are running windows 8 and my program was not written for that so i am amazed that the program even runs.

as i said earlier , i was right to wait the Win8 version

The program has 3 buttons and you start with the first one and work your way down to the last one

indeed that should really be mentioned , or at least the buttons greyed until the first analysis is done.

 

[WinXPert]

My main PC is still Windows XP Home, quite a dino really. wish I had a better spec PC someday to be able to try it

 

[Deleted member 178]

wish I had a better spec PC someday to be able to try it

on XP you don't have to , you already know you are infected

 

[Nico@FMA]

as i said earlier , i was right to wait the Win8 version
indeed that should really be mentioned , or at least the buttons greyed until the first analysis is done.

@Umbra Polaris
In regards to the windows 8.1 Version (i will skip Windows 8.0 as the update fundamentally changes to much) It will take some time for me to develop it as this software is aimed at the industry and not the home user. And as such windows 7 is perfect as NO company within my client list will go to windows 8 for the next couple of years.
However i am willing to make a windows 8 version for home users but thats going to take time as i really have to change ALOT because user friendlyness is going to be a big issue. Next to that Windows 8 has lost MUCH functionality in this field so its also going to require extensive research.
So right now i will prioritize on Windows 7.
Cheers

 

[imsoadude]

Its no problem, doing programming before myself i know moving the code from one OS to another usually will cause problems (for me it was always 7 to XP) so i assumed what i was seeing could be part of that. I also wanted to add because after i posted if avast is actively blocking and you have the program running but try to do an analysis it will detect whatever .exe file it is that runs and deletes it. avast when it shows has the report as fp button so i submitted the files to them when it did get caught so hopefully that will help

What umbra had just said is a good idea i would also think you should look at a all in one button underneath the three buttons so if you want all of the logs anyways you could do it in one click

I never believed the software to do anything malicious just figured id mention in case other users see it as a false positive and so you can have it undetected for final releases

When and if you get a windows 8 version i will be glad to test it again see if i can catch any bugs

 

[Nico@FMA]

My main PC is still Windows XP Home, quite a dino really. wish I had a better spec PC someday to be able to try it

@WinXPert
I am not sure if it will run on windows XP i honestly did not test it. But in terms of resources the program can run on a Pentium 1 with less then 256 mb SD ram.
So i am 100% sure you could run it resources wise.
But if you PM me with your DXDIAG log i will be able to tell you.

So open up CMD.exe and type: dxdiag.exe and then the program runs it will ask you to see if drivers are digitally signed hit yes let all the scans run then save it into a log (See button within Dxdiag) and send me a copy of that log.

I hope this helps.

 

[Nico@FMA]

Its no problem, doing programming before myself i know moving the code from one OS to another usually will cause problems (for me it was always 7 to XP) so i assumed what i was seeing could be part of that. I also wanted to add because after i posted if avast is actively blocking and you have the program running but try to do an analysis it will detect whatever .exe file it is that runs and deletes it. avast when it shows has the report as fp button so i submitted the files to them when it did get caught so hopefully that will help

What umbra had just said is a good idea i would also think you should look at a all in one button underneath the three buttons so if you want all of the logs anyways you could do it in one click

I never believed the software to do anything malicious just figured id mention in case other users see it as a false positive and so you can have it undetected for final releases

When and if you get a windows 8 version i will be glad to test it again see if i can catch any bugs

@imsoadude I am not sure if Avast is going to give you feedback but if yes i would appreciate it if you post me their reply, and if there are issues or questions please forward them to me.

 

[Plasmadragon]

Seeing the old program vs this version does indeed show the amount of effort being put forward by its developer(s) to make this software the most comprehensive forensics program available to date, and the dedication to infusing analysis power with simple implementation. I am quite happy with the program as it is and would recommend everyone of technical expertise with a background of eliminating malware, rootkits, viruses, exploits, spyware, trojans, worms, etc by hand using this program and seeing for themselves how much it reveals about incoming, outgoing, and in-house data on a client.

The user friendly look and feel of the program now is much cleaner as well, which helps in keeping the pace of the functions available. If there are any suggestions from me, they are purely cosmetic as I am pretty much at this point cannot make technical recommendations beyond what is present. The only thing I would like is for the buttons to be numbered in the order that one needs to press them to properly implement the program, and possibly a warning if the user does do things out of order. I do not know how difficult to implement that would be for this particular compiled script though so I'll just leave it at that.

Keep up the great work, hope to see more coming out of FMA

 

[WinXPert]

I think I need to resurrect an old desktop and put Win 7

 

[Nico@FMA]

I think I need to resurrect an old desktop and put Win 7

So you did get that error on windows XP right? Well then as i said in PM Windows 7 is the way to go while i doubt it would run on the system you have shown me on your DXdiag log.
Good thing tho is that my program 100% works without hassle on Windows 7 so thats a good thing. I assumed for a minute that at least some functions would run on Windows XP as some functions used in Windows 7 come directly from Windows XP when Windows 7 got developed. Sadly i was wrong. But as you can see as i said no harm done.

Nice try tho.