@cruelsister settings. Please
or a few days.
This new version (12.3.3.8140) has been out for a few days. I installed it on both a Win10 as well as Win11 system. As in the past, on initial install one can choose the components that you want (ie- AV and/or Firewall). I chose to uncheck the AV component as this will just add the ability to do on-demand scans as well as getting AV updates for that scan module. Personally I see no point in having such functionality as the FW by itself includes On-Access VirusScope as well as Cloud Lookup.
Anyway, as usual I just went with the FW component. Thank God that there are no new Bells or Whistles, so setup is THE SAME as the stuff I've been preaching about for a few years.
I did have time for a test (probably won't publish it (as I don't have the time and nobody views my videos anyway). For this test I used the Typical Cruel setup, first activating the LYCIA theme. For malware I just ran 12 samples- 3 of which popped up in the usual places in the past few days (prior to the test, of course)= a Lumma Stealer, an Agent Tesla, and a DC Rat.
The other 9 samples were files were Ophelia coded that have not been released into the Wild (a couple used in my previous videos).
Of the 3 in-the-Wild samples, VirusScope picked up 1/3, but obviously none of the custom coded malware (and no one else would either).
After running all of theses samples, all were contained with FW popups seen for those samples that requested Network Access (all but one, actually). For Giggles I then re-ran the same test with CF in Silent Mode (zero popups)
Upon finishing running the malware I first (without emptying Containment) did a manual System Analysis which was no great inconvenience as I knew where all the system changes would be), thenemptied Containment and ran both KVRT and NPE.
In all cases, it was confirmed that there were no System Changes.
Finally BEST PRACTICE hint. If you are currently using other versions of CF on a production System and want to install this BUILD prior to official release and internal update, On should Uninstall the old version, installing the New, and adding whatever FW rules that you see fit to include.
Enjoy!
malwaretips.com
