Crystal Security 3.5.0.195 quick review
Testing samples: TestMyAV.com - 668 samples + 1 green petya ransomware sample
DETECTION RATE: 100%
I modified only 1 option: Enabled Shell integration (for the right-click scan/analysis)
I performed an Advanced Checkup -> it found absolutely nothing
Then I performed a right-click analysis of the sample folder. It took quite a long time to upload. I got so many popups -> I must have switched on Silent Mode.
Silent Mode automatically blocks "Unsafe" apps but allows/whitelists "Suspicious/Unknown" apps -> I deleted the whitelist, turned off Silent mode and manually removed suspicious apps when there were popups
It was buggy that CS crashed 2 times with error popups
It stuck when the blacklist showed 699 (40 samples left in the folder). It was still uploading files but didn't remove any more sample
Then, I tried to reset/empty all the lists (several times) and perform a second scan of the folder => it worked again (deleted detected samples)
After several times of clearing all the lists, the final result was 100% detection rate (including suspicious samples). The whole process took me >1 hour
There is another problem with this app, which is false postives and popups
I was trying to run a few legit applications (geek uninstaller, patchmypc, zemana portable, itunes setup file for 32bit). CS didn't block most of them. However when I installed itunes, CS showed several prompts to allow/block some unknown .dll files of itunes. The default option was "Block" -> it would be unusable if I chose that option.
I had to manually allowed/whitelisted those dlls. After the installtion completed for a while (>15 minutes), CS was still scanning the itunes's folder and kept prompting to block unknown dlls. I had to manually allowed >10 popups and this number kept increasing due to new files were continuously being added to "Uploads" list. In this case, silent mode would have been the better option because it would block unsafe files but whitelist safe and suspicious files
After installing itunes. I tried to extract a few samples which were detected and deleted by CS. I performed a right-click analysis of the sample folder. However, CS didn't react to my command and kept prompting to block itunes files
Finally, I gave CS a final chance that I manually executed some samples during this overloading period (CS was still busy with itunes). Guess what? CS allowed everything to run without any popups (those samples used ~25% each and the system was obviously frozen. Then, I executed my green petya ransomware sample => boom!
My conclusion, CS is a very useful and effective tool to use as an on-demand scanner. However, it's not ready yet to be a true realtime protection solution. It works well when you run single apps which have a few files but when you run a big app or install a big app (itunes, for example), CS will be overloaded and ignore everything you do then => you system is unprotected because CS is still busy with its previous actions. This app is still buggy especially its UI.
Testing samples: TestMyAV.com - 668 samples + 1 green petya ransomware sample
DETECTION RATE: 100%
I modified only 1 option: Enabled Shell integration (for the right-click scan/analysis)
I performed an Advanced Checkup -> it found absolutely nothing
Then I performed a right-click analysis of the sample folder. It took quite a long time to upload. I got so many popups -> I must have switched on Silent Mode.
Silent Mode automatically blocks "Unsafe" apps but allows/whitelists "Suspicious/Unknown" apps -> I deleted the whitelist, turned off Silent mode and manually removed suspicious apps when there were popups
It was buggy that CS crashed 2 times with error popups
It stuck when the blacklist showed 699 (40 samples left in the folder). It was still uploading files but didn't remove any more sample
Then, I tried to reset/empty all the lists (several times) and perform a second scan of the folder => it worked again (deleted detected samples)
After several times of clearing all the lists, the final result was 100% detection rate (including suspicious samples). The whole process took me >1 hour
There is another problem with this app, which is false postives and popups
I was trying to run a few legit applications (geek uninstaller, patchmypc, zemana portable, itunes setup file for 32bit). CS didn't block most of them. However when I installed itunes, CS showed several prompts to allow/block some unknown .dll files of itunes. The default option was "Block" -> it would be unusable if I chose that option.
I had to manually allowed/whitelisted those dlls. After the installtion completed for a while (>15 minutes), CS was still scanning the itunes's folder and kept prompting to block unknown dlls. I had to manually allowed >10 popups and this number kept increasing due to new files were continuously being added to "Uploads" list. In this case, silent mode would have been the better option because it would block unsafe files but whitelist safe and suspicious files
After installing itunes. I tried to extract a few samples which were detected and deleted by CS. I performed a right-click analysis of the sample folder. However, CS didn't react to my command and kept prompting to block itunes files
Finally, I gave CS a final chance that I manually executed some samples during this overloading period (CS was still busy with itunes). Guess what? CS allowed everything to run without any popups (those samples used ~25% each and the system was obviously frozen. Then, I executed my green petya ransomware sample => boom!
My conclusion, CS is a very useful and effective tool to use as an on-demand scanner. However, it's not ready yet to be a true realtime protection solution. It works well when you run single apps which have a few files but when you run a big app or install a big app (itunes, for example), CS will be overloaded and ignore everything you do then => you system is unprotected because CS is still busy with its previous actions. This app is still buggy especially its UI.
Last edited:
