Crystal Security 3.5.0.195 quick review

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Crystal Security 3.5.0.195 quick review

Testing samples: TestMyAV.com - 668 samples + 1 green petya ransomware sample
DETECTION RATE: 100%

I modified only 1 option: Enabled Shell integration (for the right-click scan/analysis)

I performed an Advanced Checkup -> it found absolutely nothing
advanced checkup.PNG

Then I performed a right-click analysis of the sample folder. It took quite a long time to upload. I got so many popups -> I must have switched on Silent Mode.
Silent Mode automatically blocks "Unsafe" apps but allows/whitelists "Suspicious/Unknown" apps -> I deleted the whitelist, turned off Silent mode and manually removed suspicious apps when there were popups
white.PNG

It was buggy that CS crashed 2 times with error popups
error.PNG bug.PNG

It stuck when the blacklist showed 699 (40 samples left in the folder). It was still uploading files but didn't remove any more sample
black.PNG

Then, I tried to reset/empty all the lists (several times) and perform a second scan of the folder => it worked again (deleted detected samples)

After several times of clearing all the lists, the final result was 100% detection rate (including suspicious samples). The whole process took me >1 hour

There is another problem with this app, which is false postives and popups
I was trying to run a few legit applications (geek uninstaller, patchmypc, zemana portable, itunes setup file for 32bit). CS didn't block most of them. However when I installed itunes, CS showed several prompts to allow/block some unknown .dll files of itunes. The default option was "Block" -> it would be unusable if I chose that option.
I had to manually allowed/whitelisted those dlls. After the installtion completed for a while (>15 minutes), CS was still scanning the itunes's folder and kept prompting to block unknown dlls. I had to manually allowed >10 popups and this number kept increasing due to new files were continuously being added to "Uploads" list. In this case, silent mode would have been the better option because it would block unsafe files but whitelist safe and suspicious files
Capture.PNG gfdhd.PNG

After installing itunes. I tried to extract a few samples which were detected and deleted by CS. I performed a right-click analysis of the sample folder. However, CS didn't react to my command and kept prompting to block itunes files

Finally, I gave CS a final chance that I manually executed some samples during this overloading period (CS was still busy with itunes). Guess what? CS allowed everything to run without any popups (those samples used ~25% each and the system was obviously frozen. Then, I executed my green petya ransomware sample => boom!
petya.PNG

My conclusion, CS is a very useful and effective tool to use as an on-demand scanner. However, it's not ready yet to be a true realtime protection solution. It works well when you run single apps which have a few files but when you run a big app or install a big app (itunes, for example), CS will be overloaded and ignore everything you do then => you system is unprotected because CS is still busy with its previous actions. This app is still buggy especially its UI.
 
Last edited:
5

509322

Crystal Security 3.5.0.195 quick review

Testing samples: TestMyAV.com - 668 samples + 1 green petya ransomware sample

I modified only 1 option: Enabled Shell integration (for the right-click scan/analysis)

I performed an Advanced Checkup -> it found absolutely nothing
View attachment 135742

Then I performed a right-click analysis of the sample folder. It took quite a long time to upload. I got so many popups -> I must have switched on Silent Mode.
Silent Mode automatically blocks "Unsafe" apps but allows/whitelists "Suspicious/Unknown" apps -> I deleted the whitelist, turned of Silent mode and manually removed suspicious apps when there were popups
View attachment 135746

It was buggy that CS crashed 2 times with error popups
View attachment 135745 View attachment 135744

It stuck when the blacklist showed 699 (40 samples left in the folder). It was still uploading files but didn't remove any more sample
View attachment 135743

Then, I tried to reset/empty all the lists (several times) and perform a second scan of the folder => it worked again (deleted detected samples)

After several times of clearing all the lists, the final result is 100% detection rate (including suspicious samples). The whole process took my >1 hour

There is another problem with this app, which is false postives and popups
I was trying to run a few legit applications (geek uninstaller, patchmypc, zemana portable, itunes setup file for 32bit). CS didn't block most of them. However when I installed itunes, CS showed several prompts to allow/block some unknown .dll files of itunes. The default option was "Block" -> it would be unusable if I chose that option.
I had to manually allowed/whitelisted those dlls. After the installtion completed for a while (>15 minutes), CS was still scanning the itunes's folder and kept prompting to block unknown dlls. I had had to manually allowed >10 popups and this number kept increasing due to new files were continuously being added to "Uploads" list. In this case, silent mode would have been the better option because it would block unsafe files but whitelist safe and suspicious files
View attachment 135747 View attachment 135748

After installing itunes. I tried to extract a few samples which were detected and deleted by CS. I performed a right-click analysis of the sample folder. However, CS didn't react to my command and kept prompting to block itunes files

Finally, I gave CS a final chance that I manually executed some samples during this overloading period (CS was still busy with itunes). Guess what? CS allowed everything to run without any popups (those samples used ~25% each and the system was obviously frozen. Then, I executed my green petya ransomware sample => boom!
View attachment 135749

My conclusion, CS is a very useful and effective tool to use as an on-demand scanner. However, it's not ready yet to be a true realtime protection solution. It works well when you run single apps which have a few files but when you run a big app or install a big app (itunes, for example), CS will be overloaded and ignore everything you do then => you system is unprotected because CS is still busy with its previous action. This app is still buggy especially its UI.

The developer, @Kardo Kristal will surely check these infos. He's already aware of a lot of it and working on the next version.
 

Kardo Kristal

From Crystal Security
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
Crystal Security 3.5.0.195 quick review

Testing samples: TestMyAV.com - 668 samples + 1 green petya ransomware sample

Hi @Evjl's Rain,

Thank you for the feedback and test.

Can you please send log files. Currently not sure why it crashed on your system. Also please send Settings.xml file.
Files are located under AppData\Crystal Security directory.

Blacklist issue is strange. There should be no limits. I will look into it.

I agree that at some point program is not that fast to catch and analyze files. There is a plan to make a lot of changes in active protection. The next Beta version should be more stable and hopefully without errors.

It is great to hear that it was good in detection. In the next version detection should be even better with new In-house dynamic engine. New engine should also decrease false positive and unknown detections.

Thanks to your test and feedback I am able to improve Crystal Security with each new version. :)
The developer, @Kardo Kristal will surely check these infos. He's already aware of a lot of it and working on the next version.

@Lockdown Thanks for the information. :)

Regards,
Kardo
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Hi @Evjl's Rain,

Thank you for the feedback and test.

Can you please send log files. Currently not sure why it crashed on your system. Also please send Settings.xml file.
Files are located under AppData\Crystal Security directory.

Blacklist issue is strange. There should be no limits. I will look into it.

I agree that at some point program is not that fast to catch and analyze files. There is a plan to make a lot of changes in active protection. The next Beta version should be more stable and hopefully without errors.

It is great to hear that it was good in detection. In the next version detection should be even better with new In-house dynamic engine. New engine should also decrease false positive and unknown detections.

Thanks to your test and feedback I am able to improve Crystal Security with each new version. :)


@Lockdown Thanks for the information. :)

Regards,
Kardo
Hi Kardo, thank you for reading :)
I'm sorry, my testing VM was destroyed by the green petya :(. Not sure how I can boot and get those file due to MBR encryption
 
S

Sr. Normal 2.0

I am a proud user of Crystal Security, but I have to agree that it has numerous bugs. As second line of defense is wonderful, although it requires a lot of interaction by the user. It is not, for the moment, a program for everyone, but a average or advanced user can enjoy it without problems.

After reading the @kardo post, I do not see the time to test the new beta version
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
@Evjl's Rain I had some crashes during first few launches. After a while, and after it processed a lot of files as Whitelist / Blacklist, it turned out to be almost stable. Hardly any crashes then.

Regarding popups, what I did was disable popups for unknown files because there will be many and it doesn't show +ve or -ve cloud results (since unknown). Kept auto decision probably, don't remember well. A small step down, but CS became usable now!

Popups were ON for suspicious and unknown files at least. That was enough to complement my AV, as asking about unknown files (that I disabled) would'nt have helped make decisions much (CS provides no more info in that case, acceptable enough). AV behavior guard to task here.
1 more issue is that the contextual scan (from explorer) won't work if CS protection is disabled. Bug I assume.

I love the concept though. It's going in the right direction currently and our dev friend is at the desk :)
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
I was doing some test (3 days ago) and it didn't block anything (Collective Cloud was turned Off because it always say "Unknown").
I wanted to test it in Malware Hub along with Windows Defender, but did not prove, so I gave up on it.

OS was Win 10 Pro_x64 in VirtualBox.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top