Hi everyone,
I got a lot of feedback about 3.5.0.120 stable version and I decided to make post with Questions and Answers.
@viktik
Why is that maximum size of file that can be uploaded?
Answer: Maximum file size is 128 MB. There is a plan to add customizable limits for uploads.
Files gets uploaded to virus-total or crystal security server?
Answer: VirusTotal
What is "internal check" Engine?
Answer: It is one of the engines you can see under Settings. It is local and updateable databse - useful for offline users.
Answer: When you enable it first time then all files in certain locations will be listed and trusted by default. When new (aka unknown) file arrives then it is untrusted by default. It is possible to add specific file to exclusions list manually and anytime. There is also a plan to add (allowed/blocked) history for Stealth Guard.
Answer: If silent mode is enabled then all notifications (results) are hidden.
Scanning of active process not working. No active processes was scanned. None has been added to overview or white-list.
Answer: if you mean already running processes then it is normal. When new program starts activity then it is detected as a new process creation and will be analyzed automatically.
1. Start Crystal Security
2. Now launch new program, e..g. Paint, Calculator
You can also keep a log of date and time of first scan .
Answer: I have a plan to add it to Notification (maybe under "Details" ).
The files is classified "safe" because almost no antivirus engine detected it as malware. But what if it is a new undetected malware.
Answer: Point of the question? There is no product with 100% detection/removal (unless it is default-deny, but even then everything is possible).
The solution is automatically rescan the files in Whitelist & Blacklist everyday, which are not more than three days old.
Answer: Another user also suggested it. I'll try to add it. Thanks.
Add a setting to automatically remove files from Overview and Uploads that are more than older than a specified number of days. user can set the number of days.
Answer: I'll think about it.
Add a crystal security shortcut in start menu. Also add shortcut for uninstaller.
Answer: If you mean shortcut created during installation then I can't add it because I am using free version of Advanced Installer.
Context menu entry remains even after uninstalling Crystal Security.
Answer: Currently only workaround is to disable shell integration before uninstallation or another solution is to disable context menu entry automatically when program is closed (exited from tray menu).
@Malware1
Why would you upload a file and not check the results later?
Answer: Unknown file is queued for certain interval. After some interval unknown file is checked again via collective cloud (VT).
Please also enable on-access scan by default and stop scanning signed files at VT so they have fewer API requests.
Answer: I am not sure if it is good idea to enable on-access by default. Got several reports that it may cause performance issues for some users. Signed files are skipped/white-listed by default without any analysis via cloud.
CS uploads the file,but even when its checked, i can select anyway "Upload file for analysis" in the alert (what is that going to do? double upload)
Answer: Yeah. This behavior will be improved in the next version.
When all clouds and other checks are selected in the engine list, not only heur check, then when the scanned file isn't present at VT and the heur detects the file, the Unknown alert is shown. In other words, the heur check should have the highest priority level.
Please fix this.
Answer: Active protection engine will be improved/updated with next or newer version.
Please also make a custom scan option in the program, not only via right click.(I think there was a right click scan,but can't find it now)
Answer: Enable Shell integration and click Apply (wait a momemt). After that you can analyze files via right-click context menu.
I unchecked on-access scan, but it still works!
Answer: I just tested (several times) and it works correctly. Maybe you forgot to click Apply under Settings.
Answers to other questions (quoted from other Forum)
I checked Statistics and looked OK, but a little confusing over the Queuing of files.
Over that, does that mean 1 Queued mean one is getting check and the file Queued is waiting to be checked?
Answer: Yes. It means that file is "waiting" stage. So after some interval it should be analyzed by active protection.
Surely If you run Quick check up / Advance it would detect those bad files, on which got upload by not running anything?
Answer: Checkup is actually separated from Active protection. It means that all files will be listed and classified again because there is possibility that one file rating is changed from Safe to Unsafe etc.. And all files classified in Checkup are not listed/added in Whitelist because it may cause performance issues and slowdowns.
A few other things I have noticed. Since this is a Stable version! Why does it still have Install BETA Updates shown Under General
Answer: Because next version may be BETA. Then if this option is enabled user will be automatically updated to new BETA version. If user don't want to install BETA version then he/she can skip BETA versions (just disable "Install BETA Updates" option).
Over on Behaviour under Notifications Show/Hide all the boxed are check is that used for the alert icon that pop-up in the bottom right of screen and Safe files does not need to be checked?
Answer: Notifications for Safe files are hidden by default. It is recommended to show only Unsafe/Suspicious and maybe Unknown objects too. There is no reason to show each alert about safe files. Some users like to monitor ALL events (including safe ones).
Under Protection: Where you have trust applications with digital signature. Do I keep that check? I did check it and it just says [signed] for Opera and 3 different opera files only nothing else.
Answer: When this option is enabled then all digitally signed files are skipped by default to increase performance. Please note that It can also decrease the level of protection because there is some malware with digital signatures (I have a plan to add configurable list for Digital signature).
More info I need to know as for Analysis I see the 3 boxes are checked do I need On-access checked?
Answer: This option is provided for additional security but it may cause performance issues too because when you open some folder then all executable files in folder will be listed and checed automatically. Currently some users reported that On-access cause issues. You can safely turn it off but keep other Analysis options enabled.
For Criteria: Do those settings stay in place for suspicious files detection ratio set at 5%?
Answer: If file detection ratio is under 5% then it is flagged as safe (e.g. to avoid FP detections). If detection ratio is between 5 and 10% then it is flagged as suspicious. If it is more than 10% then it is flagged as Unsafe (aka Malware). The user is able to customise this setting.
What is gridlines all about ?
Answer: When it is enabled then you can see lines on each section:
Screenshot
As for starting as Admin does that mean starting as Admin account or whatever account the person uses ?
Answer: It means that program is launched with Highest privileges. Please note that some features need Admin rights to work properly and it is also recommended for better malware removal.
Password Protection, so that can be set so nobody can change any settings, other than the person who set password ? (If so, it's not working, no pop-up box to enter a password) Or is there one ?
Answer: Here is a tutorial how to use Password protection feature properly (just tested successfully):
Screenshot 1
Screenshot 2
Screenshot 3
Screenshot 4
I tested the Reset Button: That works well and resets everything back to default under Statistics as in 0. So I just pressed check for updates and everything looks fine except Queued files that shows 1. For the Overview and Whitelist and Black list everything is still there. I.E. Overview =22 White list = 19 and Blacklist = 3
Answer: Normal situation because Reset button only Resets information under Statistics tab.
As for the Snap shot, Is Crystal set to scan every new file, Even Window Update files. ? also on the capture Crystal did not know 2 files files from windows update and they are upload.
Answer: Good point! Yes. Each new file is analyzed but you pointed out good issue. There is no reason to analyze Windows Update files (at least by active protection). In the next version, Windows Update files will be skipped by default to increase performance and avoid server load.
Next version takes a little bit more time because I got a lot of feedback from other users too. Many features to add and some issues to fix. Good amount of users also reported that it works fine but as we know, every system is different.
Regards,
Kardo
