Crystal Security 3.5

Status
Not open for further replies.
OokamiCreed

OokamiCreed

Level 18
Verified
Honorary Member
Top Poster
Well-known
May 8, 2015
881
Secondmineboy said:
I hope youre not going to turn to someone like Dani Santos, just sayin........
Click to expand...

I was thinking about this to but @Kardo Kristal is far too active and listens to everything we say - within reason (even if it drives him crazy). It's one of the reasons why I actually trust Crystal Security to do what it does on my system. And while this product is free now, I'd imagine a plan to have a paid and free version, it would be worth putting out money for unlike some other products... in my honest opinion. Not trying to be offensive here. The security field isn't a nice place to play around with, without commitment, dedication, and communication with others.
 
  • Like
Reactions: Logethica, Oxygen, russ0408 and 6 others
frogboy

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
OokamiCreed said:
I was thinking about this to but @Kardo Kristal is far too active and listens to everything we say - within reason (even if it drives him crazy). It's one of the reasons why I actually trust Crystal Security to do what it does on my system. And while this product is free now, I'd imagine a plan to have a paid and free version, it would be worth putting out money for unlike some other products... in my honest opinion. Not trying to be offensive here. The security field isn't a nice place to play around with, without commitment, dedication, and communication with others.
Click to expand...
Very well said. ;)
 
  • Like
Reactions: Logethica, souhrid, Deleted member 21043 and 4 others
Kardo Kristal

Kardo Kristal

From Crystal Security
Thread author
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
Secondmineboy said:
Better Windows 10 integration like support for the Info-Center popups and better touch-friendly UI :)
Click to expand...

@Secondmineboy Both suggestions added into to-do list. :) It may take some time to implement both features (because of the multilingual support). Many users requested different languages like: Russian, German, Polish and so on.. It means that Multilingual support is in progress.
OokamiCreed said:
I was thinking about this to but @Kardo Kristal is far too active and listens to everything we say - within reason (even if it drives him crazy). It's one of the reasons why I actually trust Crystal Security to do what it does on my system. And while this product is free now, I'd imagine a plan to have a paid and free version, it would be worth putting out money for unlike some other products... in my honest opinion. Not trying to be offensive here. The security field isn't a nice place to play around with, without commitment, dedication, and communication with others.
Click to expand...

@OokamiCreed Thank you for the kind words bro! :)

Thanks to users feedback Crystal Security is better and better with each new version.
frogboy said:
Very well said. ;)
Click to expand...

@frogboy I totally agree with you! :)

Regards,
Kardo
 
  • Like
Reactions: Logethica, souhrid, Deleted member 21043 and 4 others
RmG152

RmG152

Level 12
Verified
Jan 22, 2014
577
I found a fun bug on my Test environment xDD

1. Install Crystal security on Clean system.
2. Enable silent mode. (doesn't need)
3. Enable Shell integration.
4. Scan Crystal Security Folder.

Crystal security kill himself.
Kardo Kristal said:
@RmG152 Thanks for the interest. :)
  1. Multilingual support (in the next version)
  2. Icon for context menu scan
  3. Option to configure uploads limit (e.g. 40 MB/per day)
  4. Multiple drive support for Active protection and Checkup (optional setting)
  5. Overall improvement (detection and performance)
  6. .... and some other features
Click to expand...

In my opinion:

1. English isn't my main language, but I think this is not a priority.
2. I think this is easy to fix
3. Maybe not only "total", include max file size option.
4. +1
5. +1
6. Allow process signed by Trusted Vendors
7. your point nº 6.
 
  • Like
Reactions: Logethica, jamescv7, Secondmineboy and 3 others
D

Deleted member 21043

Hello @Kardo Kristal,

You've been working really hard and so I thought of a way I could help you, therefore for the past few days I've used some of my spare time to start developing a feature I'd like to donate to you for Crystal Security, I'm sure you'll like it... Process protection!

Currently, I've only made it as far as protecting against process termination from specific functions which are commonly used. The process protection works by protecting the Crystal Security process from user-mode level, which of course means you won't have to worry about kernel-mode drivers. The way it is applied is via injecting the DLL into processes - upon injection, hooks will attempt to be set on specific functions via placing a JMP instruction to the address of the callback function at the address of the function in the IAT (Import Address Table). This means when the function is called, my code will be executed if the hook is present and I can use my callback to check the parameters and if it's trying to request the API call to attack the Crystal Security process, I deny access.

The disadvantage of it working from user-mode is because it can be bypassed more easily. But, you shouldn't worry about this, it's still effective.

I have decided to use Task Manager as an example, however of course it will be just as effective with malware. It's compatible for both x86 and x64 processes.

An example of what would happen if you attempt to terminate the Crystal Security process via Task Manager:
qHOB0.jpg

Please bear in mind this is just the first stage of the process protection I have been developing for you... Starting from tomorrow, I'll be away until the 28th of July on holiday... Whilst I am away (no internet connection) I'll improve the process protection I am currently developing for you, such as adding new features like protection against process suspension, termination of the process threads... I'll focus on process protection now for the self defence, maybe in the future when I have more time in the summer, I'll add protection for the Crystal Security registry keys, files, etc. ;)

Let me know what you think, and remember, if you want to use this feature in Crystal Security, it's a gift from me. :)

Cheers. ;)
 
  • Like
Reactions: OokamiCreed, Kardo Kristal, RmG152 and 4 others
Kardo Kristal

Kardo Kristal

From Crystal Security
Thread author
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
@kram7750 Thanks for the support bro.

I made some research and found another method how to protect Crystal Security process. When something tries to kill process then result is Access Denied. It uses different method (without any driver or DLL injection). Thanks to this method only Admin can kill the process.

Here is a test of the method I found. :) This will be also implemented in the next version.

self_protection-png.66462


Regards,
Kardo
 

Attachments

  • self_protection.png
    self_protection.png
    29.8 KB · Views: 546
Last edited:
  • Like
Reactions: Logethica, OokamiCreed, jamescv7 and 1 other person
Kardo Kristal

Kardo Kristal

From Crystal Security
Thread author
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143

Attachments

  • blacklist_quarantine.png
    blacklist_quarantine.png
    10.6 KB · Views: 515
  • Like
Reactions: Logethica, souhrid, frogboy and 1 other person
D

Deleted member 21043

Kardo Kristal said:
@kram7750 Thanks for the support bro.

I made some research and found another method how to protect Crystal Security process. When something tries to kill process then result is Access Denied. It uses different method (without any driver or DLL injection). Thanks to this method only Admin can kill the process.

Here is a test of the method I found. :) This will be also implemented in the next version.

self_protection-png.66462


Regards,
Kardo
Click to expand...
Hello @Kardo Kristal,

No worries, if you've got it covered then I understand. :) Just make sure it protects the process against other processes (so malicious processes as an example) and not just Task Manager (or specific programs) if it doesn't already.

In case you were wondering, Access Denied occurs when a return the NTSTATUS value for STATUS_ACCESS_DENIED is returned, and the NTSTATUS value for this is 0xC0000022. It's used for blocking Native API functions, like ZwTerminateProcess, ZwOpenProcess. (Preventing ZwOpenProcess is good because if a program can't get a handle to your process, it cannot start to try to use ZwTerminateProcess or another function like ZwSuspendProcess since it'd need a HANDLE to put in as a parameter for it to work).

Good work. :)

Cheers. ;)
 
  • Like
Reactions: jamescv7, souhrid, Kardo Kristal and 1 other person
Kardo Kristal

Kardo Kristal

From Crystal Security
Thread author
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
kram7750 said:
No worries, if you've got it covered then I understand. :) Just make sure it protects the process against other processes (so malicious processes as an example) and not just Task Manager (or specific programs) if it doesn't already.
Click to expand...

@kram7750 Thanks for the reply.

Tried found method against Process Hacker and Process Explorer successfully (It should protect against malicious processes as well). :)

Regards,
Kardo
 
  • Like
Reactions: Logethica, Deleted member 21043, souhrid and 1 other person
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@Kardo Kristal : Out of curiosity, since I'm planning to conduct safety self protection for my educational AV thesis purpose. Is it something you replicate from renaming the process like svchost.exe which will considered as critical process and unterminated unless the effectiveness will be revert?

Because other complicated process deals on DLL.
 
  • Like
Reactions: Kardo Kristal and frogboy
Kardo Kristal

Kardo Kristal

From Crystal Security
Thread author
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
  • Like
Reactions: Logethica, LAGUN, souhrid and 3 others
Kardo Kristal

Kardo Kristal

From Crystal Security
Thread author
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
Secondmineboy said:
Update went fine Kardo :)
Click to expand...

@Secondmineboy Thanks for the feedback. :)
Secondmineboy said:
How about a changed tray-icon when the Protection is disabled and also a popup to remind the user that its disabled, otherwise he will disable it and totally forget that. :D
Click to expand...

Good point.
  1. There is a plan to add notification about disabled protection. :)
  2. No plan to change icon (currently it is static icon).
Regards,
Kardo
 
  • Like
Reactions: Logethica, souhrid, Secondmineboy and 1 other person
Status
Not open for further replies.

Similar threads

M
    • Like
    • +Reputation
New Update NEW Avast version 24.4
Replies
1
Views
515
Avast
Bot
Bot
oldschool
    • Like
    • +Reputation
    • Thanks
New Update Enhanced Phishing Protection in Microsoft Defender SmartScreen
Replies
11
Views
901
Windows 11
simmerskool
simmerskool
Gandalf_The_Grey
Security News QNAP adds NAS ransomware protection to latest QTS version
Replies
0
Views
1,523
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top