Crystal Security 3.5

Kardo Kristal · Jul 17, 2016

Mr.NoName said:
what db you use then

Hi @Mr.NoName,

Internal engine - Malc0de and ThreatCenter

Regards,
Kardo

Mr.NoName · Jul 23, 2016

Kardo Kristal said:
Hi @Mr.NoName,

Internal engine - Malc0de and ThreatCenter

Regards,
Kardo

nooo that it's ok i mean Sql ,mysql,sqlite,ms sql ,oracle ,mono,abo.db

Kardo Kristal · Jul 23, 2016

Mr.NoName said:
nooo that it's ok i mean Sql ,mysql,sqlite,ms sql ,oracle ,mono,abo.db

Hi @Mr.NoName,

Local database is loaded into memory without SQL, MySql etc..

Only latest threat information is downloaded and stored on your computer (mostly for offline usage).

Regards,
Kardo

_CyberGhosT_ · Jul 23, 2016

@Kardo Kristal I agree with Logethica
just over the past year alone I have watched your product grow and improve exponentially
you should be proud.

Mr.NoName · Jul 23, 2016

Kardo Kristal said:
Hi @Mr.NoName,

Local database is loaded into memory without SQL, MySql etc..

Only latest threat information is downloaded and stored on your computer (mostly for offline usage).

Regards,
Kardo

so you use array or string ok good but what about when you load more than 6 million sigs in this memory ?

DardiM · Jul 23, 2016

Mr.NoName said:
so you use array or string ok good but what about when you load more than 6 million sigs in this memory ?

Not to answer your question, but I have thought one thing when I read it :

About values :

SHA256 = 32 Bytes
32 Bytes x 6000 000 => 183 MB ( with 1024² used)

HASH = 16 Bytes
for 6000 000
=> 91.5 MB

Only to say: often, "high x very small" = "not too high"

(Sorry, I know it may not help a lot, and can have nothing to do with the real answer, but before I go to bed, I needed to make a last post

)

Mr.NoName · Jul 24, 2016

DardiM said:
Not to answer your question, but I have thought one thing when I read it :

About values :

SHA256 = 32 Bytes
32 Bytes x 6000 000 => 183 MB ( with 1024² used)

HASH = 16 Bytes
for 6000 000
=> 91.5 MB

Only to say: often, "high x very small" = "not too high"

(Sorry, I know it may not help a lot, and can have nothing to do with the real answer, but before I go to bed, I needed to make a last post )

yes bot there are more than one billion malware and threats at all so this is big

Kardo Kristal · Jul 24, 2016

_CyberGhosT_ said:
@Kardo Kristal I agree with Logethica
just over the past year alone I have watched your product grow and improve exponentially
you should be proud.

Hi @_CyberGhosT_

Thank you for the kind words. I am glad you like Crystal Security.

Mr.NoName said:
but what about when you load more than 6 million sigs in this memory ?

Hi @Mr.NoName,

Local database is limited. There is no plan to load millions of signatures in the memory. Thanks to Heuristic engine which is also local and Cloud engines, detection ratio should be quite good to detect any kind of malware.

DardiM said:
About values :

SHA256 = 32 Bytes
32 Bytes x 6000 000 => 183 MB ( with 1024² used)

HASH = 16 Bytes
for 6000 000
=> 91.5 MB

Hi @DardiM,

Thanks bro.

Regards,
Kardo

SHvFl · Jul 24, 2016

@DardiM You mentioned here some extensions need to be added manually. I am trying the product now and would love to know what those extensions are and why they are not used by default(assuming you know why). Also is there any drawback from using the extra extensions?(Hopefully not more alerts).
Will really appreciate it if you have the time to enlighten me. Thanks in advance.
PC: SECURE - Vanduss's Security config

DardiM · Jul 24, 2016

SHvFl said:
@DardiM You mentioned here some extensions need to be added manually. I am trying the product now and would love to know what those extensions are and why they are not used by default(assuming you know why). Also is there any drawback from using the extra extensions?(Hopefully not more alerts).
Will really appreciate it if you have the time to enlighten me. Thanks in advance.
PC: SECURE - Vanduss's Security config

@Kardo Kristal , the creator of this useful tool, could explain better than me.

I will try :

There are two extensions that I added manually :
(1) .js
for scripting files which use wscript.exe to run script outside a Browser
=> the drawback I saw was that when Browsing with IE 11, all .js file made Crystal security prompt an alert (you can imagine the number of .js file used by website :'( ), and excluding a folder was a problem because several sub temp folders was created by this Browser.
=> @Kardo Kristal resolved this in a update where excluding a folder also excludes the sub folders.
You can follow the discussion with @Kardo Kristal
- from this link Crystal Security 3.5
- to this link Crystal Security 3.5
(2) .bin
=> some malware sample (on some website) are with .bin extension (added at the end of real extension) : secure way to analyse it by a scanner without risk of run it by miss clicking

SHvFl · Jul 24, 2016

DardiM said:
@Kardo Kristal , the creator of this useful tool could explain better than me.
There are two extension I added manually :
(1) .js
for scripting files which use wscript.exe to run script outside a Browser
=> the drawback I saw was that when Browsing with IE 11, all .js file make Crystal security prompt an alert (unknown files)
and excluding a folder was a prolem because sub temp folder was created by this Browser.
=> @Kardo Kristal resolve this in a update where exluding a folder exlude also the sub folders
(2) .bin
=> some malware sample are with .bin extension (ate the end the .exe extension) : secure way to analyse it by a scanner without risk of run it by miss clicking

OK thanks. WIll add bin for now and check what folder i need to whitelist for js to see if it's worth it. I control wscript with other ways and adding an exclusion might be a bad idea depending on set location.
Thanks a lot for your quick reply.

DardiM · Jul 24, 2016

SHvFl said:
OK thanks. WIll add bin for now and check what folder i need to whitelist for js to see if it's worth it. I control wscript with other ways and adding an exclusion might be a bad idea depending on set location.
Thanks a lot for your quick reply.

I tested with Vivaldi, Firefox, Chrome, IE
=> the problem only appears with IE

This is what I posted :

"For people who want to do the same, don't forget that in the path

...\AppData\Local\Microsoft\Windows\INetCache\Low\IE

there are hidden / protected folders you must make "visible" before adding in Crystal Security.

AppData => choose : "show hidden file/folder or drive"
INetCache => Uncheck : "Hide protected system files"

And don't forget to reverse this changes after folder has been added in Whitelist

"

SHvFl · Jul 24, 2016

DardiM said:
I tested with Vivaldi Firefox chrome IE
=> the problem only appear with IE

This is what I posted :

"For people who want to do the same, don't forget that in the path

...\AppData\Local\Microsoft\Windows\INetCache\Low\IE

there are hidden / protected folders you must make "visible" before adding in Crystal Security.

AppData => choose : "show hidden file/folder or drive"
INetCache => Uncheck : "Hide protected system files"

And don't forget to reverse this changes after folder has been added in Whitelist "

Oh cool, i thought it was for all browsers. I never open IE and use Chrome and Firefox so will add js. No reason not to do so it if no whitelist is required. Thanks again.

DardiM · Jul 24, 2016

SHvFl said:
Oh cool, i thought it was for all browsers. I never open IE and use Chrome and Firefox so will add js. No reason not to do so it if no whitelist is required. Thanks again.

You are welcome

One more thing : don't make the same error that I've made the first time I used Crystal Security

Add you custom extension here :
Settings => Protection => File Types => Custom and don't forget to click on apply (I was certainly exhausted

)

Kardo Kristal · Jul 24, 2016

SHvFl said:
I am trying the product now and would love to know what those extensions are and why they are not used by default(assuming you know why). Also is there any drawback from using the extra extensions?(Hopefully not more alerts).

Hi @SHvFl,

Thanks for the interest.

Additional extensions are optional. You can add any extension you like. It is possible that with new extensions, you may see more alerts (e.g. when detected file is unknown, suspicious or unsafe). It depends on your Settings.

By default only common executables are monitored.

DardiM said:
There are two extension I added manually :
(1) .js
for scripting files which use wscript.exe to run script outside a Browser
=> the drawback I saw was that when Browsing with IE 11, all .js file made Crystal security prompt an alert (you can imagine the number of .js file used by website :'( ),
and excluding a folder was a problem because sub temp folder was created by this Browser.
=> @Kardo Kristal resolved this in a update where excluding a folder also exludes the sub folders
You can follow the discussion with @Kardo Kristal
from this link Crystal Security 3.5
to this link Crystal Security 3.5
(2) .bin
=> some malware sample are with .bin extension (added at the end of real extension) : secure way to analyse it by a scanner without risk of run it by miss clicking

@DardiM Thanks for the useful reply.

Regards,
Kardo

bjm_ · Jul 24, 2016

@Kardo Kristal
what news on my Norton problem, since hash changes each Norton local protection update

Kardo Kristal · Jul 25, 2016

bjm_ said:
@Kardo Kristal
what news on my Norton problem, since hash changes each Norton local protection update

Hi @bjm_,

Thanks to sub-folders support your issue should be fixed.

Please white-list the following folder under Whitelist section: C:\ProgramData\Norton\

Regards,
Kardo

bjm_ · Jul 25, 2016

Kardo Kristal said:
Hi @bjm_,
Thanks to sub-folders support your issue should be fixed.
Please white-list the following folder under Whitelist section: C:\ProgramData\Norton\
Regards, Kardo

Aha, Okay. I'll try CS again and see what's new. Thanks!
_________________________________
FWIW ~this is as I see with FoxWebSecurity. http://s31.postimg.org/rzfpksl8b/screenshot.png
SafeWeb reports SAFE https://safeweb.norton.com/report/show?url=crystalsecurity
Default Policy-1 DNS IP's used by FoxWebSecurity may be over-reaching. IDK

Av Gurus · Jul 26, 2016

Is there any settings like "trust all" when installing on clean PC?
I would like to reduce pop-up of Unknown file by Collective Cloud (I was just turn off that for a day).

Kardo Kristal · Jul 26, 2016

bjm_ said:
FWIW ~this is as I see with FoxWebSecurity. http://s31.postimg.org/rzfpksl8b/screenshot.png
SafeWeb reports SAFE https://safeweb.norton.com/report/show?url=crystalsecurity
Default Policy-1 DNS IP's used by FoxWebSecurity may be over-reaching. IDK

Hi @bjm_,

Seems like Uptodown and Programosy sites are detected. Should be False Positives by filter.

Av Gurus said:
Is there any settings like "trust all" when installing on clean PC?

Hi @Av Gurus,

Currently there is no such feature/setting. There is a plan to add Folder whitelisting option to notification so when unknown file is detected during the installation of new program then you can easily white-list whole directory. It should help to reduce unknown pop-ups.

Regards,
Kardo

Crystal Security 3.5

From Crystal Security

Level 4

From Crystal Security

Level 53

Level 4

Level 26

Level 4

From Crystal Security

Level 35

Level 26

Level 35

Level 26

Level 35

Level 26

From Crystal Security

Level 14

From Crystal Security

Level 14

Level 29

From Crystal Security

Similar threads