- Sep 22, 2014
- 1,767
Crystal Security 3.5
- Thread starter Kardo Kristal
- Start date
- Status
- Sep 22, 2014
- 1,767
How to set CS to bypass UAC at startup?
Hello,
I have a question about the product, I've seen this product perform very well and I'm wondering if I use the "dynamic shellcode injection" method on a safe file and insert a backdoor or any type of malware and I allow the "installer" that drops the malware will still infect the PC (the file is also digital signed as the installer, I copied the digital signature from the installer) ? Are the files still checked even if you allow them ?
Thanks
I have a question about the product, I've seen this product perform very well and I'm wondering if I use the "dynamic shellcode injection" method on a safe file and insert a backdoor or any type of malware and I allow the "installer" that drops the malware will still infect the PC (the file is also digital signed as the installer, I copied the digital signature from the installer) ? Are the files still checked even if you allow them ?
Thanks
- Sep 22, 2014
- 1,767
Uncheck "Start as Admin" solved this problem but is there any downside if it is set like this?
- May 14, 2016
- 1,597
I personally unchecked "trust applications with digital signature"Hello,
I have a question about the product, I've seen this product perform very well and I'm wondering if I use the "dynamic shellcode injection" method on a safe file and insert a backdoor or any type of malware and I allow the "installer" that drops the malware will still infect the PC (the file is also digital signed as the installer, I copied the digital signature from the installer) ? Are the files still checked even if you allow them ?
Thanks
Interesting question
- Jun 24, 2016
- 636
Me too @DardiMI personally unchecked "trust applications with digital signature"
Interesting question
.....It is unchecked in all my security software that gives that as an option
- May 14, 2016
- 1,597
Good behavior ! You could received soon an anonymous phone call (with my voice modified - er - from a unknown Peron) to be recruited !Me too @DardiM
Questions :
- Do you like penguins ?
- Do you like wearing costumes ?
- Can you Drive high technological vehicles ?
- Jun 24, 2016
- 636
HaHa
Q1- I very much like Penguins (especially those that use Crystal Security)
Q2- No experience.It would depend on the specific costume,and the nature of the mission that requires it.
Q3- Only Automatic/Stick-Shift Cars ,& Reach/Counter-Balance Forklift Trucks at present..
(unless the Nostromo & Millennium Falcon count)
Apologies Kardo...
Back to Crystal Security..
Currently using 3.5.0.184..and all is working great
- Jul 12, 2014
- 1,143
Hi @Av Gurus,
Please try out the following method with Task Scheduler to disable UAC prompt for specific application: http://lifehacker.com/how-to-eliminate-uac-prompts-for-specific-applications-493128966
When program is elevated with limited rights then Self-protection and Stealth Guard will be disabled.
In Checkup mode some files are not analyzed because of the access rights.
Hi @NullByte,
Thanks for the interest.
Yes. It is vulnerable in such way. It also depends on many factor. It can pick-up modified file in some cases.
If you want highest protection then I suggest to enable Stealth Guard mode and disable Trust applications with Digital signature under Settings. You can also decrease suspicious and unsafe file detection ratio to improve 0-day malware detection.
Currently using 3.5.0.184..and all is working great
Hi @Logethica,
Thanks for the feedback.
Regards,
Kardo
Thanks, when you can, change the icon it looks like it's fake security product and if you can add some type of checking in future that will be amazing.
and if you can add some type of checking in future that will be amazing.
- Jul 12, 2014
- 1,143
Thanks, when you can, change the icon it looks like it's fake security product
@NullByte,
You are welcome and thanks for your suggestions.
If there is any issue, question or feedback then feel free to let me know anytime.
Regards,
Kardo
- May 14, 2016
- 1,597
Change the icon ? Why !? I find it's a nice icon ... Have you seen the details (zoom)Thanks, when you can, change the icon it looks like it's fake security product
It doesn't go well with the website or the product design (maybe he should change the colors). The product UI looks cool similar to ESET
- Jul 12, 2014
- 1,143
The product UI looks cool similar to ESET
@NullByte
Thanks. UI is a mixture of ESET (gray bar) and Avast (left menu) and my own ideas.
Currently there is a plan to improve notifications (updated action buttons, visual improvements etc..) and probably I will make some changes in Checkup mode (based on the users feedback). After that I want to add multilingual support which is one of the most requested feature.
You can find preview of the notifications from here.
Regards,
Kardo
Last edited:
- Jul 12, 2014
- 1,143
Hi @techienerd1,
Thanks! I am glad you like it.
If you have any question, suggestion or feedback then please let me know.
Regards,
Kardo
Hello,
If it's possible can you give me more info about:
Collective Cloud, Crystal Cloud, Internal Engine and Heuristic Engine (just some basic info that you can make public), BTW, I love the new notification.
If it's possible can you give me more info about:
Collective Cloud, Crystal Cloud, Internal Engine and Heuristic Engine (just some basic info that you can make public), BTW, I love the new notification.
- Jul 12, 2014
- 1,143
Hi @NullByte,
Thanks for the interest.
- Collective cloud - based on VirusTotal (API integration)
- Crystal cloud - based on feeds to collect malware information from several sources
- Heuristic engine - byte based detection
- Internal engine - hash based detection
Regards,
Kardo
- Sep 22, 2014
- 1,767
Hi @NullByte,
Thanks for the interest.
Heuristic and Internal engines can work in offline mode. Crystal cloud engine stores latest malware information on your computer which is useful for offline usage. Crystal cloud checks feeds after some interval automatically.
- Collective cloud - based on VirusTotal (API integration)
- Crystal cloud - based on feeds to collect malware information from several sources
- Heuristic engine - byte based detection
- Internal engine - hash based detection
Regards,
Kardo
Tested CS with Collective cloud turn off , just a couple of malware, and system get very infected, no pop-ups from CS.
- Jul 12, 2014
- 1,143
Tested CS with Collective cloud turn off , just a couple of malware, and system get very infected, no pop-ups from CS.
@Av Gurus,
Thank you for the feedback.
Probably it bypassed Internal and Heuristic engines. I guess that all other engines flagged file as clean and white-listed tested files automatically (without any notification). I believe that it is good to enable Stealth Guard mode while Collective cloud is disabled.
I'll try to improve other engines detection with newer versions.
Regards,
Kardo
@Kardo Kristal
CS 3.5
W10 Home
Bug Report
CS detects file as suspcious
In alert check detection
List of AV scan engines shows which scan engines detect
Overview
Analyze Selected (suspicious) File
Alert shows detected
Select Details
Entire list of AV scan engines shows no detection (all clean) - the detecting AV scan engines were absent from the list
After I enabled Stealth Guard and re-analyzed the file, the detecting AV scan engines reappeared in the list
I suspect alert display bug
I suspect display\alert bug
CS 3.5
W10 Home
Bug Report
CS detects file as suspcious
In alert check detection
List of AV scan engines shows which scan engines detect
Overview
Analyze Selected (suspicious) File
Alert shows detected
Select Details
Entire list of AV scan engines shows no detection (all clean) - the detecting AV scan engines were absent from the list
After I enabled Stealth Guard and re-analyzed the file, the detecting AV scan engines reappeared in the list
I suspect alert display bug
I suspect display\alert bug
Last edited by a moderator:
- Status
