Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
I found something weird now
Crystal security seems to stop working since I sent you the logs
I already cleared everything from blacklist, overview and whitelist -> everything was 0
I tried to execute "never-been-executed" files and some safe files which have a few detections from virustotal. However, after executing countless of files, CS still showed 0, 0 & 0
the only way to make it work it to do a right-click analysis -> CS started whitelisting some of them. I also tried to exit CS portable and restart it but still didn't work

during zipping the folder "3.5" in appdata crystal security detected itself :rolleyes: and this is the only popup I have got since I reported the last problem


this is the "3.5" folder link
http://www.fileconvoy.com/gf.php?id=gddf6661c3e52e384999875776.936674c6b59e9f7d91c206&sts=1474143969178164224138fe20147abbe4a95482fe1259d1997888
 

Kardo Kristal

From Crystal Security
Verified
Developer
Hi @Evjl's Rain,

Thank you for the feedback. :)
I found something weird now
Crystal security seems to stop working since I sent you the logs
I already cleared everything from blacklist, overview and whitelist -> everything was 0
I tried to execute "never-been-executed" files and some safe files which have a few detections from virustotal. However, after executing countless of files, CS still showed 0, 0 & 0
the only way to make it work it to do a right-click analysis -> CS started whitelisting some of them. I also tried to exit CS portable and restart it but still didn't work
Interesting. After restart it should resolve the issue. No problems here.

objects.png

during zipping the folder "3.5" in appdata crystal security detected itself and this is the only popup I have got since I reported the last problem
It is normal because you generated a new ZIP file which is unknown to cloud.
Crystal Security analyzes own (e.g. Shell integration file when you enable Shell integration via Settings).
Crystal had a complete crash this morning
It is a known bug (reported by several users). I'll try to re-produce it. Hopefully it will be fixed in the newer version.

Regards,
Kardo
 

Kardo Kristal

From Crystal Security
Verified
Developer
Hi @ExoGen CyberSecurity,

Thank you for the feedback.

If I use 7Zip and I open eicar_com.zip and I select open archive and I execute Eicar.com from inside the archive will auto-quarantine the 7Zip.exe
I tried to execute Eicar.com the same way but Windows displayed the following error:

eicar_test_2.png


Please provide the following information:
  1. On-access is enabled or disabled under Settings?
  2. Which version of Windows?
Also, I love the new logo and the UI.
Thanks! Glad to hear that. :)

Regards,
Kardo
 
Last edited by a moderator:
D

Deleted member 2913

Kardo,

Whats is VT policy in using it?

Can you use select AVs only for protection & list those select AVs in the GUI for the users to select/unselect for protection Or VT policy doesn't allow this?
Kardo,

Any update on the above?

You had replied that you will inquire VT for the info.
Hi @yesnoo,

Yes. I sent an e-mail to VirusTotal staff (Emiliano). Currently waiting for the reply.

I will let you know when I get an answer from VirusTotal. :)

Regards,
Kardo
Kardo,

VT staff haven't replied yet?

Thank You
 

Kardo Kristal

From Crystal Security
Verified
Developer
I don't get that anymore
@ExoGen CyberSecurity,

Thanks for the reply.

I suggest to keep on-access currently off to avoid issues.

You are still protected because Crystal Security analyzes created, modified and launched files. :)
VT staff haven't replied yet?
Hi @Yash Khan,

Thanks for the interest. :)

Still no reply from VirusTotal. Maybe they are too busy to respond. I will try their support form.
CS crashed during install of Avira.
Log sent to info@crystalsecurity.eu
Hi @nclr11111,

Thanks for the bug report.

It is a known bug (same bug reported by @Evjl's Rain).

Can you please also send your Settings.xml file?

Thanks in advance. :)

Regards,
Kardo
 

nclr11111

Level 6
Verified
@ExoGen CyberSecurity,

Thanks for the reply.

I suggest to keep on-access currently off to avoid issues.

You are still protected because Crystal Security analyzes created, modified and launched files. :)


Hi @Yash Khan,

Thanks for the interest. :)

Still no reply from VirusTotal. Maybe they are too busy to respond. I will try their support form.


Hi @nclr11111,

Thanks for the bug report.

It is a known bug (same bug reported by @Evjl's Rain).

Can you please also send your Settings.xml file?

Thanks in advance. :)

Regards,
Kardo
DONE!
 

Kardo Kristal

From Crystal Security
Verified
Developer
@Kardo Kristal I have accessed files on and didn't notice any issues but is there a benefit from using it and if yes what? If not i will disable just in case.
Hi @SHvFl,

Thanks for the feedback.

Glad to hear that it works well for you. :)

Benefit of on-access feature is increase in security because then it will pick-up all the files via Windows Explorer. Downside of this feature is higher CPU and memory (RAM) usage. In some cases it will overload Cloud engine too (more files in queue).

It seems that when on-access is enabled then it will cause issues on some systems. Personally I don't enable on-access feature because other analysis methods protects very well.

Your requested feature is still in the roadmap but probably it will be added after next release.

I am currently focused on bug fixes in the next version (because of the recent bug reports by many users).

Regards,
Kardo
 

SHvFl

Level 35
Verified
Trusted
Content Creator
Hi @SHvFl,

Thanks for the feedback.

Glad to hear that it works well for you. :)

Benefit of on-access feature is increase in security because then it will pick-up all the files via Windows Explorer. Downside of this feature is higher CPU and memory (RAM) usage. In some cases it will overload Cloud engine too (more files in queue).

It seems that when on-access is enabled then it will cause issues on some systems. Personally I don't enable on-access feature because other analysis methods protects very well.

Your requested feature is still in the roadmap but probably it will be added after next release.

I am currently focused on bug fixes in the next version (because of the recent bug reports by many users).

Regards,
Kardo
Sure makes sense. Btw by cloud engine you mean yours or VT? I assume and hope it's VT because i would hate to create problems for your servers. I noticed the small increase in cpu usage(2-3% i believe) but no real change in ram but now that you mention it will test a bit without it and see.
No worries about the feature, i disabled VT for now and i will survive without it until the feature is added. No real worries here, VT offers small value to me.
 

Kardo Kristal

From Crystal Security
Verified
Developer