Kardo Kristal

From Crystal Security
Verified
Developer
Windows detected the portable installer as: Trojan:Win32/Wacatac.B!ml
Hi @thrillskr

Thank you for the information. I will send False Positive report.
Hi Kardo just wanted to know what is the poper way to update when using portable/ Just copy and paste to older folder version? Thks
Hi @blueblackwow65

You can update portable version in two ways
  • Replace previous version with new version
  • Perform in-app update
Regards,
Kardo
 

Noche

Level 14
Hi, I'm having some trouble blocking an element Crystal Security mark as unsafe. I click the block button but the notification is always there. Attachment screenshot.
Code:
: Product: Crystal Security
: Version: 3.7.0.40

: Object: C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
: MD5 hash: 17f71c465229a6344450fa494bf8bbd2

: Reference: https://www.virustotal.com/latest-scan/17f71c465229a6344450fa494bf8bbd2
: Reference: https://www.hybrid-analysis.com/sample/73e0ff0c170f5eeffd0dc6b4c1d58eec0486a09459045604226d8b8615170b40

: Detections

Bkav: Clean
DrWeb: Clean
MicroWorld-eScan: Clean
FireEye: Clean
CAT-QuickHeal: Clean
McAfee: Clean
Cylance: Clean
Zillya: Clean
SUPERAntiSpyware: Clean
Sangfor: Clean
K7AntiVirus: Clean
Alibaba: Clean
K7GW: Clean
Cybereason: Clean
Arcabit: Clean
Invincea: Clean
BitDefenderTheta: Clean
F-Prot: Clean
Symantec: Clean
TotalDefense: Clean
Zoner: Clean
TrendMicro-HouseCall: Clean
Avast: Clean
ClamAV: Clean
Kaspersky: Clean
BitDefender: Clean
NANO-Antivirus: Clean
Paloalto: Clean
ViRobot: Clean
Tencent: Clean
Ad-Aware: Clean
Emsisoft: Clean
Comodo: Clean
F-Secure: Clean
Baidu: Clean
VIPRE: Clean
TrendMicro: Clean
McAfee-GW-Edition: Clean
Trapmine: Clean
CMC: Clean
Sophos: Clean
Ikarus: Clean
Cyren: Clean
Jiangmin: Clean
Webroot: Clean
Avira: Clean
Fortinet: Clean
Antiy-AVL: Clean
Kingsoft: Clean
Endgame: Clean
Microsoft: Clean
AegisLab: Clean
ZoneAlarm: Clean
Avast-Mobile: Clean
SentinelOne: Clean
AhnLab-V3: Clean
Acronis: Clean
VBA32: Clean
ALYac: Clean
TACHYON: Clean
Malwarebytes: Clean
APEX: Clean
ESET-NOD32: Clean
Rising: Clean
Yandex: Clean
MAX: Clean
eGambit: Clean
GData: Clean
MaxSecure: Clean
AVG: Clean
Panda: Clean
CrowdStrike: Clean
Qihoo-360: Clean
Dynamic engine: Detected
Static engine: Clean
Heuristic engine: Clean

: Threat score: 10%
: Overall: Unsafe
1.png
 

vertigo

Level 2
@Kardo Kristal

First, thanks for this program. Unfortunately, while it seemed very promising, it has a couple issues, one of which has caused me to discontinue its use. The first, and smaller, problem, is that regardless of how I configured the settings, often when I would launch it, it would show the window saying it was launching in checkup mode. It should be able to be set to launch completely silently.

The bigger issue, though, is in the detection and handling of "threats." While running it alongside Windows Defender, VoodooShield, and OSArmor, I was installing and running programs, all completely legitimate and safe. Throughout this entire process, WD never acted on anything or showed any notifications, OSArmor did a fair amount at first but after the initial handful has been silent, VS has been the second-most active with blocking suspected threats, and CS has been the most active by far. During some installs and some executions of programs, VS would sometimes pop up once, or very occasionally twice, whereas CS would pop up several times (and I could swear some were repeats, though I'm not sure). So it seems to be overly sensitive, especially since I find VS to have a fairly high false positive rate, and yet it's nothing compared to CS.

But the real problem with all this is that on three separate occasions within the past couple hours, when I launched programs that triggered CS and clicked the message in CS's popup to restore the file, the file was restored as a 0-byte file, thereby completely killing the program and requiring a reinstall. So instead of properly quarantining the files and restoring them untouched, it's corrupting them in the process. And considering it did this to three programs, whereas it probably reacted to maybe five or six in that time frame, that's essentially a 50% or higher "kill rate" for programs it reacted to (and slightly >10% for all programs, since that was out of 28 I ran before exiting CS). I personally consider even a single instance of this unacceptable--which is why I've looked so hard for a replacement to WD, since it has a habit of doing this as well, perhaps more than any other program I've tested except for CS--so doing it this often makes this program absolutely unusable for me. So I'm really hopeful you can figure it out and fix it so this doesn't happen anymore.

For your reference, the programs it did this to were Audacious, DocFetcher, and CDex, all installed through chocolatey in case that matters. I'm sure there would have been more casualties if I kept going.
 

vertigo

Level 2
I'm curious as to why you run all at the same time? :unsure:
Is clear overkill :cool:
Because 1) I'd rather overkill than not enough considering there should be very little overhead to doing so; 2) WD, while I hate it, has local AV whereas VS only uses the cloud and CS's local AV is new and therefore not thoroughly tested, not to mention I have no idea what engine(s) it uses and therefore how good it is; 3) I wanted to test CS to see if it would be a good complement or even a replacement to VS, especially since VS free is so limited/locked down; and 4) why not? Basically, it would be OSA (which is really in a separate category, and therefore I don't consider its inclusion to be additive to the "overkill") + VS for main protection + WD for its AV and as a last resort in case something is approved in VS that shouldn't have been, but I wanted to try out CS. Considering my experience with it so far, it's a good thing I went that route instead of going with it instead of VS, though I'm hopeful the info I provided will help its development so that maybe it can become good enough to be used instead. Even so, I see nothing wrong with using them together, since there's no conflict and they each use very little resources.

I forgot to mention that I'm also running CF/CS which, yes, adds to the "overkill," but again, it increases protection with very little overhead and, again, I'm testing it out as I am all the others.
 

Digmor Crusher

Level 6
Verified
You realize overkill can result in less protection? If you have several programs fighting over who is going to do what and the end result is none of them do nothing until it is too late, what good is overkill then? There is a reason why experts recommend not to run too many programs. But if you think you know better, good luck.
 
Top