Crystal Security 3.7 BETA

Sonar (Norton) identifies Crystal Security as Threat in High Grade

upload_2017-2-14_15-44-9.png

SUD
 
  • Like
Reactions: vtqhtr413, Rengar, Winter Soldier and 5 others
Hi @bjm_,

Thanks for the feedback. :)

Can you please tell me your display settings:
  1. Resolution
  2. DPI Scaling
I tried to re-produce your reported issue on Windows 10 with different display settings but no problems here.

Regards,
Kardo
 
  • Like
Reactions: vtqhtr413, harlan4096, frogboy and 3 others
Resolution.png scale factor.png
btw ~ Zemana Portable was blacklisted and stripped to 0kb. Is there a restore from blacklist.
With Zemana Portable at 0kb with desktop Icon stripped. Only way I saw to restore Zemana was new download.

Crystal Security (something) was also blacklisted. Maybe, dynamic engine?

Analyze with Crystal Security (context menu) does not call CS or scan item as I can see.
btw ~ Analyze with Crystal Security needs CS Icon.

Quick & Advanced scans were 0 & 0. And other than cosmetic issue. CS felt okay for awhile.
Then after playing with CS Settings with close and open CS.
CS went aggressive on Zemana Portable.

Sorry, Zemana blacklist with desktop Icon stripped, happened so swift and unexpected, I did not capture screenshots.
I've deleted Crystal Security (for now).
 
Last edited:
  • Like
Reactions: vtqhtr413, Kardo Kristal and ForgottenSeer
bjm_ said:
btw ~ Zemana Portable was blacklisted and stripped to 0kb. Is there a restore from blacklist.
With Zemana Portable at 0kb with desktop Icon stripped. Only way I saw to restore Zemana was new download.
Click to expand...

When something is blocked and moved to Blacklist then you can restore file with the following steps:
  1. Go to "Blacklist" section
  2. Right-click on black-listed file
  3. Choose "Restore Selected File"
If file is in quarantine then it should restore file to original location.
bjm_ said:
Crystal Security (something) was also blacklisted. Maybe, dynamic engine?
Click to expand...

It was probably Shell integration file detection. It was also reported by @Petrovic. Will be fixed.
bjm_ said:
Analyze with Crystal Security does not call CS or scan item as I can see.
Click to expand...

Bug confirmed and will be fixed.
bjm_ said:
CS went aggressive on Zemana.
Click to expand...

I'll look into it.

I'll try to re-produce DPI scaling issue too.

Regards,
Kardo
 
Last edited:
  • Like
Reactions: vtqhtr413, silversurfer and ForgottenSeer
Kardo Kristal said:
When something is blocked and moved to Blacklist then you can restore file with the following steps:
  1. Go to "Blacklist" section
  2. Right-click on black-listed file
  3. Choose "Restore Selected File"
If file is in quarantine then it should restore file to original location.
Well, I did not see quarantine. Just blacklist and whitelist.
Is there a quarantine window?


It was probably Shell integration file detection. It was also reported by @Petrovic. Will be fixed.


Bug confirmed and will be fixed.


Interesting issue. Never happened here.
I meant by 0 & 0 that no threats were found.


I'll look into it.

I'll try to re-produce DPI scaling issue too.

Regards,
Kardo
Click to expand...
 
  • Like
Reactions: vtqhtr413, Kardo Kristal and ForgottenSeer
bjm_ said:
Well, I did not see quarantine. Just blacklist and whitelist.
Is there a quarantine window?
Click to expand...

@bjm_ You can consider Blacklist as Quarantine. Quarantine files are stored under AppData directory.
You can restore files only via UI because all quarantined files are also encrypted.

I just tried to re-produce your DPI scaling issue. Changed DPI to 150%. After that I signed out and logged in.
I started Crystal Security and no problems here. I can only suggest to set DPI to 100% on your system.

Regards,
Kardo
 
Last edited:
  • Like
Reactions: vtqhtr413 and ForgottenSeer
Kardo Kristal said:
@bjm_ You can consider Blacklist as Quarantine. Quarantine files are stored under AppData directory.
You can restore files only via UI because all quarantined files are also encrypted.

I just tried to re-produce your DPI scaling issue. Changed DPI to 150%. After that I signed out and logged in.
I started Crystal Security and no problems here. I can only suggest to set DPI to 100% on your system.

Regards,
Kardo
Click to expand...
Yeah, I was expecting and looking for a quarantine module within the CS user interface.
Guess, I'm used to programs that quarantine and restore from quarantine.
I'm used to NoVirusThanks ERP with Whitelist/Blacklist and Quarantine.
I'm used to Webroot with Block/Allow and Quarantine.

I just found (with your pointing) AppData > Roaming > Crystal Security > Quarantine. Quarantine folder is empty.

Since Crystal Security is only program showing cosmetic issue for me. I'll leave DPI as is.

Thanks
 
Last edited:
  • Like
Reactions: Wave and Kardo Kristal
  • Like
Reactions: vtqhtr413, Andrew999, JM Safe and 13 others
Hi @Petrovic,

Thank you for the feedback. :)
Petrovic said:
repeat - cerber3 cerber3.....etc | sage
Click to expand...

Is it possible that you downloaded or copied "cerber3" file multiple times?

Double entries are currently allowed by default under Blacklist.

When you download or copy same file e.g. 2 times then it will be also listed under Blacklist 2 times (like double entries).

If you downloaded or copied "cerber3" file only once then it is possible bug.
Petrovic said:
cerber2
https://www.virustotal.com/en/file/...6f2fe9579e204100c7eabe0c5382f9c33a3/analysis/
13/57
not detected - first scan
re-scan
Click to expand...

Seems like a bug. I'll look into it.
J Gamez065 said:
Links to stable installers are down. Thinking of adding this to my security config.
Click to expand...

@J Gamez065,

Thanks. Stable download links up again. :)

Regards,
Kardo
 
  • Like
Reactions: vtqhtr413, Av Gurus, DJ Panda and 4 others
  • Like
Reactions: vtqhtr413, nikos200, Andrew999 and 8 others
  • Like
Reactions: vtqhtr413, _CyberGhosT_, Rengar and 12 others
Kardo Kristal said:
Hello,

Crystal Security 3.7.0.4 BETA released

Changelog
  • Improved Dynamic engine (reduced False Positives)
  • Fixed bug in Digital signature verification (signature not detected)
  • Fixed several other minor bugs (user interface)
  • Updated rules set in Dynamic engine (balanced detection)

Two different types of downloads

Download installer version of Crystal Security 3.7.0.4
Download portable version of Crystal Security 3.7.0.4

Looking forward to your feedback. :)

Regards,
Kardo
Click to expand...
Great work Kardo :)
 
  • Like
Reactions: vtqhtr413, Rengar, Sunshine-boy and 4 others
blueblackwow65 said:
Wonder how Crystal would do with wannacry ,anyone test that ? I am running Latest Crystal Security with Comodo Firewall
Click to expand...

Hi @blueblackwow65,

Thank you for the interest. :)

Just performed some tests against following ransomwares:

1. Jaff - sample by @Solarquest

Engines: Collective and Dynamic
Threat Score: 87%

2. WannaCry - sample by @Der.Reisende

Engine: Collective
Threat Score: 87,7%

3. WannaCry v2 - sample by @Der.Reisende

Engine: Collective
Threat Score: 92,8%

4. Cradle - sample by @Amelith Nargothrond

Engines: Collective and Dynamic
Threat Score: 75,8%

5. Cerber - sample by @silversurfer

Engines: Collective and Dynamic
Threat Score: 27%

6. DoNotChange - sample by @Der.Reisende

Engines: Collective and Dynamic
Threat Score: 82,9%

Regards,
Kardo
 
Last edited:
  • Like
Reactions: vtqhtr413, _CyberGhosT_, Mr.NoName and 12 others

You may also like...