Crystal Security 3.7 BETA

Kardo Kristal

From Crystal Security
Thread author
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143

Hi @Petrovic

Thank you for the feedback.

Static engine updates information about malware via Feeds. Feeds collects information about malware.
Feed includes hashes and urls but only hashes of malware are stored locally. URLs of malware are only temporarily loaded.
It seems that Any Run service analysis captured temporarily loaded URLs during analysis.

Regards,
Kardo
 

Kardo Kristal

From Crystal Security
Thread author
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
F

ForgottenSeer 69673

Windows Defender flags the install file as a trojan.
ScreenHunter_134 Dec. 21 16.08.jpg
 

Kardo Kristal

From Crystal Security
Thread author
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
Windows Defender flags the install file as a trojan.

Hi @ticklemefeet

Thank you for your feedback.

I just tried to check the installer file on my computer and here is clean.
The installer file is not detected by Windows Defender.

Can you please send False Positive report to Microsoft?

Regards,
Kardo
 
F

ForgottenSeer 69673

Hi @ticklemefeet

Thank you for your feedback.

I just tried to check the installer file on my computer and here is clean.
The installer file is not detected by Windows Defender.

Can you please send False Positive report to Microsoft?

Regards,
Kardo

I am on the latest insider update. Maybe that is why. Not sure how to send the file since it deletes it right after download. It delets the install file and the portable file. It does not quarantine it or offer a way to white list the file. This is something you will have to submit to MS I am afraid.
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,448
I am on the latest insider update. Maybe that is why. Not sure how to send the file since it deletes it right after download. It delets the install file and the portable file. It does not quarantine it or offer a way to white list the file. This is something you will have to submit to MS I am afraid.
Are you using any of the Defender tweakers ( Config Defender, NVT OSA, System hardeners)?

It's not starting at boot for me most of the time now since the last few Windows updates?

Windows 7 home 64bit
 

Kardo Kristal

From Crystal Security
Thread author
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
@Kardo Kristal

Is the dynamic engine scanning with sources like VT or what does it do?

Hi @In2an3_PpG

Thank you for your interest. :)

Dynamic engine uses local rules set to identify file status.
Currently there are about 15 different rules in rules set.

Some examples of rules: File signature, file age, extension, location, file visibility...
Dynamic engine does not require database updates and it can work without internet connection.

All data collected in the file is compared with the rules set.
When certain combination of rules are detected then Dynamic engine can determine the file status.

Regards,
Kardo
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top