Status
Not open for further replies.

Nico@FMA

Level 27
Major Update 1.27.2014 Rev: 17

Alright guys, after another backbreaking night of coding and testing i am most happy to announce the full beta version of FMA Intel-Secure Forensic Malware & Intrusion Analysis program.
I have personally tested it to a point where i found myself sleeping behind the computer, so right now the program is working and rock solid.
The only thing that bugs the living crap out of me is the fact that some antivirus companies do flag the included executable sub programs as a virus.
I have mailed all of those who did list the files as virus & suspicious so now time will tell how long its going to take for them to certify the software as clean.
That being said lets start talking happy things, what features do does the program have?

Function list:
Deep level system data and security audits (FMA1System):
  • Auto Browser and system junkfiles removal
  • Harddisk volume and serial logging
  • Installed system software list
  • Active and hidden processes scan and logging
  • Advanced process handler scan and logging
  • Legit windows services and rogue services scan and logging
  • Extended services status scan and logging
  • Advanced start-up scan and logging
  • Driver audit and signature scan and logging
  • Windows bootmanager scan and logging
  • Kernel Transaction scan and logging
  • System Policy scan and logging
  • Group Policy scan and logging
  • ALL above cross reference scan and logging
FMA1System is the first module out of 3 modules to scan and log the system, the logfile generated by FMA1System is just amazing and 100% accurate. If there are malware & intrusion or malicious data traces FMA1System will list them and a system admin will be able to navigate to the files and remove them by hand as the module will tell everything there is to be known about your data.
The scans are deep and very accurate and data cannot be hidden from it.

Advanced network and security audits (FMA2Network):
  • Valid and rogue connections scan and logging
  • IP routing table scan and logging
  • All active listening TCP and UDP connections scan and logging
  • Active TCP connections and (PID) logging
  • Logging statistics TCP, UDP, ICMP, and IP protocols
  • Bytes and packets sent and received statistic logging
  • scan and log components for all executables
The FMA2Network module will scan you entire network and list every bit of data and will cross reference the data with module 1 FMA1System in order to detect and log intrusion and malware traces.
If the pc in question as been hacked there is no way FMA1Network is not going to see it, because it will read out every single module a pc has to establish a connection in the first place. And because it cross references connections to their parent files the log almost spits out a home address and phone number lol (Yes its that accurate)

Advanced firewall audits and internet connection repair (FMA3Internet):
  • Advanced internet connection repair and logging
  • DNS scan, logging,repair, cleaning
  • ARP tables scan, logging, repair, cleaning
  • Full IP INT scan and reset capability
  • Advanced firewall audit and repair
  • Firewall helpers scan, logging and repair
  • Logging of all allowed programs
  • Logging of current profiles and repair
  • Deep level firewall configuration analysis and repair
  • Deep level ICMP configuration scan, logging and repair
  • Full Inspection firewall services and dependencies (Logging and repair)
  • Firewall state inspection and logging
  • Full firewall extended logging
  • Advanced MCB scan, logging and repair
  • Advanced open ports scanning, logging and repair
  • Advanced firewall rule inspection, repair and logging
  • History logging for historical firewall notifications
  • Extended firewall OP mode scan and repair
  • Advanced winsock readout, logging and repair
  • Past and present full route information readout & logging
  • Advanced full reset and repair of Windows firewall, profiles, policies, rules, ports and dependencies
The final module FMA3Internet is a hackers worse nightmare it works with modules 1 and 2 and totally track back ANY malicious actions to a point where you can eyeball and in real time change and intercept problems, not trying to be funny and i am not trying to claim things the program cannot deliver, but if you think that module 1 and 2 are impressive then you should see the fireworks generated by the FMA3Internet module.
For any hacker reading this if you come across FMA then you know you hacked the wrong PC as very soon you will hear that classic: DING DONG or KNOCK KNOCK at your door because this is the moment the Cops will end your internet fantasies. Seriously the program is specifically written to see ALL data past and present and spit it out in a log which can be examined by a forensic expert or by a system administrator and they will have the ability to pin point issues and deal with them on the spot.

Additionally the program comes with Kaspersky TDSSkiller and Norton NPE to give some emergency stand-off against detected root-kits (Yes the log can see them to^^) and if you see a file that does not fit a legit file description or it does not seem clean anymore then you just can copy past the address and put it into a virus total scanner which will tell you if its clean.

Keep in mind the program has NO antivirus capability, but if viruses are present or old traces of them the logbook will show it and you can remove it by hand, next to that the program does cross reference all data with their dependencies, services, executables, drivers, internet settings, the register, user and group policies + processes and internal process PID + CPU and Memory PIDs + sub processes.
So reading the log will allow you to be a human antivirus a human firewall and a digital swat team.
And these are just a few functions that the program can do as during the scans it does a whole lot more.

As mentioned above i have done a major update, so lets list them:

  • Logbook cannot be corrupted when a scan is running (File in use protection)
  • Fixed GUI icons and added some information
  • Major GUI overhaul and smoothing
  • Fixed memory usage (less then 15mb)
  • Compiled the batch files into executables to avoid source corruption
  • Re-Compiled the whole core, installer and uninstaller
  • Added over 100 tweaks to make the program even better
  • total source code overhaul and clean up
  • Added future upgrade capacity and upgrade features (not enabled atm)

* Note the program does not have self defense capability yet we are working on this but its going to take some time to properly get it to work, it was planned to be released with this update but i have taken it out because it did not perform in the way i want it to perform.

* This program does focus on Windows core and windows Firewall the very reason for this is simple, 99.9% of all the hacks, infections and alterations of the windows core and its modules is always being listed within the logbooks, if you know where to look.
Windows firewall has a questionable reputation in terms of protection however its internal logging and its internal modules are utilized by third party products in order to make the product work in the first place.
This is thanks to MS because MS likes to log your computer habits and such, so even when you install products like Comodo, Outpost or Zonealarm they still indirectly will work with Windows Advanced Firewall core modules, and its exactly these core modules that are being scanned.
Keep in mind a third party product, regardless how good they are still are bound to using windows internal modules.
So the program does not focus on logging third party tools (While in some cases it does list notable events) it does focus pure and alone on windows integrity related modules, which provides first hand and 100% accurate info.

So as you can see i have been busy.

Now how do you use the program?
1: Install your pc and update it. (MUST BE 32-Bit Windows 7)
2: Install the program (prefer be installed on clean system for best clean log generation).
3: Run the program (FMA.exe)
4: Work your way trough the steps start with button 1 and work your way up (DO NOT MIX and do NOT run multiple tasks at ones), just hit the correct button and the program does the rest just sitback and relax:)
5: Read the log (button 4 will bring it up after scans are done)
6: Move the log to a usb stick (you can find it: C:/FMA/securitylog.txt)
7: Ones copied to the USB stick rename it to: securitylogclean.txt)
8: Remove the old copy from the pc itself.
9: Close the program and unplug the USB.

Now when does the program shows its capability?
Scenario: 1 month after you fresh installed your pc you suddenly get hacked or infected and your traditional AV did fail you and your firewall is busted.
You can run FMA.exe again and generate a NEW log and when the scans are ready you can start comparing the log on your USB and the log generated on your dirty system and eyeball the changes and handpick /correct them.
And take the actions you need to take to stop and repair the malicious code.

Extra advise:
* Programs like Sourcegear Diffmerge http://www.sourcegear.com/ (FREE)
and Beyondcompare http://www.scootersoftware.com/ (PAID)
Are instrumental in log comparison just point them to the logfile and they will highlight the exact changes with no hassle.
Just point, compare = result.

In the near future we will add a comparison tool ourself.


If you did not make a cleaninstall scan and you have to run the program on a infected system then you can as the log generated will be just as good BUT it will be a bit harder to spot problems as you have no reference so this will require extensive know how.

* Note you need to have advanced knowledge about your PC and hardware & software and you need Advanced Know how about windows and how windows works this is not Comodo or any tweakable product and this is not your average joe program, my point here is (No disrespect to Comodo or other brands that allow tweaking) You cannot tweak, you shall not tweak and NO you cannot play around with it seriously!!!!!! The program has a build in crash module when you use it in the wrong way it will shut down because i rather see posts it about the program saying it did shut down, then seeing posts: I tweaked the program and now my pc is busted.
Keep in mind the log is raw data and while it does have some structure it is not a easy book to read, so again let me say this one more time: You need some serious PC skills both on Hardware, Software, Windows core functions and you need advanced understanding about Networks.


The program has been made to make it as simple as possible and it really is however the moment your eyes read the log you will exactly know why i gave you the warning <evil grins> Hence why i gave some extra advise above to download a third party log comparison software.

Anyway the moment my domain is fully online (Its bought and it takes up to 72 hours to activate over the net)
And i will make the program itself available exclusive for Malwaretips approved members. (As it was never designed for "home" use)

If you come across bugs, problems or you have ideas, please contact me and provide detailed info, screenshots and if possible the log you generated and i will do what i can to fix it)
The more info i have the more future potential this program will have, because at this stage any idea's (If possible) are most welcome.
Did i forgot anything to mention? I am pretty sure i did... But first i am going to get myself a cold beer and then i am going to take a serious sleep as it was a VERY long night (18 hours)

PS (Those who have offered to test the program please contact me for a new version)
Kind Regards Nico
 
Last edited:
D

Deleted member 178

Good works, it was released earlier than i expected. seems i have to ask you the link to download it again
 
  • Like
Reactions: Nico@FMA

Nico@FMA

Level 27
Major Update 1.27.2014 Rev: 17

Alright guys, after another backbreaking night of coding and testing i am most happy to announce the full beta version of FMA Intel-Secure Forensic Malware & Intrusion Analysis program.
I have personally tested it to a point where i found myself sleeping behind the computer, so right now the program is working and rock solid.
The update Major Update 1.27.2014 Rev: 17 (See above) has been edited and updated with extra info and extra details so read it and let me know what you think about the concept and its capabilities based upon the info.
The more feedback the better because at this stage feedback is instrumental for the next versions.

Cheers
 
Last edited:

Nico@FMA

Level 27
Finally Symantec has responded to my program submission to white list it as safe:

In relation to submission [*******].

Upon further analysis and investigation we have verified your submission and as such
this detection will be removed from our products.

The updated detection will be distributed in the next set of virus definitions,
available via LiveUpdate or from our website at
http://securityresponse.symantec.com/avcenter/defs.download.html

Decisions made by Symantec are subject to change if alterations to the Software are
made over time or as classification criteria and/or the policy employed by Symantec
changes over time to address the evolving landscape.

We invite you to take part in our whitelisting program.
To participate in this program, please complete the following form:
https://submit.symantec.com/whitelist


Sincerely,
Symantec Security Response
http://securityresponse.symantec.com

Now that's what i call service, 5 hours ago submitted and now they issuing a new definition update for all their products to class my software as safe.
I am a happy person again, i do not mind shitty "C Grade" AV vendors on virus total to list my software as bad it even makes me laugh considering that my program was born thanks to those fuzzy AV vendors who still run a engine dating back to 1930 lmao and are not able to see the difference between a text file and a Yankee doodle virus (laughing it almost hurts looooooooooooool)
But being listed by Symantec was NOT a nice thing.
So i take that kinda serious.
Mailed them on the spot and hyper hyper problem fixed.

*sight*
 
Last edited:
  • Like
Reactions: MrXidus

Nico@FMA

Level 27
Feature request and Update:

Hi guys,

While i am waiting on the reviews which are taking place as we speak i would like to address some issues and idea's.
Right now it seems that the program has a problem with cross OS task functions so i will develop a standalone program for specifically

* Windows 7 32Bit
* Windows 7 64Bit

At this very moment the program is developed with cross OS in mind, however after another round of extensive testing it turns out that it is not working as well as i would like.
So as of this moment i will make 2 individual programs each dedicated to their specific architecture (32/64b)
This will have a desirable effect upon the program itself and will simplify things.
So in the next few days i will release a BETA for 32 bit and for 64 bit and you guys can take the program for a test spin.

If you take into account the features described in my previous major update post then i would like to ask what features and abilities the program should have?
So if you got any real idea's then please share your idea here and who knows maybe ill put it in.
* Do note the program is NOT going to be a antivirus and neither is it made to perform resident tasks so please leave the internet security idea's as they will never be implemented. However i am going to give the program some standoff against specific type of malware as KAV and NPE antirootkit tool has been added and in the near future i will add some more tools to it, to cover a wide range of nasty pest.

That being said give me your idea's be specific so tell me how it should be working and what you would like the program to achieve.
The best 5 idea's will get the finished software package the moment we will leave the BETA stage.
Also take into account there are a few people who are doing a review as i mentioned so take that into account when you request a feature.

I will keep you guys posted for additional updates and news.

Cheers
 
D

Deleted member 178

Used to drink Kronenburg in France, dont know if still exist but in Vietnam is only light beer.
 

Nico@FMA

Level 27
MAJOR Updates and News

Hello Everyone,

First of all let me thank every single one of you for the support, kind words and reviews on our products. The amount of solid tips and idea's has been instrumental and a great help in order to develop our software in the way it currently is.
Granted it is not yet bug free because as we speak its only made for Windows 7 32 Bit and some functions do not show right in the logbooks BUT the software itself is working and it is working flawless as has been proven in the 2 reviews done by @Umbra Polaris (See here)
There is still so much work and there are several major updates planned which will enhance the very ability of our software and it will polish the already implemented functions to a point where we get close VERY close to a final version. So as you probably noticed i am so exited because a dream is finally coming together and again you guys have been instrumental in making my dream come true in the first place.

So N.NVT what updates can we expect?
Well let me give you a sneak preview:

1: Full registry audits, deep level checks and cross call function referencing (expected to be implemented in the next update)
2: Full compatibility with windows 7, 8 both 32bit and 64bit (expected to be ready August or September) depending on some additional issues
3: Full analyses capabilities (point to point analyses (PPA) for the following extensions dll, exe, bin, xml, ocx, vbs, cab (expected to be implemented in the next update)
4: Enhanced and more mature GUI with full help options (expected to be finished same date as the compatibility update)
5: And over 300 smaller updates, tweaks and sub functions (expected to be added within the next minor revision packages)
6: Advanced repair options and USB boot image SOS kit (final date unknown yet but the aim date is near august.)

So that covers the updated part.

Now the next phase is full public testing and video testing i am looking for people who would like to take the program for a test spin and public your results.
As i mentioned before its not 100% bug free and there are enough things that i will change but the very core and the program itself is as good as it gets.
So do you think that you have what it takes? Then please review my program and post your results.

That being said I am proud to announce that the second BETA (V2) version is finally online and ready for download, as mentioned in previous posts our software has some unique abilities, but for those who do not know yet let me give you the short version:

FMA Intel-Secure™ forensics & intrusion analysis software (FIAS) is a highly advanced digital forensic investigation and analysis tool.
Which allows system administrators and network specialists to collect, preserve and reveal digital evidence on windows based systems and networks.
FIAS has the ability to perform memory and file analysis of a specific host and collects information about running processes and drivers from memory using basic and advanced techniques.
It gathers advanced file system meta data, registry data, event logs, network information, services, tasks, and Internet history.
Amongst many others, FIAS’s features include other advanced options to read, scan, cross-reference and extract any data from multiple known and unknown sources within the Windows based operating systems and networks.
Our downloadable version of FIAS is very capable and comes with a very rich and advanced tool set that allows you to ultimately reveal any malicious data and traces to the source which allows you to reverse engineer and stop potential & actual cyber threats.
The FIAS program and tool has been designed to be highly adaptable and can be modified (Modular) by our developers to specifically match your requirements. Please contact us for more information.

To download please go to our webpage: http://fma-is.nl

Stay tuned for news, updates and follow us on Twitter
And if you got questions, ideas or comments then by all means post a reply.

PS: I do have one question myself, as you have seen there is loads of info written by me and umbra and some others about my program, but i would like to know what you guys really think about it? So please go trough the info and share your views.

Kind Regards n.nvt
 
Last edited:

Nico@FMA

Level 27
Omg i am so pissed off this is unreal



I am using a VPS and a dedicated server from Hostinger and without even informing me they came up with the idea, WE ARE NOT GOING TO HOST EXE, RAR, ISO, TXT AND PDF FILES ANYMORE. They have deleted over 4mb of help files (Integrated online help) and program update files from my servers.
So the previous announcement is not going to happen YET due to the fact they deleted the BETA version of the premium package i was going to launch. The whole USB ISO image (Final product) is completely gone my and to make matters worse they relocated my whole site to the freaking US while i specifically asked to be hosted on a NL server in a NL Datacenter which is part of my terms of services and privacy policy.
Lucky for me i got backups and i got all the software compiled and uncompiled but i spended 5 days in a row getting stuff done, just to see that i will have at least another 5 days to bring it back online due to Hostinger.

So i just contacted a new host and i will be migrating the site and everything to them within 5 days.
Please bare with me as there will be some downtime. But i guarantee FMA Intel-Secure webpage V2 will be so much better....

Now if you excuse me: I NEED TO BLOW OFF SOME STEAM.
^*^&*%#^&**#^%#&**#!!!!
Due to my good reputation i will not translate what i just said.

Cheers
 
Last edited:
  • Like
Reactions: Deleted member 178

Nico@FMA

Level 27
Just sexy just cool just FREAKING EPIC, Yes i am a happy person again.


Thank you so much my dear new host for just being freaking awesome.

Just bought guaranteed performance level package:
CPU: 3 vCores (4 GHZ each)
RAM: 4GB (Minimal) 8GB (Max)
HDD: 50 GB Raid 10
Visualization: 64 Bits OpenVZ
DATA Speed: 100+ Mbps (Minimal) 500Mbps (Max)
IP: Dedicated IPv4 and 1 IPv6 on all ports
Monitoring 24/7 + Anti DDOS + Dedicated Firewall + SLA + Emergency backup and crash prevention.

And a whole list of other VERY VERY nice features.
Now without advertising anything but this is one HELL of a good deal.
On top of that i ordered 2 more domains for FMA Intel-Secure, and the best part and here it comes: DRUMS DRUMS Trumpets....
They are going to migrate the whole thing for me without me even having to do anything.

So hostinger go BEEEP BEEEP BEEEP and BEEEP BEEEP BEEEP.
Got that?

Alright guys in all seriousness FMA Intel-Secure will be fully up and running within NO time.
Stay tuned for new updates and news.

A very happy Nico
 
Status
Not open for further replies.