FMA Intel-Secure: (CCSU PR-Guard) Edition 2015

Status
Not open for further replies.

Xtwillight

Level 6
Verified
Well-known
Jul 1, 2014
297
The internal area is unlocked for you Nico...
FMA Intel-Secure the Thread name;)

Hello Nico you are area moderator
for thread fma-intel-secure-f53
You can from now move posts merge etc.

sorry it has something lasted
We are bound the Technical options our Forum Software

If you have questions like something is made
please ask for It can always something last until I answer
because my English not so good

Regards Dark
 
Last edited by a moderator:

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Hello Everyone,

Today i would like to announce our partnership between FMA and G-Labs (GL) and Toxic Cyber Data (TCD)
Both privately owned and NATO certified malware research groups, within the EU.
These companies will use the CBAD cloud framework to collect, identify and analyze malware and malicious files next to their own proven cloud and local malware research applications.

Also we are pleased to announce that we have installed:
50x Kippo SSH Honeypots which logs all kinds of malicious actions targeting SSH servers and remote access protocols.
50X Glastopf vulnerability honeypots which logs most vulnerability attacks towards windows and Linux based OS's
200x Dionaea Malware honeypots which will log lots and lots of windows based malware.
150x Thug which is basically a emulator honeypot that acts like a weak browser.

Also we increased our cloud capacity to 1000MBPS emulation speed at a 25mb file size.
Updated detection DB dramatically.

We are currently working on a addon malware engine that can detect malware while still packed as network data package, which will obviously be added (If and only if the tests keep producing good results) asap to our EYE/CBAD engine to have better real-time detection (More oriented towards Endpoint principal using DPI as a detection method next to our CBAD emulation and dynamic signature detection.)
Yes DPI can be used as malware detection tool if and only if you know what you are looking for.

Example: A rootkit is calling home (Prior or just after successful infection) the unique call can be used as a signature to block incoming and outgoing data streams. Basically rendering a rootkit home callling functions usless.
Adding the emulation power of the CBAD engine and you got yourself a heck of a detection method.
For nearly 4 years Norton and Kasperky have been trying to get this to work and it seems that FMA has beat them to it, as i got over 700 megs worth of logs proving it works, the only issue we have is the resource usage as this is over 450 megs.
Which is WAY WAY to much yet we tested the engine against 1000+ malware's provided by external verified research labs and the DPI based engine caught 86% of the transmitted malware based upon their unique network call sign.
And that makes my heart glow... it really does as if this works only 50% as good as it looks on paper then we got a instant winner here.

In the next weeks you will see serious changes to our CCSU guard program slowly changing from a forensic tool towards a find and deal with it on the spot utility.

So if you like to test our program you can download it from our website: https://fma-is.com however keep in mind we left the beta fase weeks ago but with this new added technology we are happy to announce that CCSU beyond 1.1.1.4 should be considered a new beta version.

Everything is going to change now, the only real kicker is that we do not have a new name yet for our CCSU V2 application, so if you come up with a good name for our program then this would be awesome.

Stay tuned for more.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
NVTEXE Radar Pro blocked installation - "Invalid or revoked certificate"?

Clipboard01.jpg


Clipboard01.jpg
 
Last edited:

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
NVTEXE Radar Pro blocked installation - "Invalid or revoked certificate"?
View attachment 67027
View attachment 67028

Currently the online version does not have the extra's i did mention in my previous post, yet the next updates for EYE-AM version: 1.1.1.4
And CCSU 10.1.10.21 will slowly add more functions and change the main program.
Regarding the certificate it was self-signed and expired as you can see. Obviously we will fix this soon.
Anyway the software is clean malware free so any alert you can disregard as FP.

Probably his certificate is expired. Valid to 19.07.2015. @Av Gurus

Regards,
Kardo

Correct.
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Hello Everyone,

Today i would like to announce our partnership between FMA and G-Labs (GL) and Toxic Cyber Data (TCD)
Both privately owned and NATO certified malware research groups, within the EU.
These companies will use the CBAD cloud framework to collect, identify and analyze malware and malicious files next to their own proven cloud and local malware research applications.

Also we are pleased to announce that we have installed:
50x Kippo SSH Honeypots which logs all kinds of malicious actions targeting SSH servers and remote access protocols.
50X Glastopf vulnerability honeypots which logs most vulnerability attacks towards windows and Linux based OS's
200x Dionaea Malware honeypots which will log lots and lots of windows based malware.
150x Thug which is basically a emulator honeypot that acts like a weak browser.

Also we increased our cloud capacity to 1000MBPS emulation speed at a 25mb file size.
Updated detection DB dramatically.

We are currently working on a addon malware engine that can detect malware while still packed as network data package, which will obviously be added (If and only if the tests keep producing good results) asap to our EYE/CBAD engine to have better real-time detection (More oriented towards Endpoint principal using DPI as a detection method next to our CBAD emulation and dynamic signature detection.)
Yes DPI can be used as malware detection tool if and only if you know what you are looking for.

Example: A rootkit is calling home (Prior or just after successful infection) the unique call can be used as a signature to block incoming and outgoing data streams. Basically rendering a rootkit home callling functions usless.
Adding the emulation power of the CBAD engine and you got yourself a heck of a detection method.
For nearly 4 years Norton and Kasperky have been trying to get this to work and it seems that FMA has beat them to it, as i got over 700 megs worth of logs proving it works, the only issue we have is the resource usage as this is over 450 megs.
Which is WAY WAY to much yet we tested the engine against 1000+ malware's provided by external verified research labs and the DPI based engine caught 86% of the transmitted malware based upon their unique network call sign.
And that makes my heart glow... it really does as if this works only 50% as good as it looks on paper then we got a instant winner here.

In the next weeks you will see serious changes to our CCSU guard program slowly changing from a forensic tool towards a find and deal with it on the spot utility.

So if you like to test our program you can download it from our website: https://fma-is.com however keep in mind we left the beta fase weeks ago but with this new added technology we are happy to announce that CCSU beyond 1.1.1.4 should be considered a new beta version.

Everything is going to change now, the only real kicker is that we do not have a new name yet for our CCSU V2 application, so if you come up with a good name for our program then this would be awesome.

Stay tuned for more.

Edit:
The next updates for EYE-AM version: 1.1.1.4 and CCSU version: 10.1.10.21 will slowly add more functions and change the main program.
Currently we have not released any updates yet....


I will notify you guys when its time.

Cheers
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
I understand, just want you to know. ;)
 

cutting_edgetech

Level 3
Verified
Feb 14, 2013
113
I tried installing PR-Guard a few days ago on Windows 7X64 Ultimate, but it would not allow me to change the installation path so I aborted the installation. I wanted to install it in the Program Files Folders to avoid conflict with my policy based AE software. The installer gives the option to change the installation path, but it does not work.
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
I tried installing PR-Guard a few days ago on Windows 7X64 Ultimate, but it would not allow me to change the installation path so I aborted the installation. I wanted to install it in the Program Files Folders to avoid conflict with my policy based AE software. The installer gives the option to change the installation path, but it does not work.

No that's incorrect, FMA must be installed in c:/FMA this is particular important for some checks the program does during its routine.
The option you are referring to has been disabled.
Our software will not conflict with your AE Software period, since our software is working outside the scope of such programs in the first place.

Kind Regards,
Nico
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
It will, I think he's using AppGuard...

Does AppGuard have a full working free version so i can run some tests on the Windows 10 version we are currently developing?
If yes then gimme a link and some basic config info so i can try to see if it will jam my software.

Kind Regards,
Nico
 

cutting_edgetech

Level 3
Verified
Feb 14, 2013
113
Thank you for all the responses beating me to the punch. I think the responses from other members on my behalf are correct. The problem will be that an exception will have to be made in AppGuard excluding PR-Guard installation folder from the user-space. I don't like excluding folders from the user-space because that leaves small holes for malware to be dropped into the user-space. AppGuard is a policy based anti-executable, and not a whitelisting anti-executable. The only whitelisting AG has is by digital certificate, and that's optional. AG blocks all executions in the user-space except digitally signed files. Digitally signed files will be allowed to run in the user-space with limited rights in Medium Protection Mode. This would be the same as running PR-Guard sandboxed if it is a signed file. In Locked Down Mode even signed executables are not allowed to execute in the user-space. Only guarded applications are allowed to execute from the user-space in Locked Down Mode.

I should have explained above that C:\ is not technically the user-space, but it is treated as the user-space by AG since it uses the same policy for both.
 
Last edited by a moderator:

cutting_edgetech

Level 3
Verified
Feb 14, 2013
113
Thank you for letting me know. If that is still the case then I would prefer to install it on a test machine, and help them work out the bugs. I think it is still in beta anyways. Is it still in beta? I don't have the link to their website handy.
 

cutting_edgetech

Level 3
Verified
Feb 14, 2013
113
Thank you! It says for Windows 7 only, but it does not say anything about it being a beta that I see. I did not read the whole page though. It says version 10.21
 

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Any vulnerabilities found should be discussed with the OP in a PM.Not in the open forums and surely not quoting banned members.
If these have been discussed with the OP and he or she does not post/advise members of these in their thread then the concerned member should PM a staff member and we will handle this among staff.
Bugs and conflicts are fine to discuss here however this needs to be done in a civil manner.
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Hello Guys,

It has been weeks ago that we posted any new updates since we have rewritten the whole CCSU serie.
And with great success if i might at. Most of you remember the "swiss army knife" concept that we talked about some time ago?
Well its finally here, very soon we will release a demo/tryout version.

Stay tuned.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top