And see my 2 Pictures that says the Fileversion and no Copyright info is 0.0.0.0 is that so right
With best Regards
With best Regards
Thanks for reply and nice you added new feature to protect registry...I understand that we can add our own entries? What's job of feature called "Kill"...is it only for closing detected process what would means that "Delete" do the same and additionaly delete phisicaly instance of process?Hi ichito
1. This is the result when i tested with Security Test Tool:
2. About protect webcam, my app only disable the webcam
3. The real-time protection only checks processes when they are created using Virustotal, heuristic AI and Yara rules. It's not like HIPS/BB.
4. It's secure desktop.
5. I only checked on windows 10 so maybe it had some problems on windows 7. I will check it.
Hi ichito!Thanks for reply and nice you added new feature to protect registry...I understand that we can add our own entries? What's job of feature called "Kill"...is it only for closing detected process what would means that "Delete" do the same and additionaly delete phisicaly instance of process?
Could you add info about supported Windows versions?
BTW...the last version unfortunately don't want to work on Windows 7...
Something like what Voodooshield does ..but block is dependant on VT-results and the settings of the user and you will be allowed to use VT (because your program feeds VT based on its own detection's) and you have a unique selling point (a consumer host intrusion detection system with user configurable VT intrusion prevention check).
Thanks for the rapid response, I have another question and a suggestion:
Question: when are you planning to move the AI to client side (to prevent overloading your own server)?
Suggestion: because your program uses several interesting detection mechanisms (e.g. heuristics, AI and Yara), you could position it as a true client side host intrusion detection system. In this scenario the heuristics, AI and Yara engine only function is to detect something suspicious (the intrusion detection part), next the VirusTotal check is triggered and depending on user setting a block (e.g. more than 10) or a prompt (less than 10 but more than 5 AV's on virus total think it is malware) or a message (less than 5) is shown.
This has the advantage that you can fine tune your protection mechanisms, without having to worry about false positives (detection based on your engines, but block is dependant on VT-results and the settings of the user) and you will be allowed to use VT (because your program feeds VT based on its own detection's) and you have a unique selling point (a consumer host intrusion detection system with user configurable VT intrusion prevention check).
Hi Parsh!Nice suggestions Lenny
@LeMinhThanh congratulations on building a nice security companion
Did you check if your process can be easily killed by malware (self-defense)? Do you allow process to run while the files are being scanned or are they blocked at first to avoid consequences?
The potential for additions is unlimited. Alerting about vulnerable system processes (can refer to some related infamous tactics from Mitre Attack directories), command-line scanning like VDS (different from any checks done in Yara rules), digital signature validation and verification. Though all of these will be very secondary features and perhaps heavy.
Flexible configurations like @Lenny_Fox suggested is a good tweak. You can compartmentalize the modules on the main screen with labels so that those can be easily related with the security options provided in the settings.
Something like what Voodooshield does ..
View attachment 238157View attachment 238155View attachment 238156
My intention was only to highlight methods used by users to customize their SRP/HIPS (like referring to Mitre examples) and highlight some features used by other companion apps like VDS. Some checks could be added if you monitor certain processes for XYZ, making a unique point. Though this would require a good efforts and understanding of the internals.Hi Parsh!
Yes, my app can be easily killed by malware, so I think I can add a watcher to protect it or something like this. Maybe in some next version.
Yeah, the potential for additions is unlimited. I will try my best to add these feature in every version.
Hi!My intention was only to highlight methods used by users to customize their SRP/HIPS (like referring to Mitre examples) and highlight some features used by other companion apps like VDS. Some checks could be added if you monitor certain processes for XYZ, making a unique point. Though this would require a good efforts and understanding of the internals.
It's best up to your idea of the scope of the app. What you intend to provide. How much time and efforts you can/want to dedicate to this project. What little things can be feasibly added for good, and what is absolutely unnecessary
BTW does your app detect kernel-mode keyloggers? I doubt that it would need a kernel mode driver for that. And that's difficult with Windows x64 restrictions.
The app already seems to provide quite some interesting features for a basic companion, or an antilogger especiallyI created this application during the Covid19 isolation period in VietNam, so I'm not sure how much determination I could devote to this application. But for now I will focus on bringing AI to the client!
Your suggestions are interesting but I'm not sure if I can do it or not. My app cannot detect kernel-mode keyloggers, it is quite difficult to do.
While the anti-logger sounds like a good AV companion, to be more readily considered a good freemium companion, it will have to complement rather than overlap the typical features of the AVs out there.Position your application as the ideal antivirus companion focusing on user land threats. The rational behind it is that malware has limited operating room when it runs as an unelevated process. At the same time users are not warned when malware changes a HKCU autorun registry key (UAC does not protect those), so even while the operating system limits the damage an unelevated process can do, it still can do a lot of things average users don't want to happen: like a spyware application living in user folders surviving reboot by adding itself as an HKCU autorun entry.
Another advantage of changing your promise (only warning against ring 3 - user land intrusions) is that you don't need to protect against kernel based keyloggers (which has the advantage that your application is not considered to have a weakness or missing something).
So my suggestion would be: limit the intrusion detection to
1. Userland hook protection (e.g. keyloggers)
2. Userland registry protection (only HKCU)
3. Yara rules protection
4. Heuristics (explain what it involves???)
I get your point you're keeping with a micro-fee. It could be justified. However, don't you think that average people tend to judge the value of protection also based on the fees - and a micro-fee might sound discouraging for a buyer per se?Shortest GO2MARKET road I can think of. When protection module is ready launch your companion as a fremium program (1 year free then ask a yearly micro-fee, say 2.95 US dollar, that is less than the price of a big-mac).