SparkCognition DeepArmor

Status
Not open for further replies.

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
They still need corporate email which I will not disclose. No thanks.
They do ask for corporate email id for beta signup but you can request them via mail saying that you're interested in beta testing DA (without corporate email).
I have read about this earlier and some people did get beta license on their private mail id.
However, now as DA is available as trial, there might be lesser chances of them wanting to have more beta testers, this is just a guess. It can be the other way. Good luck!
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Apologies for the delay, I've shared the video review of the discussed DeepArmor Beta here.
Hope that it clears some doubts :)

Thanks for your video test. Question? I think you said that does not use a whitelist. my version_36 created a "whitelist" folder in the deeparmor directory which contains 1 file, procs.csv, which currently lists 10 md5, app paths & processes, although it does not seem like a comprehensive list of good apps on ssd. I'm new to the beta testing of DA, and then was away from my computer the past few days, so limited "analysis" here. No alerts, no FP. I do notice that apps open a tad slower and same for URL in chrome, it certainly seems like DA is inspecting what's happening but the "slow down" has not been an annoyance.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Thanks for your video test. Question? I think you said that does not use a whitelist. my version_36 created a "whitelist" folder in the deeparmor directory which contains 1 file, procs.csv, which currently lists 10 md5, app paths & processes, although it does not seem like a comprehensive list of good apps on ssd. I'm new to the beta testing of DA, and then was away from my computer the past few days, so limited "analysis" here. No alerts, no FP. I do notice that apps open a tad slower and same for URL in chrome, it certainly seems like DA is inspecting what's happening but the "slow down" has not been an annoyance.
I notice a significant slowdown in app launching.
 
  • Like
Reactions: SHvFl

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Thanks for your video test. Question? I think you said that does not use a whitelist. my version_36 created a "whitelist" folder in the deeparmor directory which contains 1 file, procs.csv, which currently lists 10 md5, app paths & processes, although it does not seem like a comprehensive list of good apps on ssd
Yes, I see! But I ain't sure that the whitelist it has, has some system apps entries out of the box or those are just the ones it learnt throughout the many days of use.

To analyse, my current 'whitelist' includes system as well as 3rd party apps that were allowed to execute over the period of time like
— regsvr32.exe
— Notepad.exe
— Xvirus.exe (XVirus antimalware)
— Kerish Doctor .tmp file (3rd party Utility)
Etc.
So I think it's a whitelist for all files it watches and makes so that they aren't blocked or scanned next time?

Also why I wrote no whitelist (in the out of the box sense) was because observing a dangerous action sequence, it blocked some famous system32 files 2-3 times on my Lappy.
You're correct, but how exactly it is, is a bit of confusion. Probably I'll have to rethink...
 
  • Like
Reactions: SHvFl and frogboy
D

Deleted member 178

Do it has a visible whitelist ? i dont see any options on the GUI's screenshots.
 
  • Like
Reactions: SHvFl

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Do it has a visible whitelist ? i dont see any options on the GUI's screenshots.
Screenshot (85).png
This is how it's stored. No whitelisting available in GUI.
It whitelists many files automatically and the others in the whitelist are the ones that the user 'allows' during the threat alerts.
The GUI has 'restore' and 'ignore' options on detected threats though.
The csv file (whitelist file) visible in pic is inside the whitelist folder.
 
Last edited:
  • Like
Reactions: SHvFl

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
So I think it's a whitelist for all files it watches and makes so that they aren't blocked or scanned next time?
Also why I wrote no whitelist (in the out of the box sense) was because observing a dangerous action sequence, it blocked some famous system32 files 2-3 times on my Lappy.
You're correct, but how exactly it is, is a bit of confusion. Probably I'll have to rethink...

Yes see same thing here with whitelist. Yesterday it alerted to 2 apps that I allowed, and now see them in the whitelist. Those 2 are not digitally signed, and voodooshield calculated both as unsafe too. (I'm not intentionally "testing" DA with malware samples)

As for "slowdown," I suppose it depends on your computer, internet connection, and what's tolerable for user. Delay seems more noticeable here opening webpages than opening apps. I wonder if delay also depends on DA cloud server load. Delay opening apps seems a little variable.
 
  • Like
Reactions: SHvFl and shmu26

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
As for "slowdown," I suppose it depends on your computer, internet connection, and what's tolerable for user. Delay seems more noticeable here opening webpages than opening apps. I wonder if delay also depends on DA cloud server load. Delay opening apps seems a little variable.
I haven't noticed any 'noticable' browsing slowdowns with DA. Maybe it's observed by ones having low network speed.
DA communicates with cloud taking very less bandwidth and sends very small fragments of data everytime. So this one shouldn't be the cause of slowdown for sure.
Delay opening apps? Sure. But not comparable to VDS :)
 
  • Like
Reactions: SHvFl and shmu26

Wingman

Level 4
Verified
Well-known
Feb 6, 2017
154
I also have delays when opening webpages and provided some feedback as it initially it blocked valid windows system file with 100% confidence.

Anyone knows if the program would automatically update or should we download the latest version from the website ?
 
  • Like
Reactions: SHvFl and shmu26
D

Deleted member 178

View attachment 147325
This is how it's stored. No whitelisting available in GUI.
It whitelists many files automatically and the others in the whitelist are the ones that the user 'allows' during the threat alerts.
The GUI has 'restore' and 'ignore' options on detected threats though.
The csv file (whitelist file) visible in pic is inside the whitelist folder.
so i can add my files in the whitelist by editing the CSV ? look like colum A are hashes , are they?
 
  • Like
Reactions: SHvFl

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
so i can add my files in the whitelist by editing the CSV ? look like colum A are hashes , are they?
I doubt if we can manually add entries in the whitelist CSV by acquiring its lock (if any).
If that's possible, DA would be vulnerable to tampering by malicious programs too right?
Though it won't currently be targeted by malware, that would be risky and the folks at SparkCognition won't allow that I believe.

I do not have DA installed currently. Will reinstall in some time, try to edit and feedback here.
Yes, the other column stores the MD5 hash of files.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top