Status
Not open for further replies.

Parsh

Level 25
Verified
Trusted
Malware Hunter
They still need corporate email which I will not disclose. No thanks.
They do ask for corporate email id for beta signup but you can request them via mail saying that you're interested in beta testing DA (without corporate email).
I have read about this earlier and some people did get beta license on their private mail id.
However, now as DA is available as trial, there might be lesser chances of them wanting to have more beta testers, this is just a guess. It can be the other way. Good luck!
 

simmerskool

Level 9
Verified
Malware Tester
Apologies for the delay, I've shared the video review of the discussed DeepArmor Beta here.
Hope that it clears some doubts :)
Thanks for your video test. Question? I think you said that does not use a whitelist. my version_36 created a "whitelist" folder in the deeparmor directory which contains 1 file, procs.csv, which currently lists 10 md5, app paths & processes, although it does not seem like a comprehensive list of good apps on ssd. I'm new to the beta testing of DA, and then was away from my computer the past few days, so limited "analysis" here. No alerts, no FP. I do notice that apps open a tad slower and same for URL in chrome, it certainly seems like DA is inspecting what's happening but the "slow down" has not been an annoyance.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Thanks for your video test. Question? I think you said that does not use a whitelist. my version_36 created a "whitelist" folder in the deeparmor directory which contains 1 file, procs.csv, which currently lists 10 md5, app paths & processes, although it does not seem like a comprehensive list of good apps on ssd. I'm new to the beta testing of DA, and then was away from my computer the past few days, so limited "analysis" here. No alerts, no FP. I do notice that apps open a tad slower and same for URL in chrome, it certainly seems like DA is inspecting what's happening but the "slow down" has not been an annoyance.
I notice a significant slowdown in app launching.
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
Thanks for your video test. Question? I think you said that does not use a whitelist. my version_36 created a "whitelist" folder in the deeparmor directory which contains 1 file, procs.csv, which currently lists 10 md5, app paths & processes, although it does not seem like a comprehensive list of good apps on ssd
Yes, I see! But I ain't sure that the whitelist it has, has some system apps entries out of the box or those are just the ones it learnt throughout the many days of use.

To analyse, my current 'whitelist' includes system as well as 3rd party apps that were allowed to execute over the period of time like
— regsvr32.exe
— Notepad.exe
— Xvirus.exe (XVirus antimalware)
— Kerish Doctor .tmp file (3rd party Utility)
Etc.
So I think it's a whitelist for all files it watches and makes so that they aren't blocked or scanned next time?

Also why I wrote no whitelist (in the out of the box sense) was because observing a dangerous action sequence, it blocked some famous system32 files 2-3 times on my Lappy.
You're correct, but how exactly it is, is a bit of confusion. Probably I'll have to rethink...
 
D

Deleted member 178

Do it has a visible whitelist ? i dont see any options on the GUI's screenshots.
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
Do it has a visible whitelist ? i dont see any options on the GUI's screenshots.
Screenshot (85).png
This is how it's stored. No whitelisting available in GUI.
It whitelists many files automatically and the others in the whitelist are the ones that the user 'allows' during the threat alerts.
The GUI has 'restore' and 'ignore' options on detected threats though.
The csv file (whitelist file) visible in pic is inside the whitelist folder.
 
Last edited:

simmerskool

Level 9
Verified
Malware Tester
So I think it's a whitelist for all files it watches and makes so that they aren't blocked or scanned next time?
Also why I wrote no whitelist (in the out of the box sense) was because observing a dangerous action sequence, it blocked some famous system32 files 2-3 times on my Lappy.
You're correct, but how exactly it is, is a bit of confusion. Probably I'll have to rethink...
Yes see same thing here with whitelist. Yesterday it alerted to 2 apps that I allowed, and now see them in the whitelist. Those 2 are not digitally signed, and voodooshield calculated both as unsafe too. (I'm not intentionally "testing" DA with malware samples)

As for "slowdown," I suppose it depends on your computer, internet connection, and what's tolerable for user. Delay seems more noticeable here opening webpages than opening apps. I wonder if delay also depends on DA cloud server load. Delay opening apps seems a little variable.
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
As for "slowdown," I suppose it depends on your computer, internet connection, and what's tolerable for user. Delay seems more noticeable here opening webpages than opening apps. I wonder if delay also depends on DA cloud server load. Delay opening apps seems a little variable.
I haven't noticed any 'noticable' browsing slowdowns with DA. Maybe it's observed by ones having low network speed.
DA communicates with cloud taking very less bandwidth and sends very small fragments of data everytime. So this one shouldn't be the cause of slowdown for sure.
Delay opening apps? Sure. But not comparable to VDS :)
 

Wingman

Level 4
I also have delays when opening webpages and provided some feedback as it initially it blocked valid windows system file with 100% confidence.

Anyone knows if the program would automatically update or should we download the latest version from the website ?
 
D

Deleted member 178

View attachment 147325
This is how it's stored. No whitelisting available in GUI.
It whitelists many files automatically and the others in the whitelist are the ones that the user 'allows' during the threat alerts.
The GUI has 'restore' and 'ignore' options on detected threats though.
The csv file (whitelist file) visible in pic is inside the whitelist folder.
so i can add my files in the whitelist by editing the CSV ? look like colum A are hashes , are they?
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
so i can add my files in the whitelist by editing the CSV ? look like colum A are hashes , are they?
I doubt if we can manually add entries in the whitelist CSV by acquiring its lock (if any).
If that's possible, DA would be vulnerable to tampering by malicious programs too right?
Though it won't currently be targeted by malware, that would be risky and the folks at SparkCognition won't allow that I believe.

I do not have DA installed currently. Will reinstall in some time, try to edit and feedback here.
Yes, the other column stores the MD5 hash of files.
 
Status
Not open for further replies.
Top