Dani Santos

From Xvirus
Developer
Verified
This is the roadmap for the new version of Xvirus. It will take time to develop because i want it bug free. Please help suggesting features or beta testing when the beta is out. I will update this thread frequently. :)

Roadmap:
1-Right click scan (done)
2-"Delete all" button bug (fixed)
3-Whitlist(done)
4-Usb guard improvement(working now)
5-behavior guard improvment(need suggestions)
6-File guard improvements(need suggestions)
7-More settings(need suggestions)
8-Heuristics
9-Cloud community detection
10-Gui bug fixes
11-Improve current tools vs new tools or both?
12-New alert GUI?(yes or no)
13-Self protection and encryption(by dubseven)
14-Url filtering(by malware test)

Feel free to suggest new things to add on the new version. :)
Thanks for reading
 
Last edited:
M

MalwareT

I'll suggest you to add these features (if it's possible):
-Vulnerability scanner
-Url filtering (it includes phishing)
-Self protection
-Firewall
-Maybe sandbox
-HIPS

Thanks in advance :)
 

Dani Santos

From Xvirus
Developer
Verified
I'll suggest you to add these features (if it's possible):
-Vulnerability scanner
-Url filtering (it includes phishing)
-Self protection
-Firewall
-Maybe sandbox
-HIPS

Thanks in advance :)
Thanks for the suggestions.
1) Ill take a look at that
2) I still have to study chrome and firefox i can only get it working with internet explorer
3)now on roadmap :)
4)we already have one(Xvirus Personal FIrewall)
5)I made one, but i have to improve it because it is very easy to bypass.
6) We prefer behavior blocker, hips makes too many alerts
 
  • Like
Reactions: MalwareT

Cowpipe

New Member
Some basic 'read only' behavioural analysis using API hooking (with necessary restrictions, for example, no access to other processes, no driver loading, no internet access etc)

If you're still programming in .NET, remember to obfuscate the source-code as .NET include a huge amount of metadata which can be decompiled back to a reasonably understandable source-code . There are many techniques to do this manually but the simplest way is to get a tool to do it for you (dotfuscator for example).

Be very careful about falling into the trap of 'crypting' your binary files, this will automatically annoy your users as they will now be utilising the same tools as malware, leading antivirus companies to detect your software as malicious.
 
Last edited:
  • Like
Reactions: Dani Santos

Dani Santos

From Xvirus
Developer
Verified
Some basic 'read only' behavioural analysis using API hooking (with necessary restrictions, for example, no access to other processes, no driver loading, no internet access etc)

If you're still programming in .NET, remember to obfuscate the source-code as .NET include a huge amount of metadata which can be decompiled back to a reasonably understandable source-code . There are many techniques to do this manually but the simplest way is to get a tool to do it for you (dotfuscator for example).

Be very careful about falling into the trap of 'crypting' your binary files, this will automatically annoy your users as they will now be utilising the same tools as malware, leading antivirus companies to detect your software as malicious.
Thanks im working on that. And i got a sandbox working it blocks and logs the files action on filesystem and registry, but im trying to make the file running inside the sandbox instead of blocking all the actions
 
  • Like
Reactions: Cowpipe

Cowpipe

New Member
Thanks im working on that. And i got a sandbox working it blocks and logs the files action on filesystem and registry, but im trying to make the file running inside the sandbox instead of blocking all the actions
API hooking is a good start. Redirect the API calls, so a 'write' command to "C:\Windows\System32\eyioiyw.dll" redirects to "C:\Sandbox\C\Windows\System32\eyioiyw.dll" - and any calls to that path are also redirected etc. Block memory writes for now, just monitor them so you can detect suspicious writes (eg: writing to another process)
 
Last edited:
  • Like
Reactions: Malware1

WinXPert

Level 24
Trusted
Malware Hunter
Verified
This is the roadmap for the new version of Xvirus. It will take time to develop because i want it bug free. Please help suggesting features or beta testing when the beta is out. I will update this thread frequently. :)
Count me in for testing
 
  • Like
Reactions: Dani Santos

Dani Santos

From Xvirus
Developer
Verified
API hooking is a good start. Redirect the API calls, so a 'write' command to "C:\Windows\System32\eyioiyw.dll" redirects to "C:\Sandbox\C\Windows\System32\eyioiyw.dll" - and any calls to that path are also redirected etc. Block memory writes for now, just monitor them so you can detect suspicious writes (eg: writing to another process)
But how do i get that dll inside the sandbox? I got it working to make it create files inside the sandbox, the problem is make it reading and writing files from out the computer inside the sandbox