Xvirus Personal Guard 5.0 roadmap

Status
Not open for further replies.

Dani Santos

From Xvirus
Thread author
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
This is the roadmap for the new version of Xvirus. It will take time to develop because i want it bug free. Please help suggesting features or beta testing when the beta is out. I will update this thread frequently. :)

Roadmap:
1-Right click scan (done)
2-"Delete all" button bug (fixed)
3-Whitlist(done)
4-Usb guard improvement(working now)
5-behavior guard improvment(need suggestions)
6-File guard improvements(need suggestions)
7-More settings(need suggestions)
8-Heuristics
9-Cloud community detection
10-Gui bug fixes
11-Improve current tools vs new tools or both?
12-New alert GUI?(yes or no)
13-Self protection and encryption(by dubseven)
14-Url filtering(by malware test)

Feel free to suggest new things to add on the new version. :)
Thanks for reading
 
Last edited:
M

MalwareT

I'll suggest you to add these features (if it's possible):
-Vulnerability scanner
-Url filtering (it includes phishing)
-Self protection
-Firewall
-Maybe sandbox
-HIPS

Thanks in advance :)
 

Dani Santos

From Xvirus
Thread author
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
I'll suggest you to add these features (if it's possible):
-Vulnerability scanner
-Url filtering (it includes phishing)
-Self protection
-Firewall
-Maybe sandbox
-HIPS

Thanks in advance :)
Thanks for the suggestions.
1) Ill take a look at that
2) I still have to study chrome and firefox i can only get it working with internet explorer
3)now on roadmap :)
4)we already have one(Xvirus Personal FIrewall)
5)I made one, but i have to improve it because it is very easy to bypass.
6) We prefer behavior blocker, hips makes too many alerts
 
  • Like
Reactions: MalwareT

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Some basic 'read only' behavioural analysis using API hooking (with necessary restrictions, for example, no access to other processes, no driver loading, no internet access etc)

If you're still programming in .NET, remember to obfuscate the source-code as .NET include a huge amount of metadata which can be decompiled back to a reasonably understandable source-code . There are many techniques to do this manually but the simplest way is to get a tool to do it for you (dotfuscator for example).

Be very careful about falling into the trap of 'crypting' your binary files, this will automatically annoy your users as they will now be utilising the same tools as malware, leading antivirus companies to detect your software as malicious.
 
Last edited:
  • Like
Reactions: Dani Santos

Dani Santos

From Xvirus
Thread author
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
Some basic 'read only' behavioural analysis using API hooking (with necessary restrictions, for example, no access to other processes, no driver loading, no internet access etc)

If you're still programming in .NET, remember to obfuscate the source-code as .NET include a huge amount of metadata which can be decompiled back to a reasonably understandable source-code . There are many techniques to do this manually but the simplest way is to get a tool to do it for you (dotfuscator for example).

Be very careful about falling into the trap of 'crypting' your binary files, this will automatically annoy your users as they will now be utilising the same tools as malware, leading antivirus companies to detect your software as malicious.
Thanks im working on that. And i got a sandbox working it blocks and logs the files action on filesystem and registry, but im trying to make the file running inside the sandbox instead of blocking all the actions
 
  • Like
Reactions: Cowpipe

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
Thanks im working on that. And i got a sandbox working it blocks and logs the files action on filesystem and registry, but im trying to make the file running inside the sandbox instead of blocking all the actions

API hooking is a good start. Redirect the API calls, so a 'write' command to "C:\Windows\System32\eyioiyw.dll" redirects to "C:\Sandbox\C\Windows\System32\eyioiyw.dll" - and any calls to that path are also redirected etc. Block memory writes for now, just monitor them so you can detect suspicious writes (eg: writing to another process)
 
Last edited:
  • Like
Reactions: Malware1

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
This is the roadmap for the new version of Xvirus. It will take time to develop because i want it bug free. Please help suggesting features or beta testing when the beta is out. I will update this thread frequently. :)

Count me in for testing
 
  • Like
Reactions: Dani Santos

Dani Santos

From Xvirus
Thread author
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
API hooking is a good start. Redirect the API calls, so a 'write' command to "C:\Windows\System32\eyioiyw.dll" redirects to "C:\Sandbox\C\Windows\System32\eyioiyw.dll" - and any calls to that path are also redirected etc. Block memory writes for now, just monitor them so you can detect suspicious writes (eg: writing to another process)
But how do i get that dll inside the sandbox? I got it working to make it create files inside the sandbox, the problem is make it reading and writing files from out the computer inside the sandbox
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top