I am Back! AntiTest.exe Comments

Hello again everyone!

Haven’t been in these CIS forums in a while. I installed NIS2011 on XP SP3 on a new build PC last Oct… Got sucked in by the cheap retail price of the 3 PC version. All I can say about NIS is the firewall is a POS, plain and simple. Rest of the package is OK but still bloated.

Anyway, I just installed WIN 7 Prem. x64 on another HDD on this PC as a dual boot setup. Installed Avast 6.0 which is a pretty slick freebie I must say. I also installed CIS a couple of days ago and it was auto updated yesterday to the latest ver. Wow!! - is all I can say. What an improvement from the ver. 4 days.

Installed CIS Firewall in default config. Both firewall and Defense+ running in safe mode. Sandboxing is set on and set to limited. Network option set to Stealth ports. Appears to be working just fine from the few test I have done to date. I also changed Defense+ Monitoring Settings to turn on the Computer Monitor and Keyboard settings. So far no conflicts with Avast or anything else. Knock on wood! BTW - I haven’t done anything firewall rule wise although I am somewhat of a “rules jockey.”

Anyway, I downloaded SpyShelter’s AntiTest.exe to check keylogging and screen monitoring primarily. Ran in the sandbox with limited priviledges. CIS passed all the keylogging tests aand most of the sceen capture tests. I think it failed the last two screen tests on both lines. It also failed the clipboard test - I think. I copied something to the clipboard and didn’t get any alerts from CIS put I coulldn’t paste anything. CIS also failed the sound test. i didn’t run the web cam test. Not bad results overall.

Anyway to improve this short of setting a full Defense+ Proactive config. which I don’t want to do - too many alerts from past experience?

Hello :slight_smile: Welcome Back!

Can you post a screenshot of your Defense+ Events?

Regards

BTW - vampire.exe is GRC leaktest. Defense+ nailed that before it could even start.

[attachment deleted by admin]

Could you try again; this time don’t sandbox the test application

and Make sure everything is check in monitor settings in Defense+ Settings

Slightly better this time but not a whole lot.

I disabled sandboxing as you requested. [Edit] Running Defense+ as Limited.

It caught all keylogging attempts.

It failed screen capture tests 4a, 5a, 4b, and 5b. The program hung on test 6 and I had to terminate it and start again.

Looks like it failed the clipboard test again. Hook was installed and I was able to copy to clipboard. I tried to paste into the AntiTest window but nothing happened?

It passed both registry tampering tests. Remaining tests in that section not allowed for x64 OS.

Attached is the Defense+ events from the test.

[attachment deleted by admin]