DriveSentry 3.1 Review – Install, Configuration and Prevention

Last night I reviewed one of my favorite applications…DriveSentry 3.1

DriveSentry is a FREE (yes, free) HIPS based application and uses what they call “TRI-Security Malware Protection” which is basically:

  • Whitelisting – A list of 40,000 + known safe applications.  Since these applications are already proven safe the user is spared the question…”is this application safe to run”.
  • Blacklisting – A signature database of over 2 million malicious applications.
  • Behavior Analysis – Allows drive sentry to question and stop processes that appear to modify the operating system in a malicious manner.

So far DriveSentry has blocked every single threat (about 20 now) with complete ease (and I mean ease…just click the deny button).  DriveSentry uses about 19 MB of RAM and no noticeable processor time (on my pc).

So are there any downsides?  Yes, there are.  DriveSentry asks a fair amount of “is this safe to run” type questions.  Of course this is no big deal to me, but to a novice this can negate the power of this awesome application with one wrong answer.

Why?

Because novices run everything! DriveSentry needs to put a MAJOR focus on identifying legit applications for their whitelisting database if they want to break into the consumer market at a faster and more successful rate.

On a personal note – DriveSentry is currently my second favorite application (right behind DefenseWall).  I’ll be using DriveSentry for a few of my clients tomorrow.  I’m planning on having the users run their PC like they do on a normal day.  I’m sure DriveSentry will ask us if it’s OK to run a few apps here and there.  Once we have our modified whitelist set the client should be good to go.  If they get further DriveSentry questions they can just call me.

Part 1

httpv://www.youtube.com/watch?v=A5Bu7PskAnI

Part 2

httpv://www.youtube.com/watch?v=E7Ew307X9zY

Part 3

httpv://www.youtube.com/watch?v=ejW4kAPlBAY

Personal Test

httpv://www.youtube.com/watch?v=sl0RwDiYbts

, , , , , , , , ,

44 Responses to DriveSentry 3.1 Review – Install, Configuration and Prevention

  1. Ping December 13, 2008 at 5:39 am #

    FREE?! I thought it costs money! Wow.

  2. Mike December 13, 2008 at 5:42 am #

    19meg of ram? Every time I try it (different pcs), it is about 90 meg. If I could get it under twenty I would probably keep using it.

  3. Trey December 13, 2008 at 5:52 am #

    i was wondering if you could test out the on demand scanner on this to see how well it works at removal. also do you know of any hips system that works on x64? i really want to use this but its 32bit only.

  4. burt December 13, 2008 at 10:48 am #

    Can this program be used in combination with Avast Antivirus?
    Is there protection for Outlook?

  5. Dieselman December 13, 2008 at 11:38 am #

    Is this safe to use along side NIS 2009?

  6. 927 December 13, 2008 at 12:11 pm #

    rigt now DS use 13 mb (VM is 54 mb)on my pc (xp pro 1 gb ram)

    looks like the the update server is down since friday at 4:15 PM. maybe they shut it down on weekends :/

  7. Bryan December 13, 2008 at 3:44 pm #

    Just thought I'd pass along the fact that when I tried to install DriveSentry it detected my AVG Antivirus and "suggested" that I uninstall AVG before continuing with the installation.

  8. h47x December 13, 2008 at 5:42 pm #

    I'm also wondering if it can be run along with NIS 2009

  9. robin December 13, 2008 at 6:23 pm #

    im using it along side with avira and it works fine:)

  10. burning_chrome December 13, 2008 at 6:50 pm #

    Great videos Matt.

    Just one request: Could you provide downloadable screenshots (or perhaps a PDF compilation of screenshots) for the key steps shown during the Install/Configure portions of the products you review?

    I tried out Drive Sentry a while back and loved it, but I have one question: where does the main company for Drive Sentry get the funding necessary for product research and development? I don't see a "premium" pay-ware version on the website unlike every other anti-virus freeware program (Avast, AVG, Avira, etc.) currently available.

  11. bobicool December 13, 2008 at 11:56 pm #

    you should try threatfire! from pctools!!!!!

    I want to see the results

  12. bobicool December 13, 2008 at 11:56 pm #

    I would love

  13. 927 December 14, 2008 at 1:38 am #

    after 30 days have to download updates manually, or something like that. if you pay the trickle updates continue. there is a large icon in the app called upgrade

  14. f December 14, 2008 at 1:49 am #

    thats lame if we have to download manully

    but

    its kindy annoyong, and you said you used it at work??

    so much for the non-commercial part

    are you reviewing threatfire?

    thanks

  15. burning_chrome December 14, 2008 at 4:07 am #

    Thanks for the info on the manual update/Upgrade info bob; I honestly didn't remember it from testing DriveSentry back in early 2007.

  16. Matt December 14, 2008 at 4:46 am #

    Just a heads up – I tried to use this alongside my existing antivirus and it completely locked up the machine making it almost unusable.

    I had to boot into safe mode, remove drivesentry, reboot into normal mode,remove my existing antivirus then reinstall drivesentry. Now all is fine.

  17. f December 14, 2008 at 5:32 am #

    this does work with my old antivirus, its just that drive sentry cries about avast and avira..

    it spams me with popups

  18. f December 14, 2008 at 5:39 am #

    pcmag gives drivesentry a really bad rating

    i know its for v2.1, but it really really sucked at one point

  19. M December 14, 2008 at 9:32 am #

    well pc mag suck at reviewing they actuAally gave avira and bitdefender the same rating as drivesentry…….plus watching reviews on videos is much better

  20. robin December 14, 2008 at 9:52 am #

    Realy, i haven't seen one popup by drivesentry about avira so far..

  21. 927 December 14, 2008 at 10:21 am #

    i used avg pro 8 with DS without any problems for a couple of hours. then i realized i dont need any AV after i tested DS by visiting a lot of crack sites, DS moved files from temporary internet files to quaratine.

    – it took forever to update to 100%

  22. Bryan December 14, 2008 at 2:41 pm #

    Just an update…

    Apparently my aborting the DS installation (wanted to think about their suggestion to uninstall AVG antivirus) did no good. The next time I booted up the computer DS started running even though I'm sure I clicked on "Cancel the installation" instead of "Finish….".

    The good news is that AVG, DS, and Comodo firewall all seem to be getting along.

  23. Jimmy James December 14, 2008 at 3:33 pm #

    DriveSentry is a very good application but you only get the 'tricklefeed' updates for 30 days before you have to start paying. After that it bugs you everytime a new update is released.

    http://www.drivesentry.com/AntiVirus-new-features

  24. Jimmy James December 14, 2008 at 3:35 pm #

    I just looked on the website and the price is

    £10 = United Kingdom (inc VAT)

    €10 = EU

    $10 = USA & Rest of the World*

    *If you are outside of the USA, the cost will be the closest to $10 in local currency, depending on your credit card's current exchange rate.

    Bit unfair really because I live in the UK and it means I have to pay nearly double what you have to accross the pond… I think I'll be sticking with DefenseWall instead

  25. f December 14, 2008 at 5:48 pm #

    how far are you on reviewing threatfire 4?

    please upload/review it soon

    thanks

  26. William December 14, 2008 at 8:40 pm #

    Does DriveSentry works next to PC Tools firewall+? If I read it PDF file on the website the program is a firewall with extra features.

  27. malwarekilla December 15, 2008 at 2:11 am #

    @Ping – Yep, it's free as long as you perform manual syncs.

    @Mike – I think it peeked around 39 MB, but that's about it.

    @Trey – I am currently testing DriveSentry's detection and removal abilities. I hope to have a video up this week.

    @Burt – I'm not sure, however I don't see why it wouldn't. I've pretty much stopped using traditional signature based AV…there is just too much malware these days for signature based AV's to handle

    @Dieselman – see my answer to Burt

    @927 – yeah, I've has a few issues with their update server(s). The behavior analysis engine is more than enough, so I don't really care about the updates (that much).

    @burning_chrome – both applications have "pay options". If I get some extra time I'll throw up some screen shots for you guys.

    @Matt – Since DriveSentry is probably better than your signature based AV you've made a good choice.

    @F – You should get a few initial popups, however once your whitelist rules are created for those apps you shouldn't be asked going forward

    @927 – I agree. DS is flat-out amazing at blocking anything malicious so I just ditched my AV.

    @Jimmy James – I'm gonna subscribe to trickfeeds…it's well worth the cost. If you already have DefenseWall then just stick with that. Nothing is better than sandboxing.

    @F – I'm done with ThreatFire, I just need to make the video.

    @William – It should, judging from what others are saying.

  28. burning_chrome December 15, 2008 at 3:43 am #

    Any plans to test and review Sandboxie sometime in the future as part of your malware prevention videos?

  29. f December 15, 2008 at 3:48 am #

    is threatfire 4.0 good?

    the sandboxing idea is good, but sandboxie is bad. i think the best is still vm's but sandobixie is terrible

    i dont think drive sentry is behavoir based, its lets spam the user and let them decide.

    Threatifire is real beahovior detection.

    Drive sentry should go get real behavior analsis, and be used with other signature based av

    i believe norton uses this apporch, but for some reason, it is a hog, and will make a computer like 1/32 spead.

  30. Dieselman December 15, 2008 at 4:16 am #

    Your wrong burning. NAV/NIS 2009 is extremely light. And Sandboxie isnt bad. Sandboxie is one of the best security products you can get.

  31. burning_chrome December 15, 2008 at 12:58 pm #

    That wasn't me Dieselman, the comment on NAV/NIS 2009 and Sandboxie was from "f", not me.

    Just the opposite, I use both NIS 2009 and Sandboxie and find them both extremely light and effective. Norton really reversed its bloatware trend with the 2009 line and Sandboxie just plain rocks IMO.

  32. malwarekilla December 15, 2008 at 3:07 pm #

    @Burning_Chrome (on Sandboxie) – I’ve downloaded it and played around a bit, but it seems pretty confusing and clunky. I really just need to read their help file before I give a final opinion of it.

    I’m a huge fan of sandboxing and I run defenseWall on both our home computers…it’s quiet and effective.

  33. f December 15, 2008 at 3:32 pm #

    @malwarekilla

    so you don't run spyware docter with antivirus anymore?

    you only use defense wall?

    you should still run traditional av

    but

    its your computers

    and your the pro

  34. darcjrt December 15, 2008 at 6:11 pm #

    Can you make a review of COMODO IS? I know you already have one, but on the prevention side. I use it and it works great so far but I still want to see it in action like DS!!

    Thanks

  35. M December 15, 2008 at 9:37 pm #

    matt will u do a review on ad-aware pro anytime soon……..thanks u da best

  36. 927 December 15, 2008 at 10:43 pm #

    whats going on with this app…?

    0% cpu and 8 mb, next minute its 95% cpu and 60 mb ram, its not updating! this happens even if trickle is unchecked

  37. Dave December 16, 2008 at 9:49 pm #

    Wow, this looks great. Does it prevent hackers and network intrusion>? Maybe I should use google before asking 😉

  38. Dieselman December 17, 2008 at 1:46 am #

    Matt come on now. Sandboxie confusing. Just install it and use it. I only use it on demand but the services are running. Right click on Firefox and select "Run Sandboxed". When your done just empty the Sandbox via CCleaner custom cleaning. There is no special configuration needed for Sandboxie.

  39. h47x December 17, 2008 at 6:52 am #

    To Dave:

    You will probably still need to have a firewall installed in order to prevent hackers.

  40. burning_chrome December 17, 2008 at 12:43 pm #

    Any plans to undertake a sandbox prevention shootout between Sandboxie, GeSWall, SafeSpace, and BufferZone?

    We already have your verdict on DefenseWall of course and I’m leaving out Greenborder since Google bought it out and now uses it as part of their Chrome browser.

  41. Brad January 9, 2009 at 8:23 am #

    I tried installing DS on my Vista SP1 computer and I got this:

    —————————
    DriveSentry
    —————————
    DriveSentry requires the Filter Manager please install the latest Service Pack for this Operating System.
    —————————
    OK
    —————————

    Any ideas? It didn’t install it as far as I can tell. It next went to the install dialog box after that and said it was finished, but I can’t find a directory for it, nor is it listed in “Uninstall or change a program” in Control Panel.

    Thanks for any help.

    Brad

  42. Brian April 11, 2009 at 3:48 am #

    Hey Matt..you said you only use this software on your work pc and my question is: What about protecting your network and ports? What about network attacks? This program doesn’t have a firewall or a network attack blocker. Is that not needed? Thanks

  43. Balaji Pooruli June 30, 2009 at 8:59 pm #

    Can you test drivesentry by clicking “Allow” for the fake urls? I would like to see whether drivesentry automatically quarantines a threat when its behavior becomes nasty.

    Thanks,
    Balaji.

  44. bg November 9, 2009 at 8:46 am #

    i’m hearing talk of dropping avs.pls do not
    do that,ds blocking capability is not in question,but i do question its removal abilities.at least keep an av for on demand
    scanning.
    antivir free
    drivesentry(tell ds antivir is a safe prog.)
    windows firewall
    advanced system care free
    glarys(for 2 apps missing on asc free)
    ccleaner
    and i use free online scans to pinpoint possible infections when paranoia sweeps over me.results no infections

Leave a Reply