Tag Archives | behavior analysis

DriveSentry 3.1 Review – Install, Configuration and Prevention

Last night I reviewed one of my favorite applications…DriveSentry 3.1

DriveSentry is a FREE (yes, free) HIPS based application and uses what they call “TRI-Security Malware Protection” which is basically:

  • Whitelisting – A list of 40,000 + known safe applications.  Since these applications are already proven safe the user is spared the question…”is this application safe to run”.
  • Blacklisting – A signature database of over 2 million malicious applications.
  • Behavior Analysis – Allows drive sentry to question and stop processes that appear to modify the operating system in a malicious manner.

So far DriveSentry has blocked every single threat (about 20 now) with complete ease (and I mean ease…just click the deny button).  DriveSentry uses about 19 MB of RAM and no noticeable processor time (on my pc).

So are there any downsides?  Yes, there are.  DriveSentry asks a fair amount of “is this safe to run” type questions.  Of course this is no big deal to me, but to a novice this can negate the power of this awesome application with one wrong answer.


Because novices run everything! DriveSentry needs to put a MAJOR focus on identifying legit applications for their whitelisting database if they want to break into the consumer market at a faster and more successful rate.

On a personal note – DriveSentry is currently my second favorite application (right behind DefenseWall).  I’ll be using DriveSentry for a few of my clients tomorrow.  I’m planning on having the users run their PC like they do on a normal day.  I’m sure DriveSentry will ask us if it’s OK to run a few apps here and there.  Once we have our modified whitelist set the client should be good to go.  If they get further DriveSentry questions they can just call me.

Part 1


Part 2


Part 3


Personal Test


Continue Reading · 44

What Makes a 5 Star Anti-Malware Application

I’ve received a lot a questions on how i determine what a 5 star anti-virus is.  Below are the 5 criteria I use:

1.  Does it remove general malware:
-like viruses, trojans and rootkits

2.  Does it remove rogueware like:
-Rogue Anti-Malware

-Rogue Anti-Privacy

3.  Does it detect and remove adware


-Does it remove the majority of adware

-Does it remove adware protection agents (which prevent adware removal)

4.  Does it work in safemode

-will it load in safemode

-will it scan in safemode

-can I update it in safemode

-can I remove malware in safemode

5.  Does it have a high detection rate both via static virus definitions and heuretics (behavior analysis)

Continue Reading · 0