Monday, March 12, 2007

events tab

Here is a snapshot from events tab of new GUI. It is not complete yet.
("More options" is not shown cause i'm still working on it, it should display details about the selected event.)

This snapshot shows a log from NG protection against spt.exe, NG protects against all kind of attacks. APT tool by diamondcs is also completely covered in the new NG version, so NG will provide the same kind of defense against process termination as ProcessGuard.

Note that window is horizontally resizable, so user can see all columns without scrolling.

Please feel free to send your suggestions to me.


Thanks to MaB69 for his suggestions, here is answers which may help other people learn about NG.

Maintenance task to delete rules related to non existant executables

the non-existent executables will stay in database but not shown for configuration, this way the application permissions will be available if the same executable executed again.

Self protection for the service and in case of attack, the service could relaunch the UI process
In the new NG UI will be shown by client (executed as user login) and it is protected against termination.

Hidden files/process detection
It is something which will be done by root-kits after they load into kernel, althought it is possible to detect hidden files/process in some cases but it is not possible to control a kernel-mode driver as it already had the highest possible access to system.

More Registry keys monitoring ( like IE settings or system settings (regedit actived/disabled))
It is easy to add more keys but currently the work is just too much for me. Thanks it will be in future versions.

Keylogging detection (GetKeyState, GetAsyncKeyState and DirectX request interception)
New NG protects against all kind of keylogging except DirectX, which till now I was unable to find a way to filter it. If anyone knows any technical details about inner work of this function contact me.