ABTRUSION PROTECTOR

Publié le par kareldjag aka michel


Abtrusion Protector free personal edition:



It's now an "old" product which has not been updated since 2 or 3 years.

The primary benefict of this product is the ability to recognize and certify files with strong hashes algorithms (MD5, SHA-1).

During the installation, all Win32 files (exe, dll, sys etc) are recorded and integrated in a database.

That's why the set up can take more than 2 hours if the system restore is enabled.

Here is some screenshots








TESTS:



*** Execution control with Leaktests:



 

Copycat, DNSTester and Ghost are not allowes to run because they're not recognized by Abtrusion Protector (the leaktests are run from a floppy disk as unknow executables).

AP is the winner.



***Process termination:



Abtrusion is easily terminated and suspended (with ProcX).

It's unnecessary to use hard methods.

But if Abtrusion Protector Monitor was killed, the service is still working, and the systems is then protected.

I consider that AP failed because it can't protect itself against this attack.




***Dll implant/injection in a process:


Abtrusion Protector was not able to prevent the injection.

AP failed.



***Process hijacking:



Abtrusion Protector failed.




***API Manipulation:



Another instance of AP can be launched with APISpy: Abtrusion failed.



***Registry tests:



With maximum rules:



-RegTest: Abtrusion failed on test 1 and 2.


-Scoudrel Simulator: AP prevents installations of new programs without the user's permission.


Abtrusion Protector has registry protection features, not in real time, but just after a reboot.


I consider that AP failed against Registry tests.


Commenter cet article