This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Trident
Contributor
3 weeks ago

Well let this be my first post.

I'd like to see the following improvements:

  • Improved Application Control, so we can better harden systems manually (yes, I do use it for that). For example, it would be great to have "Parent Process" option so we can block calls from LOLBin to LOLBin. In fact, consider what other improvements you can implement to aid system hardening. Perhaps some operands in command lines, like "+". For example, command line contains "C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" + ".exe". You get the idea.
  • Performance improvements  - for example the UI is not GPU-optimised and draws quite a lot of CPU time. I noticed during a scan, the UI draws more CPU than the scanning process itself.
  • UI Improvements - some alerts include way too much text - example, malware detected by file reputation. Consider shortening some alerts or formatting them better, using different font weights instead of just one, for better readability. 
  • Consider using generative AI to enhance Threat Emulation reports with a malware write up - sort of like an analyst has written it. 
  • EFR improvements: upon cleaning malware, blank folders are sometimes left behind.
  • EFR/ E2 Improvements: When DHS-compliant engine detects malware, it sometimes generates 2 detections. One for the actual file and one for the browser cache. The browser cache is reported as "not cleaned" and machine status changes to "Infected" until a reboot. Consider fixing that.
  • EFR: I am not seeing any registry entries being deleted as part of malware cleanup and sometimes, startup items are left behind. I am sure registry is being monitored, after all you have a whole kernel driver for this purpose, but not sure why registry entries as part of attacks are not being cleaned up. Consider boosting the cleanup process.
  • NGAV - have you considered developing an engine that can analyse scripts in pre-execution phase on-machine, when they've been introduced locally, for example on a flash drive (not emulated)? Documents, executables and DLL files are covered, but scripts aren't and E1 is going away, E2 according to support is ran with Dynamic Analysis off, so I see a little gap here.

I can think of many improvements more, but I'll stop here for now 😊

 
(1)
Who rated this post