Hello.

I recommend you take a look at http://wiki.castlecops.com/Lists_of_freeware_analysis_tools#Advanced to see some of your competitors.

http://wiki.castlecops.com/Lists_of_freeware_analysis_tools#Lists_of_autostart_locations
lists some links that might be interest to you, if you intend to be as comprehensive as possible.


Some crazy wishes

1) Is it possible to make it such that the user can choose to monitor/list any registry key or value or file/folder. This can be helpful for example, if say one became aware of a certain autostart up method involving a registry key that was missed out by the program. So instead of waiting for you to hard code it in, we could just add it, and it would display under "custom" or something.

2) Being able to temporarily "turn off" registry keys as in autoruns

3) For services and easy way to start stop them, and/or change them from auto to manual to disabled etc. Hopefully via context menu.

4) being able to load your own white list or point to another database (format should be standardised or known). There are way too many of these online resources around listing files/registry keys, but each of them uses a different standard, which is a pity, since there is no interoperationability.

5) Being able to specify some kind of antivirus of your choosing so you can right click and scan suspect files. Even better, one click and it loads up automatically to virustotal, jotti etc.

6) More powerful kill methods for process killer as well as option to delete at next reboot, terminate and delete, terminate and rename etc. See Procx for example.

Hi,

The good thing would be that RunScanner act as a front end for DB like

Castlecops
http://hashes.castlecops.com/Hashes.html (31 743 604 file hash entries including parasites (this is what we are looking for))

File Advisor File Identification
http://www.bit9.com/index.php (2 054 736 194 file hash entries without parasites (!))

My dream of the day

@+

---

Pierre (aka Terdef)
Assiste.com - ASAP

A late reply to this post, but in the next release the following will be integrated (and approved by the site owners)

Check MD5 at Bit9 fileadvisor
Check MD5 at Castlecops
Upload file for inspection to Virustotal

---

Lansweeper : free software and computer inventory

Better wait till it's finished and fully tested.

Without any further big problems, it should be finished in one or 2 weeks, but I still have 2 vista issues and a memory problem (only on windows 2000)

---

Lansweeper : free software and computer inventory

Looks amazing.

The intergretation with virustotal and bit9 are winners IMHO.

Loaded modules looks interesting, but i use Gmer, rootkit unhooker etc for that.

The interface is imho generally a improvement, the old one was a bit hard to figure out where the scan button was.

In expert mode, I was a bit confused by the point of the extra "hijack items" tab, but i see it allows you to sort without taking into account categories (O11,012 etc). So i guess it shows a more HJT! like interface..


I love the new column showing the signer and CA! Much, Much clearer.

In the old 1.0.3 there was

"none-whitelisted"
"unsigned"
"non-microsoft"

Now there is only "signed" and "non-signed"...

What happend to "non-microsoft" ?

Also i was never clear what none-whitelisted meant in the past ....

Totally confused...

Signed is clear enough to me but does it mean

1)signed by anybody? (including self-signatures)
2)or does it mean it has to be verified by trusted CA (but anyone can buy a cert from versign!)
3) or does it simply mean signed by known publishers like MS, independent of whether it is countersigned by CA...

Same thing for the old "whitelisted". Does it mean files known to be safe, whether it is signed or not?

Thanks, very clear.