xVirus Personal Firewall - a Review

Discussion in 'Reviews and Tests' started by Der.Reisende, Aug 26, 2017.

  1. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    Dear reader, welcome to my xVirus Firewall Pro review. I hope you brought some time, as this one will go into detail. Enjoy!

    ================================================================================
    Official website: https://xvirus.net/xvirus-personal-firewall (English)
    Status: Stable (reviewed version: v4.5.0.0)
    Name of Software/Product: xVirus Personal Firewall Pro

    Support:
    https://xvirus.net/contact (plain web form, with captcha against spamming)

    You will also find the developer of the product (Dani Santos) on the main Security forums like as MT and Wilders. Feel free to PM him, to my experience, he answers quite fast.
    ==================================================================================

    Act I: Technical overview


    Advantages:
    + System impact is low
    + constantly improving additional features (especially Memory Watcher as part of the Proactive Protection)
    + Userfriendly GUI
    + multilingual (14 languages)
    + low priced, with some bonuses for customers --- one time purchase, life-time license
    + manually controlled Anti-Ransomware Vault (can be used to restore „backupped“ files after a Ransomware attack)
    + Ransom Watcher (will shut down Ransomware services once bait files get attacked
    + quite paranoid unknown process protection (Memory Watcher)
    + easy to understand notifications, user decisions are kept until removed from Black-/Whitelist
    + Minimum requirements for 3rd party software:.NET Framework 4 (preinstalled on Win 10)
    + fully compatible to Windows Firewall
    + paranoid outbound connections control: notifies even for trusted (but hijackable) services unless already whitelisted by user
    + presets some important Windows Services on the Whitelist
    + Black-/Whitelist easy to reach and to edit
    + Auto-Mode (Low and High settings) - excluded from the review as not personally tested
    + Developer is always open to feedback, some reported issues have been fixed lightning fast
    + Makes use of it’s own AI to calculate threat level of running files (Memory Watcher module)

    Disadvantages:
    - Cloud Check feature isn’t really useful yet (the database is probably pretty small)
    Note: Please keep in mind that the product is developed rapidly fast, by one single dev.!
    - No trial versions yet available (request sent to developer, will be there in future for sure)
    - might give a bit higher warnings for unknown / AI rated „dangerous“ but legit software - no big deal, just make sure to double-check before you whitelist

    Bottom Line:
    In the following review, I will try to provide an unbiased review of above mentioned, paid Firewall solution, I’ve been using for about a month now. Please take my review with a grain of salt, other users might not come across the issues I had or weight Pro’s and Con’s other than I do. My review will focus on the ease of use of the product and the test against 0-day samples. For this, I will do a comparison between the free version and
    the reviewed here Pro version, which has some useful features on top, making it a Firewall+.

    This review is not meant to cover every possible setting in the product, but shall give a recommended, most of the time proven setup oriented on everyday use (of course, Malware testing was done and should only be done in an contained environment!).

    Feel free to add your opinion / to make me aware of possible errors in the review.

    I will also not recommend an Anti-Malware (Anti-Virus) solution to run alongside this firewall, as this is a most personal decision. Users need to weight up level of protection (the more aggressive, the more false positives (FP) can occur), system impact, ease of use and the price. Every solution has it’s drawbacks.

    According to the developer, xVirus products should work flawlessly alongside most AV/AM.

    As always: Be sure to always have some external backup, not connected to your machine permanently!

    Protection: 4.5 / 5
    Usability: 5 / 5
    User Interface: 5 / 5
    CPU/RAM/Storage: Low Usage
    Performance: Low Impact
    Overall Rating: Very Good - 4.8 / 5

    ==================================================================================

    Act II: Technical overview - Let's get in detail

    Homepage
    Technically well done, not cluttered homepage. I love it!

    As most of it is self explaining, let me just show you some screenshots, of the important sections.

    page_main.PNG page_products.PNG page_products2.PNG page_products3.PNG page_products4.PNG page_products5.PNG page_shop1.PNG page_shop2.PNG page_shop_redirect.PNG page_support.PNG page_awards.PNG

    Resource Usage

    Totally lightweight! While writing these lines and with Cent Browser running ~ 15-20 MB of RAM.

    RAMCPU.PNG

    GUI / Components
    The GUI is very well done, with just a handful, but all useful settings.

    Main window let’s you know the firewall is up and working, indicating in green colours and with a check icon.
    It will turn to a red x whenever there’s a problem (for example, Proactive Protection - Memory Watcher - is off).

    You will also see when xVirus Firewall Pro did check for program updates last time, you’ve access to the handy Network monitor, can trigger a manual update and finally, access the Settings part, which will be up next.

    Proactive Settings (Pro Version only):
    The Ransom Watcher module tries shutting down ransomware whenever it detects an attack (it places some bait files all over the system) and also comes with the Anti-Ransomware Vault (also in FREE version), which let’s you backup important files manually, which can be recovered just by the programme (not sure if any ransomware is able to encrypt the files inside the backup folder, pretty sure they are protected by xVirus). I had some ransomware attacks during testing, and I was always able to restore files I backupped BEFORE the encryption took place.

    As for the cloud check, it will query for information on processes running on the system. Not that useful yet, missing a big amount of data. Please remember that continious development of a great piece of software binds resources. However, IMO a great addition. Have seen it in action, in seldom cases.

    Regarding the Memory Watcher, it is already very aggressive in it’s default „Normal Mode“, make sure to try out the Paranoid Mode in a safe environment, it could conflict with legit Windows services.

    Firewall settings:
    Not many settings here, mostly related to the Automode, which is not part of my testing (I need as many popups possible to take down notes on what is happening running malware), so I can’t give you any opinion on it. I’d probably switch to High, which will give you a higher amount of messages, but full control of what is calling out.
    Remember, malware can make use of legit services too!

    General Settings:
    Self-explaining, no need to go in detail.
    Note that the „password protection“ feature (for your settings) is only available in the paid Pro version.

    Logs section:
    See what has been happening on the system (Allow / Block with Date and Time).

    Rules List:
    See your decisions, add and remove files. If you accidently (dis-)allow a service to call out, come here to check.
    Note that the software will use that rules to autodecide in future!
    Second note: There are some important presets for Windows services. Edit them if necessary.

    About:
    See the current product version and typical other information.

    Manage License:
    This button (bottom right on every page) will let you insert your lifetime subscription key.

    settings_proactive.PNG settings_firewall.PNG settings_general.PNG settings_logs.PNG settings_rules.PNG

    ==================================================================================

    Act III: The real life experience report

    Disclaimer I:
    My experiences are solely based on following custom preset:
    • Anti-Ransomware Vault contains the bait files
    • Firewall: Enable Cloud Check, Enable Memory Watcher (default settings)
    DO NOT EXPECT xVirus Firewall Pro TO NOT FAIL ON SPECIFIC SAMPLES, IT’S A CAT-AND-MOUSE GAME WITH THE BLACKHATS!

    Therefore, I appeal to every user to have a external backup, not only in case your main security product and or xVirus Firewall Pro and it's components fail to protect your data, but also due to a physical error which might lead to data loss!

    Disclaimer II:
    Due to the small number of samples used in this tests, you should take results with a grain of salt. I encourage you to compare these results with others and take informed decisions on what security products to use.

    ================================================================================


    Sample: Matrix Ransomware

    Thread:

    http://tweakbytes.com/threads/unknown-ransomware-11-08-2017.5322/

    Hybrid Analysis Report:
    https://www.reverse.it/sample/e69df...3cc31169b556b1a58ba9b536d05?environmentId=100

    Special information:
    ReverseIT / HybridAnalysis counted 266 processes in total!

    User test:
    jX6VaQFg.exe instantly triggers xVirus Firewall Pro (Suspicious program, AI rating 5/5). I decided to block the process and to delete the malware. HIT.

    run_matrix.PNG

    ================================================================================

    Sample: Zeus Banking Trojan
    Thread:

    http://tweakbytes.com/threads/zeus-banker-12-08-2017.5324/

    Hybrid Analysis Report:
    https://www.reverse.it/sample/b0b8c...f72ed95ad75a39040874aaf2225?environmentId=100

    Special Information:
    Drops and runs two files, injects to legit explorer.exe, steals personal information.

    User test:
    br.exe triggers xVirus Firewall Pro (suspicious process, AI rating 4/5). I chose to block and to delete the file. No dropped files. HIT.

    run_zeus.PNG

    ================================================================================

    Sample: Unlock92 Ransomware

    Thread:

    http://tweakbytes.com/threads/unlock92-18-7-17.5277/

    Hybrid Analysis Report:
    https://www.hybrid-analysis.com/sam...f89c4101cd3dee03e4a412bab80?environmentId=100

    Special Information:
    Triggers UAC to run legit vssadmin.exe in order to delete volume shadow copy backups.

    User test:
    naampa.exe triggers vssadmin.exe (UAC confirmed). Ransomware instantly triggers xVirus Firewall Pro (suspicious process, AI rating 5/5). I chose to block and to delete the file. HIT.

    run_u92.PNG

    ================================================================================

    Sample: BTCWare (.aleta variant) Ransomware
    Thread:

    http://tweakbytes.com/threads/btcware-aleta-18-07-2017.5276/

    Hybrid Analysis Report:
    https://www.reverse.it/sample/3462f...c91435535eae2fe66b543d2516c?environmentId=100

    Special Information:
    Fast Ransomware. Monitors for new files to target, as long as it’s process is running. At least displaying the ransom note is set to AutoRun.

    User test:
    676828.exe triggers xVirus Firewall Pro (suspicious process, AI rating 4/5). I chose to block and to delete the file. HIT.

    run_btc.PNG

    ================================================================================

    Sample: Shade Ransomware

    Thread:

    http://tweakbytes.com/threads/shade-ransomware-24-7-17.5283/

    Hybrid Analysis Report:
    https://www.hybrid-analysis.com/sam...7a44a1862bd3e6d339e012e8276?environmentId=100

    Special Information:
    Sleeps in memory for one two minutes, before the encryption process starts. Sets an AutoRun, will bypass products without boot time protection.

    User test:
    2407zx.exe triggers xVirus Firewall Pro (suspicious process, AI rating 5/5). I chose to block and to delete the file. HIT.

    run_shade.PNG

    ================================================================================

    Sample: Papras Trojan (Stealer)

    Thread:

    http://tweakbytes.com/threads/papras-trojan-17-08-2017.5340/

    Hybrid Analysis Report:
    https://www.reverse.it/sample/ff061...a3a8beb38b104426d11e34e658c?environmentId=100

    Special Information:
    Sets an AutoRun entry for file it dropped, injects to explorer.exe (not whitelisted in xVirus Firewall Pro!), injects into own processes, steals personal information!

    User test:
    10.exe triggers cmd.exe, conhost.exe and nslookup.exe. Sets AutoRun for cfgbhost.exe (outbound firewall alert blocked), injects many times to explorer.exe to call out. Neither a firewall alert (for explorer.exe) nor a Memory Watcher alert. Source file autodeletes directly after process injection. MISS.

    pap1.PNG pap2.PNG pap3.PNG pap4.PNG pap5.PNG

    Note that this is not to bash xVirus Firewall Pro, but to make users aware that nothing is bullet-proof!

    ================================================================================

    Sample: Locky Ransomware (.diablo6 variant)

    Thread:

    http://tweakbytes.com/threads/locky-variant-diablo6.5329/

    Hybrid Analysis Report:
    https://www.hybrid-analysis.com/sam...691c32b166381b34c78ff21f230?environmentId=100

    Special Information:
    Widespread ransomware.
    Formerly known by it’s extensions .osiris, .zepto, .odin, .shit, .thor, .aesir, and .zzzzz.
    Perhaps also .Jaff.
    Disappeared by Q1/2017.
    Currently resurging also as .lukitus variant.
    Distribution via phishing mails, various attachment formats.

    User test:
    jbYUF6D.exe triggers xVirus Firewall Pro (suspicious process, AI rating 5/5). I chose to block and to delete the file. HIT.

    run_locky.PNG

    ================================================================================

    Thanks @ the MTAC team for the samples!

    ==================================================================================

    Act IV: Some Final words

    Would I recommend the use of xVirus Personal Firewall Pro?

    After a one month test, it might be to early to judge, however actually being a Firewall according to it’s name, but offering additional AV-like features (Ransom Watcher, Memory Watcher, Anti-Ransomware Vault) , I’m more than impressed on how the xVirus product protected me.

    Note that any security product will fail at a certain point, however xVirus Personal Firewall Pro offers you an outstanding feature, which is the most useful in the whole soft IMHO (next to the very good outbound and process protection), called „Anti-Ransomware Vault“, described above.

    As long as a ransomware or something else does not manage to encrypt the whole PC, you should be always be able to restore your local (!) backup, at any time to any place you want it to have. The folder where the backup is stored (C:\Program Files (x86)\Xvirus Personal Firewall\vault by default) is most likely protected by xVirus Firewall.
    The files do have a .vault extension.

    vault.PNG

    Please make sure to have an external backup nethertheless.

    Me purchased 2 licenses, I first equipped my laptop with it, now my main PC also uses this software, as it has impressed me a lot the past days. I’ll continue testing the product on 0-day malware (in combination with an AntiVirus / AntiMalware solution, using AppCheck AntiRansomware Free as an additional, third layer against ransomware threats).

    However, this is not a sales review but a diary of a use in hands-on malware testing, give it a try and decide whether it fits your needs :)

    If you find errors, or just want to give feedback on this review, I warmly invite you to do so!​

    *****

    Thank you for reading!

    *****​
     
    jerzy6012.50, grr, kram7750 and 7 others like this.
  2. Google Adsense

  3. RGiskardR

    RGiskardR Malware Tester Silver Member

    Thanks for the nice review! very informative! :great::clap: I see very interesting security features in this product, being a priori "just a personal firewall" :shake:
     
    grr, fragalan, wwd and 3 others like this.
  4. guardian

    guardian Administrator Staff Member

    WOW now that is an awesome!! software review, very detailed and an interesting :read:

    :congrats:
     
    grr, fragalan, wwd and 4 others like this.
  5. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    My pleasure :) Absolutely is, and they're working flawlessly next to products not having their own firewall but using Windows Firewall fortifying instead (which is still there, even with xVirus FW being installed).

    Thank you :) Makes me happy you guys like it :)
     
    grr, fragalan, wwd and 1 other person like this.
  6. silversurfer

    silversurfer Malware Tester Silver Member

    Well done! @Der.Reisende :cool:

    I already bought this product some days ago (great offer for a lifetime license).
     
    grr, fragalan, wwd and 2 others like this.
  7. Trim

    Trim MTAC Moderator Staff Member

    Amazing review @Der.Reisende , very detailed and well explained! I especially liked the links to the tests of Xvirus. Keep up the good work! :ohno:
     
    guardian, grr, fragalan and 4 others like this.
  8. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    Thank you sir, makes me very happy you like it :)
    Will do my best ;)
     
    guardian, grr, fragalan and 4 others like this.
  9. wwd

    wwd Illustrator Silver Member

    guardian, grr, Trim and 4 others like this.
  10. jasonX

    jasonX Giveaways Moderator Staff Member

    Sorry for late reply..I am unwell..

    Der.Reisende
    ! You the man! Thanks to MTAC group again for all your hard work here!

    [​IMG]
     
    guardian, grr, Trim and 5 others like this.
  11. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    My pleasure, thanks for reading :)

    Don't worry, makes me happy you like it!
    All the best to you, get well soon!
    MTAC always at your and TBT's service :shake:
     
    guardian, grr, Trim and 3 others like this.
  12. Bala

    Bala Administrator Staff Member

    This was an amazing and informative review. Damn I now remember my review days and messing with AV suite days :p. After I moved to linux and started university never got time. But excellent mate.
     
    wwd, guardian, grr and 4 others like this.
  13. grr

    grr Board Enthusiast Member Of Month - Tweakbytes Defender Known Member

  14. jasonX

    jasonX Giveaways Moderator Staff Member

    This review was crucial to land us sponsorship! Thanks again Der.Reisende and MTAC Team!
    Just ironing out the details and we will soon have a giveaway/contest from xVirus! Stay tuned!

    [​IMG]
     
  15. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    Makes me totally happy I could help here!
    Great Giveaway chance!
     
    grr, Trim, silversurfer and 2 others like this.
  16. jasonX

    jasonX Giveaways Moderator Staff Member

    Just in the process of drafting the giveaway page for developer approval and stay tuned for it. Still have to do the gifs and all. Sorry for the delays in the giveaways as I am still unwell and recuperating.
     
    Der.Reisende, grr, Trim and 2 others like this.

Share This Page