Page 1 of 1
CrowdInspect malware detection tool
Posted: Tue Jan 19, 2016 9:19 am
by __philippe
Rob Keir's malware detection tool
CrowdInspect is now at version 1.0.0.3 (released 13-JAN-2016)
(Tool formerly briefly mentioned on PFC here)
Size (uncompressed) : 500kB
Category: Security - Malware Detection
System Requirements: WinXP / Vista / Win7 / Win8
Writes settings to: na
Stealth: ? Yes
License: Free for personal use
How to extract: Download the zip file to a folder of your choice, extract and execute CrowdInspect.exe.
CrowdInspect is a free professional grade tool for Microsoft Windows systems from CrowdStrike aimed to help alert you
to the presence of malware and in particular malware that communicates over the network that may exist on your computer.
It is a host-based real-time monitoring and recording tool utilizing multiple sources of information to detect untrusted or malicious network-active processes.
Full product description and functionalities here:
http://www.crowdstrike.com/blog/free-co ... index.html
__philippe
Re: CrowdInspect malware detection tool
Posted: Tue Jan 19, 2016 10:28 am
by I am Baas
Thanks for the mention
Requires admin rights to run.
Runs on both 32 bit and 64 bit versions of Windows from XP and above.
Re: CrowdInspect malware detection tool
Posted: Tue Jan 19, 2016 11:40 am
by __philippe
Don't mention it...
__philippe
Re: CrowdInspect malware detection tool
Posted: Thu Feb 16, 2017 5:42 am
by __philippe
CrowdInspect 1.5.0.0 released 14-FEB-2017
Download:
https://www.crowdstrike.com/resources/crowdinspect/
Product details:
https://www.crowdstrike.com/blog/free-c ... wdinspect/
This new release resolves a long-standing issue formerly preventing access to Virus Total data base.
By default,
CrowdInspect displays VT results as one overall security indicator score
for every process name listed.
A new option allows to query VT for extensive details about
a specific suspicious process name, at a maximum rate of 4 checks per minute.
This new option requires providing a Personal VT API key, which can be obtained free of charge.
(
CrowdInspect's VT query functions tested OK under Win7; do not seem to work under XP.)
Small annoyance: the new 1.5.0.0 release introduces a fleeting adware for CrowdStrike's "Falcon Prevent" antivirus product.
Thankfully, the ad can be summarily dismissed manually, or will disappear on its own after 5 seconds.
Re: CrowdInspect malware detection tool
Posted: Thu Feb 23, 2017 3:01 am
by __philippe
Couple of recent reviews about CrowdInspect 1.5.0.0 :
Re: CrowdInspect malware detection tool
Posted: Sat Feb 23, 2019 5:59 am
by __philippe
CrowdInspect v1.6.0.0 released 05-NOV-2018
•
CrowdInspect Download
•
Product details
Code: Select all
C:\>dir CrowdInspect*.exe
05/11/2018 19:40 1,368,576 CrowdInspect.exe
23/02/2019 12:56 606,376 CrowdInspect32.exe (self-extracted after 1st run of distro PE)
C:\>sigcheck CrowdInspect.exe:
Verified: Signed
Signing date: n/a
Publisher: CrowdStrike
Company: CrowdStrike, Inc.
Description: CrowdStrike Enhanced Process And Network Status
Product: CrowdInspect
Prod version: 1.6.0.0
File version: 1.6.0.0
MachineType: 32-bit
v1.6.0.0 Changelog:
• Added "Local Host" and "System" processes enumeration options
• Configuration panel ("About" tab) now includes colored threat indicators nomenclature
• Detailed Threat Analysis now provided by
www.hybrid-analysis.com instead of VirusTotal
CrowdInspect malware detection tool
Posted: Mon Nov 08, 2021 2:32 am
by __philippe
CrowdInspect v1.7.0.0 released 11-MAR-2021
CrowdInspect Download
Note
The tool runs on both 32 bit and 64 bit versions of Windows from XP* and above.
Following crowdinspect.exe first execution, a 32-bit or 64-bit executable is generated, according to the underlying CPU.
Terse changelog (from exchange with developer)
•
"Better protection from DLL hijacking (placing a DLL used by the application in the application’s directory or directory path) - no feature changes or additions"
Code: Select all
C:\>dir crowdinspect*.exe
11/03/2021 22:47 1,492,776 CrowdInspect.exe
07/11/2021 23:20 653,096 CrowdInspect32.exe
Code: Select all
C:\>sigcheck CrowdInspect.exe:
Sigcheck v2.30 - File version and signature viewer
C:\CrowdInspect.exe:
Verified: Signed
Signing date: n/a
Publisher: CrowdStrike
Company: CrowdStrike, Inc.
Description: CrowdStrike Enhanced Process And Network Status
Product: CrowdInspect
Prod version: 1.7.0.0
File version: 1.7.0.0
MachineType: 32-bit