CrowdInspect malware detection tool

Message

__philippe · #1 Post by **__philippe** » Tue Jan 19, 2016 9:19 am

Rob Keir's malware detection tool CrowdInspect is now at version 1.0.0.3 (released 13-JAN-2016)
(Tool formerly briefly mentioned on PFC here)

Size (uncompressed) : 500kB
Category: Security - Malware Detection
System Requirements: WinXP / Vista / Win7 / Win8
Writes settings to: na
Stealth: ? Yes
License: Free for personal use
How to extract: Download the zip file to a folder of your choice, extract and execute CrowdInspect.exe.

CrowdInspect is a free professional grade tool for Microsoft Windows systems from CrowdStrike aimed to help alert you
to the presence of malware and in particular malware that communicates over the network that may exist on your computer.
It is a host-based real-time monitoring and recording tool utilizing multiple sources of information to detect untrusted or malicious network-active processes.

Full product description and functionalities here:

http://www.crowdstrike.com/blog/free-co ... index.html

__philippe

I am Baas · #2 Post by **I am Baas** » Tue Jan 19, 2016 10:28 am

Thanks for the mention

Requires admin rights to run.

Runs on both 32 bit and 64 bit versions of Windows from XP and above.

__philippe · #3 Post by **__philippe** » Tue Jan 19, 2016 11:40 am

Don't mention it...

__philippe

__philippe · #4 Post by **__philippe** » Thu Feb 16, 2017 5:42 am

CrowdInspect 1.5.0.0 released 14-FEB-2017

Download:
https://www.crowdstrike.com/resources/crowdinspect/

Product details:
https://www.crowdstrike.com/blog/free-c ... wdinspect/

This new release resolves a long-standing issue formerly preventing access to Virus Total data base.

By default, CrowdInspect displays VT results as one overall security indicator score for every process name listed.

A new option allows to query VT for extensive details about a specific suspicious process name, at a maximum rate of 4 checks per minute.
This new option requires providing a Personal VT API key, which can be obtained free of charge.

(CrowdInspect's VT query functions tested OK under Win7; do not seem to work under XP.)

Small annoyance: the new 1.5.0.0 release introduces a fleeting adware for CrowdStrike's "Falcon Prevent" antivirus product.
Thankfully, the ad can be summarily dismissed manually, or will disappear on its own after 5 seconds.

__philippe · #5 Post by **__philippe** » Thu Feb 23, 2017 3:01 am

Couple of recent reviews about CrowdInspect 1.5.0.0 :

https://betanews.com/2017/02/22/scan-ru ... wdinspect/

https://www.ghacks.net/2017/02/23/crowd ... tegration/

__philippe · #6 Post by **__philippe** » Sat Feb 23, 2019 5:59 am

CrowdInspect v1.6.0.0 released 05-NOV-2018

• CrowdInspect Download
• Product details

Code: Select all

C:\>dir CrowdInspect*.exe

05/11/2018  19:40         1,368,576 CrowdInspect.exe
23/02/2019  12:56           606,376 CrowdInspect32.exe (self-extracted after 1st run of distro PE)

C:\>sigcheck CrowdInspect.exe:
        Verified:       Signed
        Signing date:   n/a
        Publisher:      CrowdStrike
        Company:        CrowdStrike, Inc.
        Description:    CrowdStrike Enhanced Process And Network Status
        Product:        CrowdInspect
        Prod version:   1.6.0.0
        File version:   1.6.0.0
        MachineType:    32-bit

v1.6.0.0 Changelog:
• Added "Local Host" and "System" processes enumeration options
• Configuration panel ("About" tab) now includes colored threat indicators nomenclature
• Detailed Threat Analysis now provided by www.hybrid-analysis.com instead of VirusTotal

__philippe · #7 Post by **__philippe** » Mon Nov 08, 2021 2:32 am

CrowdInspect v1.7.0.0 released 11-MAR-2021

CrowdInspect Download

Note
The tool runs on both 32 bit and 64 bit versions of Windows from XP* and above.
Following crowdinspect.exe first execution, a 32-bit or 64-bit executable is generated, according to the underlying CPU.

Terse changelog (from exchange with developer)
• "Better protection from DLL hijacking (placing a DLL used by the application in the application’s directory or directory path) - no feature changes or additions"

Code: Select all

C:\>dir crowdinspect*.exe

11/03/2021  22:47         1,492,776 CrowdInspect.exe
07/11/2021  23:20           653,096 CrowdInspect32.exe

Code: Select all

C:\>sigcheck CrowdInspect.exe:

Sigcheck v2.30 - File version and signature viewer

C:\CrowdInspect.exe:
        Verified:       Signed
        Signing date:   n/a
        Publisher:      CrowdStrike
        Company:        CrowdStrike, Inc.
        Description:    CrowdStrike Enhanced Process And Network Status
        Product:        CrowdInspect
        Prod version:   1.7.0.0
        File version:   1.7.0.0
        MachineType:    32-bit

The Portable Freeware Collection Forums