Cyberhawk works reasonably well on Windows 2000 and XP. However, there are one or two things that could be called rough edges. The service called CHService.exe seems to have difficulty in terminating gracefully at system shutdown. The rootkit detection tool appears to be buggy, running predictably on my Windows 2000 but seemingly going into an endless loop on Windows XP. I do not know if there is a relationship between this problem and the version of operating system; it is just an observation of the behaviour on two systems. The rootkit detection tool has occasionally crashed CHService.exe. A system restart is sometimes then necessary if the system runs at a slow crawl as a consequence, whereupon normal performance is resumed. For these reasons, I would suggest that the rootkit detection tool is not used without good reason. AVG and Sophos both publish good free rootkit detection tools.

I have only seen one possible malware to be flagged by Cyberhawk. This was a false positive, the victim being Poptray.exe which as far as I am concerned is known good software. This happened on Windows XP but the same software on Windows 2000 was not flagged.

Cyberhawk behaves well in normal system use and so I have no reservations about using it in routine service. The error message box which CHService.exe sometimes produces at system shutdown is of no real significance.

Cyberhawk is NOT a system wrecker. It uninstalls OK BUT do make sure that you safely store copies of the following 4 dlls from the system32 subfolder in the winnt/windows folder: ATL80.dll, msvcm80.dll, msvcp80.dll and msvcr80.dll and check that they are stiil there after the uninstall. I have found that the Cyberhawk uninstall can delete them. I do not know if the installation software does date/version checks on the aforesaid dlls before overwriting existing files.

Given the stated benefits of using Cyberhawk, I consider that it is worth its place on the security team of my main (Windows 2000) system as a valuable additional layer of security. If I were to consider paying for it, I would expect the aforementioned rough edges to be smoothed out. ;)

I cannot comment on the effectiveness of Cyberhawk because my systems were already free of malware. It is nice to have some additional confirmation of this though.


To qualify the above comments, the two operating systems are both fully updated and they both run the following: -
Opera 9.21
Firefox 2.0.0.4
Amust 1-Defender
Spyware Doctor 4
Agnitum Outpost Firewall Pro ver. 4.0.1007.7323 (591)
AVG Free 7.5
Prevx Pro 2005 (I tested Cyberhawk with this enabled and disabled)
Spybot 1.4 (immunisation quirk is noted but not a problem if you know about it)
Spyware Blaster 3.51

That is some great info. I would like to point out that Outpost has a known conflict with Cyberhawk. Without getting into to much detail, basically Cyberhawk is not fully operational. Although I did not reproduce (yet) the exact behavior that you mentioned (hake) , I am not surprised that you found one.

About the uninstall of Cyberhawk affecting the four dlls that was mentioned is a mystery to me. I/we are not aware of any deleting of unrelated dlls.

Yes, those dlls did go absent without leave (seems not to happen with XP) but I recovered them from a Ghost backup. Outpost 4 also uses three of those dlls in system32.

Cyberhawk is what I would have liked Prevx Pro 2005 to have been developed into. Instead, Prevx produced Prevx1 which I was not at ease with. I have disabled buffer overrun protection in Prevx Pro 2005 because it gave false positives and because I had a hunch that it might conflict with Cyberhawk's own buffer overrun detection.

The fact that Cyberhawk is unobtrusive says a great deal about it. It must be extraordinarily difficult to produce software to do what Spyware Doctor 5 and Cyberhawk are designed to do without disrupting a computer while at the same time preventing malware from doing damage. It must be particularly so when the target systems are mature, as mine are, infested as they are with free software from every magazine cover disk I can lay my hands on. I have sympathy with PC Tools (and every other security software vendor) who are obliged to make provision for Vista users. I would rather that SD4 had been developed further as it is a truly great piece of software. It is soooooooo solid and reliable. It only needed Opera and Firefox to be monitored as per Internet Explorer to be perfect in my eyes.

I have not noticed any Cyberhawk issues with Outpost 4. My installations of Outpost 4 run beautifully and are no trouble at all. I had some problems with Outpost 3.51 with Windows 2000 which went away with Outpost 4. Outpost dutifully detects the network requests of the various modules of Cyberhawk. I was quite surprised to read that issues existed. My Outpost installations are set for high security, i.e. component control settings are at normal and anti-leak control is enabled.

I always have to start out explaining that I am not a PC techie. But, here are some things discovered about Cyberhawk on my approx. 6-year old HP Pavillion, Pentium III, Windows XP, SP2, IE7.

Cyberhawk seems to work fine. However, as I use the Symantec/Norton SystemWorks to confirm the operating status of my PC, I initially start with what is named the One Button Check Up (Fast Test). The Window Registry Scan indicates the Registry is in good working order. But, the Program Integrity Scan says there are now problems with 2 Missing Files: C:\Program Files\Common Files\Novatix\Cyberhawk\CHService.exe cannot access necessary files: atl80.dll (and) msvcp80.dll

When I click on the repair button, the Norton software says it has (temporarily?) repaired the problem(s). Then, when I follow up with a (second) more detailed scan via Norton Utilities/Norton WinDoctor Test, the report has the same results as the other test...that those two .dll files are inaccessible or cannot be found...with the remarks "Repair Option: No Solution. The missing .dll(s) might be located on a removeable drive (not), on a non-visible volume such as an NTFS drive, or on a network"...with a Severity level of "Medium".

I have completely uninstalled and reinstalled Cyberhawk and the related folder in the Program File, with the same Symantec/Norton SystemWorks test results that those two .dll files still cannot be accessed by CHService.exe.

But, Cyberhawk APPEARS to be working fine, anyway.

Then, when I perform a malware scan with the new Ad-Aware 2007 Plus, Cyberhawk appears on the scan's log to be in good working order, including those two .dll files (not missing, per Ad-Aware). But, I have noticed what may or may not be the issue with the Symantec/Norton Program Integrity Scan: Per Ad-Aware's scan log, atl80.dll and msvcp80.dll are not on c:\windows\system32\...but are on c:\windows\winsxs\x86_... instead. See that Ad-Aware log regarding Novatix\Cyberhawk below.

Should those .dll files be on system32? If so, how does a novice copy them to system32..or anywhere else?

If this has nothing to do with the previously-mentioned forum entries, I apologize...'cause I am not a PC techie. But, maybe the info can help someone somewhere up the road... :o

C:\PROGRAM FILES\COMMON FILES\NOVATIX\CYBERHAWK\CHSERVICE.EXE
c:\program files\common files\novatix\cyberhawk\chservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll
c:\program files\common files\novatix\cyberhawk\chserver.dll
c:\program files\common files\novatix\cyberhawk\chmisc.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
c:\windows\system32\imm32.dll
c:\program files\common files\novatix\cyberhawk\chengine.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\program files\common files\novatix\cyberhawk\chlog.dll
c:\program files\common files\novatix\cyberhawk\chmon.dll
c:\program files\common files\novatix\cyberhawk\chundo.dll
c:\program files\common files\novatix\cyberhawk\chquarantine.dll
c:\program files\common files\novatix\cyberhawk\chrk.dll
c:\program files\common files\novatix\cyberhawk\chdbm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\program files\common files\novatix\cyberhawk\chtm.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\program files\common files\novatix\cyberhawk\choriginator.dll
c:\program files\common files\novatix\cyberhawk\chcr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\program files\common files\novatix\cyberhawk\chscan.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\urlmon.dll
c:\program files\common files\novatix\cyberhawk\chws.dll
c:\windows\system32\msxml3.dll

Hi
This may be the kernel driver of Cyberhawk (I think it has one to tackle rootkits) hiding those two DLLs from Norton. Does Norton look for (super)hidden files?

mjq424,

I don't have a clue about how deep Norton's Program Integrity Scan goes. This is just the first time a "problem" such as this (which actually may be a non-problem) has shown up for me in their Program Integrity Scan...with their software not permanently "repairing" it. But then, if it really is not broken, it can't be repaired and isn't an issue (I hope). :rolleyes:

Norton provides the option of clicking on "Ignore this problem"...probably for situations such as this, which I will probably do. Thanks for your feedback.

In my previous posts about Symantec/Norton's Program Integrity Scan issues with Cyberhawk and the atl80.dll & msvp80.dll, I pointed out that they appeared in the (my) \winsxs\ files and not in the \system32\ files. Borrowing from hake's suggestions (above), I duplicate-copied those 2 .dlls into the \system32\ folder, with some subsequent Registry fine tuning...and now, the Symantec/Norton Program Integrity Scan reports no more problems with Cyberhawk's CHService.exe accessing those .dlls.

For this PC non-techie, it may just be smoke and mirrors (?).

In the meantime, Cyberhawk SEEMS to continue working well. :cool:

Norton apparently has a solution for this message. Have a look and see if this applies to you.

http://service1.symantec.com/SUPPORT/nsw.nsf/0/74fe2fa1b068a2438825711500100c4f?OpenDocument

djames,

In my second posting dated 6-13-07...I coincidently did what turned out to be Symantec/Norton's instructions...which is to use their "Ignore this problem" option (because it's really not a problem -?). Their sticky, which you provided, addresses the msvcr80.dll, specifically, but should apply to any other .dll issues...as hidden from and during some Norton Program Integrity and Repair scans.

Yesterday, one of those .dlls could not be accessed by the new version of Adobe Reader 8...per the Norton Program Integrity Scan (only !)...which is why I experimented by creating an identical copy into the \system32\ folder, which seemed to make the Norton software issue go away.

I will get back to you if I have any subsequent problems.

Thanks for the info. :)

Hello. I have Windows XP and I can't find the winnt/windows folder but checked in the Windows system32 folder for the dll's mentioned. All I see in that folder are Atl70 and 71 dll's, and a msvcp70.dll plus a few others simular to them. Are the dlls. mentioned missing or am I not looking in the right place. PC is running fine since uninstalled Cyberhawk, but I would like to install Cyberhawk again without worry. Any responses to help me with this would be appreciated.

Postscript: I got rid of a USB flash card driver and Cyberhawk now behaves immaculately with Windows 2000 - no problems at all. You just cannot tell what is causing a problem until you uninstall that something but it's purely a matter of luck when you stumble on a cure. Hardware drivers seem to hold all sorts of hazards for security software.

The rootkit scan works flawlessly.