Hi everyone,

I have been working on a new product which will soon be entering public beta testing phase. It has been getting privately beta tested for a while now and is almost in a condition suitable for mass public consumption. I will however, hold off on any details regarding this new component of Ghost Security Suite until the beta is released. RegDefend has also received some updates, which will be included in this public beta.

The public beta test will commence within 7 days, it could be as early as Monday. Everyone will be entitled to try the new component of Ghost Security Suite, there will be no special conditions attached to the public beta. The new component will also have a free version, which it will revert to after a 14 day full trial, just like RegDefend.

Thanks Jason for the heads-up. Will this be a plugin to RD? Will it compliment it or is something completely different?

-{ Quote: "Thanks Jason for the heads-up. Will this be a plugin to RD? Will it compliment it or is something completely different?" }-

It is something completely different, which will protect your system better along with RegDefend installed, however RegDefend isn't required for it.

It fits into the GSS interface along with RegDefend, allowing easy configuration of both, and you can enable/disable either component if you only want one.

sounds intriguing ;)

Since the beta is very close I have decided to upload some screenshots.

This is the new MAIN tab, showing both components of Ghost Security Suite.

Here is one of AppDefend's new alerts :-

Another AppDefend alert :-

Last one for tonight, this Alert shows a global hook being intercepted. This particular global hook will probably be auto-allowed in a future version, since it is a common occurance. AppDefend shows you the hook type and also the DLL trying to be injected.

Hi Jason,

If someone have PG and Outpost, what does appdefend do more or different? Ain't that doing what PG and Outpost can do?

Thanks',
Atomas31

Hi Atomas, that's a legitimate question cause I was thinking the same.

@ Jason, will it be possible to have control over the child and parent processes? (like ssm?)

Thanx and congratz cause it's looking damn nice to be honest!

Looks Great Jason!!

Cheers,

Hi Infinity,

I would also like to know if appdefend will have a lot less pop up than the application protection from Outpost (wich I disable because of that... it was making me crazy!)?

Thanks,
Atomas31

well, it seems that (my opinion) regdefend offers quite some extra's as opposed to pg (especially with this new component). the network access = something like ghost wall but with app control I suppose?

cheers

sorry but now I see this on your screens (sorry for all those questions) :

* ADSECURE (AppDefend Secure)
- will there be standard rules too -this paranoid status?
* RDSTANDARD (RegDefend Standard)
- will there be a RDSECURE too

Thanx Jason.

-{ Quote: "Hi Atomas, that's a legitimate question cause I was thinking the same.

@ Jason, will it be possible to have control over the child and parent processes? (like ssm?)

Thanx and congratz cause it's looking damn nice to be honest!" }-

Hi Infinity,

There is some basic control over processes starting other processes, but nothing so complex where you have to check what can start what. It is a flag which you can give certain applications to CREATE other ones.

Thanx Jason

-{ Quote: "Hi Jason,

If someone have PG and Outpost, what does appdefend do more or different? Ain't that doing what PG and Outpost can do?

Thanks',
Atomas31" }-

AppDefend has alerts for every item if the user wants them. ProcessGuard simply blocks and the user can then go and check what happened (AppDefend can do this also if need-be). AppDefend is using the very latest techniques and optimizations, making it faster and more optimized than ProcessGuard, whilst offering more protections. You will have to check tomorrow for all the things AppDefend protects against. AppDefend is also using the currently secure SHA256 hash.

AppDefend also protects "everything" by default, you need to give "special" applications privileges to do anything privileged, but you don't need to bother adding every application on your system to be protected.

-{ Quote: "
Hi Infinity,

I would also like to know if appdefend will have a lot less pop up than the application protection from Outpost (wich I disable because of that... it was making me crazy!)?

Thanks,
Atomas31
" }-

I hope that the default rules installed will eventually give the user a less painful "installation" period. AppDefend doesn't require a learning mode for instance. AppDefend is configurable for every protection, whether you want alerts to occur, how you want it to interact when it cannot ask the user something, when/how to log, etc.

wow, the few hints from the screenshots suggest a wonderful addition to Ghostwall :o ..

...and the GUI does look very nice!! :D (I know, I know, not the main part of the soft's value added, but very good work here ;D )

Is there any possible way a setting could be included (for people who are absolutley sure their computer's are un-infected with anything ) that would let RD or AD automatically permanently allow everything that's already there?

Sure would save time. Pete

-{ Quote: "Is there any possible way a setting could be included (for people who are absolutley sure their computer's are un-infected with anything ) that would let RD or AD automatically permanently allow everything that's already there?

Sure would save time. Pete" }-

I will add a setting like this eventually, it won't be in tomorrows beta build. It is essentially a manual "learning mode" you are requesting to help speed up the installation process.

One goal of AppDefend will be to check what security applications and common privileged applications you have when it is installed and then preconfigure itself without having to "run everything" so it learns. This isn't completed yet, but some parts of it are visible in the current build.

Sounds good! Thank you. Pete

Hi Jason,

Do you know if appdefend have any conflict with PG and Outpost or any other security application for that matter?

Thanks,
Atomas31

Hi Atomas31

I have had no conflicts with it, with any other software.

Pete

And the Windows-versions it will run on...... ;)

Hi there Jason !

Cheers, Jan.

thank's Peter2150, it's good to know ;-)

Best regards,
Atomas31

-{ Quote: "
I have had no conflicts with it, with any other software.
" }-
Hi Pete,

I take it this also means that both RegDefend and AppDefend don't conflict with KAV/KIS 2006 (which I know you've also been testing) ?

I ask because I'm now considering purchasing both RD and AD.


Jason - Is the SHA256 hash done on the complete file or only part of it ?

Has it been tested with very large files ?

-{ Quote: "Hi Pete,

I take it this also means that both RegDefend and AppDefend don't conflict with KAV/KIS 2006 (which I know you've also been testing) ?

I ask because I'm now considering purchasing both RD and AD.


Jason - Is the SHA256 hash done on the complete file or only part of it ?

Has it been tested with very large files ?" }-

The hash will be done completely on all files up to a certain size (at the moment this is set to 4MB), however a "smarter" hash system might be included before the final release.

-{ Quote: "Hi Pete,

I take it this also means that both RegDefend and AppDefend don't conflict with KAV/KIS 2006 (which I know you've also been testing) ?

I ask because I'm now considering purchasing both RD and AD.


" }-

None what soever. I am having some KAV issues, but they are related to KAV itself. RD and AD are working fine.

-{ Quote: "The hash will be done completely on all files up to a certain size (at the moment this is set to 4MB), however a "smarter" hash system might be included before the final release." }-
Will this size limit be configurable in the registry ?

Not sure how the "smarter" hash system will work, but I thought you might be interested in the following post which explains a problem with LnS when only hashing the CODE section. Just a heads-up.

http://www.wilderssecurity.com/showpost.php?p=224316&postcount=29


Peter - Thanks for confirmation.