There are bound to be requests so they might as well have a home, so I might as well start the ball rolling in this thread
Firstly I have to say that I like the program, very useable even in this early stage of development

Feature request

#1 A method to blacklist certain executables & deal with them if they are already executing

That way individual users or enterprising anti-malware techs can create a list to distribute that will stop processes from running and also deal with running processes by stopping them in their tracks. It could potentially make dealing with some infections a little easier

I would like to see the AppDefend Alert dialog take on the same Color Theme as the GSS GUI. The current Alert color scheme makes it a bit difficult to see where the Allow/Block button edges are. Also my tired old senior eyes are having a bit of trouble reading some of the text.

Hi Disciple

Colors may need some tweaking, but the objective was to make the Appdefend, and Regdefend very different in color so you would notice the difference.

Pete

-{ Quote: "Hi Disciple

Colors may need some tweaking, but the objective was to make the Appdefend, and Regdefend very different in color so you would notice the difference.

Pete" }-
Hi Pete

To me the Alerts are different enough to recognize which one you are seeing. But color tweaking would be good.

Thanks.

-{ Quote: "But color tweaking would be good." }-Using standard Windows UI elements would be better IMHO (even if only as an option). As well as allowing customisation via standard methods (i.e. Control Panel/Display) it would also provide compatibility with theming software like WindowBlinds or XP's own themes.

-{ Quote: "Using standard Windows UI elements would be better IMHO (even if only as an option)." }-
I agree. Both AppDefend and RegDefend are very powerful but I am not keen on the UI for the products.

I understand this customised look helps to give the products an distinct identity, but feel they are not conducive to usability.

Here's some things I'd like to have in AppDefend/

1. Exclude certain directories from "execution protection" (i.e. Visual Studio Projects folder)
2. I'd like to be able to save the configuration files in a different folder
3. Exclude certain RegDefend rules from appearing on Alerts Tab (like AppDefend)
4. If logging is to be enhanced, I would surely love being able to start every session with a clean log (like it is now)
5. If you bring back balloon alerts, I want to be able to turn them off, for both AppDefend and RegDefend

I've been using this for 2 days now, and I'm very pleased with it. No problems up till now. Excellent... :)

Some things after a quick thinking :

1 - add a new protection, disabled by default, to warn about programs enumerating the running proccesses (like the task manager). It may be malicious, like it may be legitimate. Anyway I _really_ like to know what happens on my system, and this is a kind of protection/warning I really love :)

2 - add a rootkit detection, not about rootkit installation protection as it is already implemented, but to detect already installed rootkits (viewable in kernel mode but hidden in user mode).

3 - add to the icon taskbar a right click menu, with every GSS component showing, each one with a sub menu.

4 - add the possibility to hide/show the right panel in the main GUI

5 - add a right click menu on the application items on the main GUI (remove app, etc...)

6 - add a column in the main GUI, with an additional icon for the applications allowed to access the network. Ok it is already written on the right pannel if the app is allowed or not to access the network, but we have to check them one by one to see which one is allowed to do it. Viewing at first glance such a vital information would be very nice (like I do in ProcX when a process is accessing the network). Same could be applied for the other information, adding a column for them, and being able to hide/show the right pannel.

7 - may be that the "start application" block/allow could be extended to either block or allow particular applications ? (instead of blocking or allowing all).

8 - In the maintenance area, I didn't find a button to "erase all not existing apps". It shows apps which does not exists anymore on the HDD, but it seems that actually we have to remove them manually.

9 - extend the network control ? I do not want AD becoming a firewall, but may at least allowing or blocking protocols ? (eg : allow UDP but block ICMP and TCP for this process)

10 - in the area "add new application" offers to add already running processes


I may come later with other suggestion, but it is done for now ;)

Offer a rebate to licensed PG and Regdefend users.

-RE

-{ Quote: "Offer a rebate to PG users.-RE" }-

I don't understand, Why should Jason/Ghost Security offer a rebate for a competing companies product?

Have you seen this Ghost Security page, http://www.ghostsecurity.com/index.php?page=becomemember?

No, hadn't seen that page, TY for the link.
Offering a rebate to users who already paid for a competiting product is common practice. So is offering a rebate to your loyal users.

-RE

-{ Quote: "No, hadn't seen that page, TY for the link.
Offering a rebate to users who already paid for a competiting product is common practice. So is offering a rebate to your loyal users.

-RE" }-

How do you verify ownership for the rebate? For a product like PG, would you send him your license? Considering the low cost of his products, I wonder if its cost effective for him to set up rebates for competing products.

-{ Quote: "How do you verify ownership for the rebate? For a product like PG, would you send him your license? Considering the low cost of his products, I wonder if its cost effective for him to set up rebates for competing products." }-
If I already bought a similar product that covers 90% of the competitor's features, it does not make sense to buy the new product -- unless the conditions are so attractive that I go into what-the-heck mode. Whatever the price, we know that:
1) a new customer is worth more than the price of the product (look, I bought regdefend and now I would be willing to move to appdefend, who knows what else I'm gonna buy from ghostsecurity), and
2) when you pay again for something that was supposed to be already covered, you admit you made a not-so-wise buy, either with the old product or the new one. A rebate is basically a sweetener.
And no, I'm not a tightwad, I don't even precisely remember what these things cost (but I know that my PC software budget is not unlimited).
Just my 2 cents,

-RE

As mentionned in another thread, an annoyance common to both PG and AD is that software/"platform" comprised of many exe require a lot of clicking to make it learn that everything is legit. Cygwin or gimp are 2 examples. What could help:
1) explorer integration, to select a group of exe and add a rule in AD to allow execution/update the SHA signature db.
2) learning mode, everything is allowed and added to db during a limited period of time. Going several times to learning mode should not erase the previous db. The learning mode could be restricted to a given exe's children: eg. allow all children of this process (until I quit learning mode).

-RE

I would not want a learning mode ... at least I hope to have the opportunity to switch it off when I install AD. (I do not like it in pg either btw)

what I would like is to have the possibility to scroll down the programs,
the possibility to right click on the systray and go from there.
right click on the main screen and to have the options.
better control of child and parent processes.

but it all has been said before I guess...

Thanx anyway

Propose sth else if you don't want it (and you don't say why you don't want it).

-RE

-{ Quote: "Using standard Windows UI elements would be better IMHO (even if only as an option). As well as allowing customisation via standard methods (i.e. Control Panel/Display) it would also provide compatibility with theming software like WindowBlinds or XP's own themes." }-

I agree. This is one thing I dislike about PG as well.

-{ Quote: "Propose sth else if you don't want it (and you don't say why you don't want it).

-RE" }-

well, I proposed at least 4 different suggestions. (mostly allready covered though)

why I don't want learning mode...it's too easy and I want to give permissions myself to the programs.

when I install PG I immediately reboot. when my pc boots back up, I switch Learning mode off and install my programs. the popups will tell me if some program needs permission. the rest won't...like services and drivers issue, rundll32.exe ... ... you know the drill I hope ;)

Take care

Inf.

You perhaps missed my point. cygwin is a *nix layer on top of windows, comprised of hundreds of .exe, like, sh, sed, cat, and so on. If you don't have a way to automate rule creation, you'll get that many alerts, and that's a pain I can tell you. Go and see for yourself, www.cygwin.com.
The Gimp is a free photoshop-like tool, and many tools and filters are small .exe. When you install or upgrade it, again you got a lot of alerts, which you will all accept anyway.
Whatever it's called, and however it's done, I would like something to avoid these situations.
Cheers,

-RE

Thanx Strange Dream ;) for clearing that up and you were right: I missed your point. In your case a limited Learning mode only for the parent process (cygwin.exe - which I don't know btw) could be usefull I guess. cause a global learning mode I find this a bit dangerous as well...

I would disable it immediately and only use it when I encounter such a program...that's why I proposed to disable it or give an option at the end of installing AD (enable learning mode at reboot, enable automatic updates, enable/disable protection sections (mainly for RD - if you have allready covered let's say drivers/rootkit protection with pg for example ... now I'm repeating myself hehe :D

cheers

Can you make AD do asynchronous processing of requests when launching apps, so that it's possible to launch other apps if an AD confirmation dialog is currently displayed.

-{ Quote: "The Gimp is a free photoshop-like tool, and many tools and filters are small .exe. When you install or upgrade it, again you got a lot of alerts, which you will all accept anyway." }-Wouldn't a better method be to have an option to update checksums for existing entries? You could then use this after any upgrade to allow AD to pick up on altered programs (perhaps with it presenting a list of changed programs first for you to check).

-{ Quote: "Wouldn't a better method be to have an option to update checksums for existing entries? You could then use this after any upgrade to allow AD to pick up on altered programs (perhaps with it presenting a list of changed programs first for you to check)." }-
Sure, you could turn a switch to let AD update his sig db without asking questions, till you switch it off. You still have the pb at the 1st install, though. A list would be fine, but that means AD would have to scan your disk seeking new/modified files. I'd rather select those files on my own with explorer and add all the sigs into the db at one fell swoop.

-RE

I would like a quick way to disable both programs for installations. Right click menus on everything even if they’re redundant it’s nice to have several ways to do the same thing. A link to the windows properties of a file or app. A link to a process library or at least an easy way to google it from the right click menu. The tray icon should change appearance to show the state of your protection. The ability to disable logging for individual apps. I have Wintask 5 and it polls the registry often filling up the alerts tab quickly. Clear the alerts tab without restarting. The alert window should steal back focus every few seconds when it blocks something. That’s all I can think of now sorry if I’ve repeated something.

Thank’s :)

I would like some sort of comments box with the appz,so if you configure something to be allowed once,when you get the popup,you'll see your comments and know not to change it to allow always (something i do often). One gripe i have with PG,is the alerts you get for allow once appz are no differant to normal NEW alerts and it's difficult to keep track of those types of appz,my list of allow once appz is about 15-20 long,and i can never remember them all off the top of head.
Also can you make the tray icon change colour when either app is disabled so we can see at a glance.
And can you make the list stay in alphabetical order if we choose.

Thanks

P2K wrote:

-{ Quote: "Wouldn't a better method be to have an option to update checksums for existing entries? You could then use this after any upgrade to allow AD to pick up on altered programs (perhaps with it presenting a list of changed programs first for you to check). " }-

I am not sure if i understand you correctly,
or better, on how to implement the checksums mentioned.

I think you are right, but again, CYGWIN ( and others) is an application that uses hondreds of small executables, installing or upgrading these will drive you mad (clicking through the messages).

So it would be nice IF you could 'trust' the complete set, inmideatly after install or upgrade. And be warned at every checksum change AFTER that.

And i asume that a configuration-start-stop real password is already on the wishlist

-{ Quote: "I am not sure if i understand you correctly,
or better, on how to implement the checksums mentioned." }-This would be a case of adding a new option "Update checksums for all listed applications" in the Security tab menu - this would then recalculate and update the checksum for every application that has been permitted (with the option, hopefully, of providing a list of changed apps allowing users to review and block updates for selected items).

This would not help with installation of new software but should cover any upgrades or patches (System Safety Monitor has this feature).

-{ Quote: "Wouldn't a better method be to have an option to update checksums for existing entries? You could then use this after any upgrade to allow AD to pick up on altered programs (perhaps with it presenting a list of changed programs first for you to check)." }-
To all who are debating how to apply an update checksums feature. What is wrong with the current method:

ApDefend tab > click the Maintenance button (far right) > Check Now button, see the attached screenshot.

-{ Quote: "To all who are debating how to apply an update checksums feature. What is wrong with the current method:" }-If that can cover all executables in a specific folder then that would be ideal.

I was getting confused in my previous post with "another program" (that can't be mentioned for legal reasons... ;) ) so please ignore it.

-{ Quote: "To all who are debating how to apply an update checksums feature. What is wrong with the current method:

ApDefend tab > click the Maintenance button (far right) > Check Now button, see the attached screenshot." }-

Currently on the maintenance tab where it says "Check Now" for updated hashes, I will also be adding a way to update the hashes of any selected item in the list and deleting any items also.

So it would be a 2 step process,

1) Check Now for updated hashes in your list
2) Select all "FAILED CHECKSUM" hashes and then click Update Hash

I would like to suggest that the Ghost Security Icon change color when GS is disabled. Sometimes you need to do an install and have to turn off GS, and forget to turn it back on.

Thanks.

-{ Quote: "I would like to suggest that the Ghost Security Icon change color when GS is disabled. Sometimes you need to do an install and have to turn off GS, and forget to turn it back on.

Thanks." }-

I agree. Happens to me too often.

Also, I suggest that options be added to save and rename the AppDefend and RegDefend rules, so we don't have to manually copy the rule files. I think a lot users don't know the files can be copied, sothis change would make it more user friendly.

All info areas of the alert should word wrap and be scrollable. Currently with long paths and/or command lines, it just goes off the right of the alert area which means the alert has to be resized to about 3/4 width of my 1600x1200 display (and even that is not enough in a lot of cases), which is not ideal.

I would also like to see splitters between the process being started area, parent process area, and the extra info area. If the GUI used standard Windows controls, this would be very easy to achieve. (Nudge nudge, wink wink.....) ;) Splitters should also be used on all other parts of the GUI where appropriate.

Also, to borrow something from PG, the alert should also display Company name and file size.


Just noticed a possible bug (although not sure it can be fixed) - Resizing the height or Moving an AD/RD alert so that it moves over the taskbar causes the taskbar to not repaint, leaving remnants of the alert window.

The taskbar is correctly redrawn after the alert is allowed/denied.

-{ Quote: "All info areas of the alert should word wrap and be scrollable. Currently with long paths and/or command lines, it just goes off the right of the alert area which means the alert has to be resized to about 3/4 width of my 1600x1200 display (and even that is not enough in a lot of cases), which is not ideal.

I would also like to see splitters between the process being started area, parent process area, and the extra info area. If the GUI used standard Windows controls, this would be very easy to achieve. (Nudge nudge, wink wink.....) ;) Splitters should also be used on all other parts of the GUI where appropriate.

Also, to borrow something from PG, the alert should also display Company name and file size.


Just noticed a possible bug (although not sure it can be fixed) - Resizing the height or Moving an AD/RD alert so that it moves over the taskbar causes the taskbar to not repaint, leaving remnants of the alert window.

The taskbar is correctly redrawn after the alert is allowed/denied." }-

Hi Defenestration,

When Explorer.exe is being blocked from doing something, it's drawing operations are stopped until the alert is answered to. This is why anything created by explorer.exe (the taskbar, desktop, etc) might not redraw correctly until after an alert has been processed.

I agree that the alert needs to better show very long information, I will see what I can do to rectify this.

-{ Quote: "I agree. Happens to me too often.

Also, I suggest that options be added to save and rename the AppDefend and RegDefend rules, so we don't have to manually copy the rule files. I think a lot users don't know the files can be copied, sothis change would make it more user friendly." }-

Hi berng,

I will probably never "fully support" profile creation, simply because it is a rather advanced feature. As such I think the users who are capable of using such a feature without issues are capable of using explorer or whatever to create/copy rulesets. If there was a way to do it in the GUI then some people may mistakenly use it to create dud rulesets which aren't protecting them, and not even know it.

Hi,
I would really like to see Hardware keyboard shortcut.
Like Ctr-maj-F5 to accept
Like Ctr-maj-F6 to block

Moreover i would really really appreciate if this keyboard hooking is done by the driver and not the GUI. That way if the GUI freeze, the keyboard is still responsive and you can tell the driver to allow whatever alert cause the gui to freeze. Hopefully this will take care of the situation.

Then someone can see in the log what it actually allowed and can correct the situation. I know that correction after the fact is exactly what we try to avoid using GSS but in some rare cases i still prefer this to a forced reboot.

The other advantage of the driver taking care of keyboard is that it's available for all users.

-{ Quote: "Moreover i would really really appreciate if this keyboard hooking is done by the driver and not the GUI. That way if the GUI freeze, the keyboard is still responsive and you can tell the driver to allow whatever alert cause the gui to freeze." }-I doubt it would be possible to do such a thing outside the GUI itself since it would then have no easy way to determine if there was an AppDefend prompt to respond to.-{ Quote: "The other advantage of the driver taking care of keyboard is that it's available for all users." }-And how would you suggest AppDefend protect itself from malware sending similar keystrokes (e.g. via Windows Scripting SendKeys commands) to bypass it, if this feature was added?

Yet i admit i have not tougth that sendkey could be a problem.
I'm pretty sure there is a difference between high level key handling and low level key handling. And even if at high level there is no such differecnes between sendkey and keyboard there are in low level somewhere.


You can do a test

1) On your destop assign two shortcut key let say F5 and F6
2) Use any macro / automation tool taht will senkey F5 or F6
3) Use any keyboard remaprer that use the registry such as KeyTweak to switch F5 and F6 on your keyboard.

Such program use this key to remap the keyboard:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout
>> Scancode Map


reboot and test.
THe F5 key of the keyboard is translated as being F6
The F6 is not F5

However when you are using sendkey
F5 is really F5
F6 is really F6

That mean that somewhere in the host a process *know* what key (scancode) have been typed by the keyboard and that process then buble the keyup/keydown/keypress event in an architecture similar to sendkey. The good news is that this process is not fooled by sendkey wich mean its something worth to hook

and this effectively give +1 more reason for the keyhook to be processed using driver.

-{ Quote: "
it would then have no easy way to determine if there was an AppDefend prompt to respond to.
" }-

i'm deceived by you on this one.
It should be easy.
The driver does all the work of GSS

1) driver intercept the event
2) driver interpret the rules
3) if it is set to ask, driver launch GUI
4) driver wait for answear
5) driver interpret GUI answeat

"to determine if there was an AppDefend prompt to respond to" is as simple as cheking if the driver is itself in step 4

the hard part would be for the GUI to determine if the driver have receive a keyboard answear, again it's as hard as step #3. if driver can launch the gui then driver can decide to close it.

The ability to use the RegDefend conventions of * and ** in the command line of applications.

Example :-
This is a commandline passed to rundll32.exe to show an image in a Rar.

"rundll32.exe" c:\winnt\system32\shimgvw.dll,imageview_fullscreen c:\docume~1\user\locals~1\temp\rar$di00.610\img_0303.jpg

Now obviously it will be different for each image, so if I could edit one to :-

"rundll32.exe" c:\winnt\system32\shimgvw.dll,imageview_fullscreen c:\**.jpg

It would cover all .jpg's on my C drive.

A similar thing could cover the issue with GIMP etc where you could use a directory path \*.exe to enable any *.exe in that directory (without SHA256 checking).

On the AppDefend/Ghostwall application control front, how about if both are installed then an option to integrate them becomes available in general options. When enabled, the Network Access option in AppDefend is disabled but now you can tie a particular GW rule to an application via AppDefends SHA256 checking.

Im a user of Kerio 2 at the moment, bloat free with rules tied to applications via MD5 (broken maybe but better then nothing) and it would be really nice to see GW being able to fill that role.

It would also leave it open for people to use it with application control or not as the case may be.

The Look 'n' Stop firewall gives the option to Allow/Block for this Session (session is until either LnS or Windows is restarted). This option would be a handy addition to AppDefend. Maybe have the buttons "Allow Session" and "Block Session"...

-{ Quote: "Hi There,

I'd like to have an extra text field in the alert dialog box to let users type in comments, which will then appear in a column of the rule (configuration?) window. This is absolutely useful for users to know which applications added the rule. The rule list will soon get very long and most of the items have strange program names. I'm maintaining systems for a company with more than 100 PCs. When I walk around to check problems, I soon get lost with all those strange names.

Cheers,

Lei" }-
+1

Or just comments for the application. Some called applications do have weird names and I realize by their effect and additional research that their permissions need to be overridden from the defaults. But sometimes, months later, I've forgotten the reason.

I have also been testing System Safety Monitor which offers similar features. I'm not really sure it's necessary (I'm sure Jason can enlighten me) but SSM offers a finer degree of control over some permissions. For example, AD groups Process Modification into a single category, but SSM splits it into "Allow global hooks", "Allow remote data modification" and "Allow remote code control".

Do you think it would be a good idea to split Process Modification into these three categories ?

If so, then that's a feature request.

If not, then why don't you consider it necessary ?

to talk about SSM (which is a fine program btw) :

Jason, Will it be possible to have more control about the parent and child processes just like SSM and Tiny2005? That would be an immense feature and would certainly make AD a more complete application defender ;) that way we can limit some actions of certain processes that would have full access otherwise?

then finally I'll be able to ditch Tiny2005 ;) did I say that? :D ..

I can't agree more. I have also searched for a replacement of Tiny for a while already, but there's still nothing comparable (I talk about protection, not complexity :)). If there's process spawning control in AppDefend, I would be one step closer. ApDefend is on on my watching list, but Safen'Sec is actually my favourite today, cause of a good network acces control (port,IP,protocol filters), and a skecthed out child-parent process control. I consider these two feature the most important, because generaly lacking from other HIPS programs, everyone concentring on process and memory protection, stuff that PG and many others are already covering very well.

isnogood

maybe you should try SystemSafety Monitor aka SSM , they offer spawning control and registry protection as well but it is still beta and I don't know what they're up to. but it looked promising two years ago don't know about now.

Thanks Infinity. I have also tried this one about one or two years ago. Very good set of features, but it crashed my system too often. I may be wrong, but since it has been beta for at least two years and continuing, it doesn't seem very serious comparing to quickly developing competitors. Anyway, there's no hurry, I'm still very fine with Tiny :) Just looking around.


isnogood

-{ Quote: "The Look 'n' Stop firewall gives the option to Allow/Block for this Session (session is until either LnS or Windows is restarted). This option would be a handy addition to AppDefend. Maybe have the buttons "Allow Session" and "Block Session"..." }-


Yep this is something usefull.

Even if next beta dont have *cosmetic* changes,
it would be great to have at worst an hidden button to switch back to main gss pannel in order to disable rd/ad if we are stuck with to much popup.

At the best this button can be a "more option" dialog alowing you to do different things ( allow for session(until log out), allow until the program terminate, disable the rule responsible of the alert (for session/forever) etc )

APPDEFEND should allow users to exclude selected folders from being monitored.

-{ Quote: "I have also been testing System Safety Monitor which offers similar features. I'm not really sure it's necessary (I'm sure Jason can enlighten me) but SSM offers a finer degree of control over some permissions. For example, AD groups Process Modification into a single category, but SSM splits it into "Allow global hooks", "Allow remote data modification" and "Allow remote code control".

Do you think it would be a good idea to split Process Modification into these three categories ?

If so, then that's a feature request.

If not, then why don't you consider it necessary ?" }-

I tend to group particular protections into what they are capable of. For example if a process modification means you can get complete control over another process I will lump it into other protections which allow the same thing. Even though in theory it isn't as secure as allowing individual settings of each particular item (one malware might only do one method, but not other) there is no real difference in letting an application gaining control with one method and not another. Advanced malware would use multiple methods.

A benefit of the way AppDefend does it is you have fewer annoying configuration options.

Maybe I´ve missed this suggestion somewhere, but anyway, when an application want to access the network, I would gladly see if there could be a split between internet access/server rights when you allow/block. Instead of only allow or block an application completly.

Regards, C.

Hi,

Was just browsing the Appdefend Forum and this post :

http://www.wilderssecurity.com/showthread.php?p=752380#post752380

Brought an idea to mind. How about a "simple" disk protection per application a bit like the simple network control we have now.

Example :-

Application
C:\Program Files\Windows NT\Accessories\wordpad.exe

Could have the following 3 options for disk access :-

1) Disk access to App path and Sub dirs - RW (options: NONE/RO/RW)
2) Disk access to "My Documents" - RW (options: NONE/RO/RW)
3) Disk access to System - RO (options: NONE/RO/RW)

So wordpad.exe would be allowed read/write access to it's own directory and any sub directories and read/write to "My Documents" but only read access to the rest of the systems disks.

It might be a way of reducing any damage done by naughty apps that have been allowed to run thinking they are safe but then seeing lots of delete requests to "C:/windows/system" that might make you change your mind !

Wouldn't want it to delay the eagerly awaited next Beta if it was to be included :) and probably would need lots of work anyway.

Cheers
Joe999

hi~sorry about my English because i come from Asia.
i've tried the standard regdefend and then appdefend beta(including RD).

first,i find that AD's log is not so detailed as RD's. when i view the log of RD,i can see if it's blocked/allowed by application rules,or ask user,or auto user,i think it's very useful.

secondly,when appdefend asks me if i allow a applicaton to set a global hook,i choose "allow always",the result is the application will be allowed to set global hooks or just the current one? Maybe i couldn't say it clearly so i give a picture of SSM .If Appdefend can't do this as SSM now ,i wish AD can have the feature in future version

Thank you

-{ Quote: "secondly,when appdefend asks me if i allow a application to set a global hook,i choose "allow always",the result is the application will be allowed to set global hooks or just the current one? Maybe i couldn't say it clearly so i give a picture of SSM .If Appdefend can't do this as SSM now ,i wish AD can have the feature in future version
" }-
Hi Kkiko, The "always allow" is application specific, this is as intended as that application is SHA checked, if malware were to change an .exe with "allow always" then you would receive a pop-up, if you know that the application has changed say via an update then you would re-allow it.

Bare in mind that a keylogger that you may have accidently "caught" would be stopped in it's tracks by AD unless you allowed it, this is why applications are given individual attention for their specific rules.:)

BTW - Your English is not at all bad ;D

HTH. Pilli

at the moment .. and sorry to kick in .. but Appdefend cannot come even close to SSM .. the metamorphose SSM has made is phenomenal .. backed up with good support!

.. I don't know what's happening ... but honestly .. this happend a lot lately .. there is simply no support for Ghost Security and that was one of the best features it had .. the fast answers from Jason ..

so my feature request is:

give us the support like we had before .. I have to bite my tongue for not giving any more feedback :( :( :( ...

Hi Infinity, As you can see from other threads Jason has been very busy making ground breaking changes to the GSS suite - He is only one man whereas SSM is now being developed by a team.

Jason had some severe problems a while ago and they have now been resolved. I think that you will find that Jason's support will be second to none once the new suite is finished.

Pilli

-{ Quote: "Hi Infinity, As you can see from other threads Jason has been very busy making ground breaking changes to the GSS suite - He is only one man whereas SSM is now being developed by a team.

Jason had some severe problems a while ago and they have now been resolved. I think that you will find that Jason's support will be second to none once the new suite is finished.

Pilli" }-


I don't doubt you, nor do I doubt Jason .. but GSS is loosing ground (and I won't even talk about PG .. .. )
.. I know SSM is with 3 guys (I believe) .. But I thought Jason was not the single coder/programmer .. if this is the case, I can understand this even more.

I was just a little worried, that's all. cause GSS has fine capacities (had a good backup / support .. the other Ghost moderator I haven't seen him for ages :(

.. if RD and AD can be purchased as one program/suite, then Jason is one step closer again (this will probably go on and on and on) .. but the capacities are numerous with GSS .. like I said from the beginning.

Best Wishes to you and Jason! :thumb: and I hope, once again that it will be alright in the end .. for everyone.

Couldn't find this in the suggestion thread, which was closed anyways....

When AppDefend pops the window asking if an app can connect to a site, why not put a button there that resolves the address like 'whois' does? Knowing the site it is trying to access can help judge if the request is legitimate.

Better yet, can you incorporate the 'Shazou' extension that works with Firefox? I have it in my browser - by clicking the icon I can tell Wilders is at 65.175.38.194, its run by Freeze Frame Graphics at 3949 Schelden Circle, Bethlehem, PA. It also shows a Google map of the location (single building surrounded by grass).

Thanks.

Good idea! but... If you've already got software that does that for you,why bloat AD with unnecessary things we already have?

Theres basically only a few wishes I would like added to AppDefend.

First I would like some sort of disk access protection, being able to set where particular processes are allowed to read or write files would secure a system no end, well something along those lines anyhow, I guess joe999 put it better then I did in post #51 ;D

Secondly I would like to see some form of ASLR as well.

Thirdly some kind of virtualization layer similar to DeepFreeze or ShadowUser.

Thats about it for me right now, I dont want much really, okay okay....how about some more ghosts.....hehe

Hugs for George the ghost,
Fluffy

first i would like to appreciate appdend design it is really cool.
my wishes are
on memory protection should be like PG that is appdefend warns any application which tries to write on memory of others but even if it is allowed to write it should be specific to that process not others for eg. if some process wants to modify iexplore.exe it should only be allowed to iexplore.exe not csrss.exe please add this feature.
thanks.

-{ Quote: "first i would like to appreciate appdend design it is really cool.
my wishes are
on memory protection should be like PG that is appdefend warns any application which tries to write on memory of others but even if it is allowed to write it should be specific to that process not others for eg. if some process wants to modify iexplore.exe it should only be allowed to iexplore.exe not csrss.exe please add this feature.
thanks." }-

It's a good idea in theory, but I dislike the complexity it adds to the user interface. Mostly because it's very difficult for the end user to determine why something is happening, lists of lists is something I try to avoid.

This has been discussed in great detail with some of my testers and some ideas were brought up to allow the greater flexibility you desire without the UI headache. They should be in the next GSS.exe.

-{ Quote: "

Network Access alerts
Sometimes you will receive an alert which says "UDP Send" with "Unknown IP" and "Unknown Port". In the current build of AppDefend it is unable to obtain the port and IP address for UDP communications, this will hopefully be addressed in a future build.

" }-

Hello,

would it be possible to make AD's firewall a bit more talkative?
Currently it indicates only that an app is initiating a network connection.
Perhaps the old feature showing the address/port/protocol at least could be brought back.

Thanks, xtree

GSS v1.410

These will probably be addressed as GSS comes closer to a release version, but I wanted to state them any way.

Columns are not sortable by clicking on the column name, please consider making the display user sortable by clicking on a column header.
The Logging screen only displays the time and event happened but not the date, please consider adding the date as well.These are my main things I would like to see incorporated in the release version.

I would like standardized GUI, so its easier to read, my eyes dart all over the place to read, and due to the way its currently setup, sometimes I just give up and go 'allow once' a few hundred times..

Also AppDefend recognising 'installation' applications, probably when it an allowed setup.exe extracts and executes a TMP file. So setup.exe "Allow?", then TMP "Parent Process Setup.exe - possible Installation program - Allow?" then it will ignore all other TMP and setup.exe requests for that session.

I agree with the 'disable appdefend' for XX amount of seconds. Or 'disable appdefend until next reboot' or 'Disable appdefend until PID terminates'. any sort of rule that you want Appdefend (even regdefend) to disable and allowing it to turn back on automatically when the time 'is right'.