check this out: our defensewall passed malware tests:thumb: :thumb: :thumb:
http://www.youtube.com/watch?v=Kspwf0yPV0A
http://www.youtube.com/watch?v=2gUFwkS2BXo
http://www.youtube.com/watch?v=71aNELHkung

I paused at "haven't really heard of them." :doubt: :argh: ::) :o

-{ Quote: "I paused at "haven't really heard of them." :doubt: :argh: ::) :o" }-it is 3 parts,which one did you watch?
get some popcorn and watch the movie man;D

It was in the beginning of the first part. He hasn't even heard of hips before they contacted him which is suprising for someone who seems be very involved with malware removal. At least I would expect him to know prevention. Then he mentions prevx and threatfire along with defensewall like they are similar. I'm not complaining but it seems like he doesn't know much. It's up to viewers to determine how much to consider the tests.

A lot of IT professionals are mainly aware of only AV products and firewalls, which are the two key components in the workplace environment, so no need to find it unusual that people don't know about HIPS. :)

In the workplace environment for example, giving average users more advanced programs may lead to serious instability or disaster. You're making the user perform a choice their brain isn't capable of making (at this point of time). ;)

Regarding defensewall, when you click on untrusted applications tab, I also was slightly confused by the options. Had to get the following from the help file:

There is:
Add - adds process/applications/folders to the untrusted list
Remove - removes process/applications/folders from the untrusted list
Run as trusted - starts the application immediately as trusted
Enable/disable - allows you to temporarily make a program trusted, then revert it back to untrusted
Move item - moves item up and down the list
Excludes - adds file/folder to the exclude list making it run as trusted.

Just a question, is the last option 'excludes', actually the same as 'remove'?

The part that made me scratch my head was when he had the malware running and he said it wasn't doing anything....my understanding, which could be wrong, is that it is indeed running until you hit the stop button.

Although you can remove all file and registry tracks (and the reviewer should have just removed all items, and not just a handful, as I think it's safe and easy to do), DefenseWall will keep all items for 30 days and then automatically discard them. So as Ilya doesn't recommend discarding all items after each session, and that DefenseWall will remove these items after a short period of time anyway, I think the malware processes would be contained/restricted.

Maybe I'm wrong too though. Haven't loaded DefenseWall up in a short while.

I never got to use it that much. Too many problems with active skin. Wish I hadda tested it more before I bought it.

I think the program is very impressive indeed, although it is more of a sandbox than a HIPS. Some knowledge is required about what is malicious or benign: The reviewer was uncertain as what to keep and what to delete which means that an AV is necessary to check at least what is already known as malicious.

1. Most of the people never heard about HIPS products ever, even (especially?) if they represents AV/AS companies. I just met this on one of the industry forums- people there never heard about sandboxing at all, I had to teach them from scretch.

2. "Excludes" item within "Untrusted applications" section means "Exclude following items from the untrusted applications list". You may add a folder into the list, but exclude separate files from running untrusted with it.

3. Problems with current skin engine will be solved by switching to another one. Please, have a patience a bit, all the problems will be solved, I promise.

4. Running malware is harmless if it can't infect your system, hijack your passords and sensitive data and so on.

There is another video if you type "defensewall" in youtube.
Testing against 'Adobe Clipboard Hijack'.
However, I don't understand. I'm not sure if it passes.
Can anyone confirm?
Thanks!

"Adove Clipboard Hijack" is about Adobe Flash security model problem. No HIPS can protect against it. Ever. The latest Flash player is fixed the issue.

Good review.

Great news. After a long debate with myself, I took the plunge and added it to my arsenal and am very impressed. Have to say it is a cut above Geswall and works well with Edge.

You just couldn't run with just one could you. Ha! :P

I cant run with anything for very long. But this combo of 2 is very interesting.

Good work by Defensewall. The test makes it hopefully known to a broader audience. :thumb:

-{ Quote: "I cant run with anything for very long. But this combo of 2 is very interesting." }-
Is there security app. you heard of but never tried?

I tried at a time I was new to the concept of HIPS. Sandboxie was about the most advanced I had gotte. A past hard cored AV guy. So basically yes.

I like products where you see consistent development and active support. Ilya has showned that just as the Prevx gang is doing.

-{ Quote: "Great news. After a long debate with myself, I took the plunge and added it to my arsenal and am very impressed. Have to say it is a cut above Geswall and works well with Edge." }-


I do not believe what I am reading :D :thumb:

-{ Quote: "I do not believe what I am reading :D :thumb:" }-

Short attention span.
He'll change soon.
Hugger

-{ Quote: "Short attention span.
He'll change soon.
Hugger" }-
Ahh, what were we talking about.::)

I gave DW another try... I must confess i never quite liked DW in the past. I even deleted my GAOTD version some time ago... It's neither a classical HIPS nor a sandbox, so i found it confusing at first. I had to run Comodo's leak test, just to be sure that it was actually doing something! The weird was that i got no pop ups during that test. Just logged events. Although i had checked an option about notifications in tray i think.

I read some posts in this forum again and tried it again. I understood the concept better (of policy restriction), but i must say, for something that is supposed to be as simple as "trusted vs untrusted", i still didn't understand some things. I suppose more reading is required. The various exlusion lists, resources, etc butttons. Also Opera was creating some untrusted temp entries that were in black, while the rest was in blue. I guess the colour means something too.

I also read about the active skin crash bug, although it didn't happen to me for the hours i used it.

What turned me completely off was the CPU usage. I had p2p on, but i think it was browsing causing it. Opening new page, was giving temporarily up to 9-11% usage on my dual core. Too much for my taste.

I really like the concept and read it will include outbound protection in the future. Version 2.46 will be something to check again.

I surely must read more about it, cause it doesn't work like Sandoboxie or classical hips that i am familiar with... If it drops CPU usage, it would be great.

One thing i didn't figure out at all was... Suppose you have downloaded and run a malware and DW crashes. Does this makes the malware turn active?

-{ Quote: "2. "Excludes" item within "Untrusted applications" section means "Exclude following items from the untrusted applications list". You may add a folder into the list, but exclude separate files from running untrusted with it." }-

If something is excluded from the untrusted, it means it is trusted? If yes, why not just call it trusted?

I am sure as a shame to others, mine is basically straight out of the box settings and works fine against my exstensive malware test bed.::) All 3 of them.;)

-{ Quote: "I am sure as a shame to others, mine is basically straight out of the box settings and works fine against my exstensive malware test bed.::) All 3 of them.;)" }-
Yeah, DefenseWall out of the box will provide you with great protection.

-{ Quote: "
Also Opera was creating some untrusted temp entries that were in black, while the rest was in blue. I guess the colour means something too." }-
Blue color means "added by the user or from built-in list", black means "created by untrusted process".

-{ Quote: "
What turned me completely off was the CPU usage. I had p2p on, but i think it was browsing causing it. Opening new page, was giving temporarily up to 9-11% usage on my dual core. Too much for my taste." }-
Unfortunately, there is no protection that doesn't cause any additional CPU usage. But I'm always working on it, trying to reduce it if it's possible.

-{ Quote: "
If it drops CPU usage, it would be great." }-
If 2.46 won't helps, mail me to support and I'll put my hands on this issue.

-{ Quote: "
If something is excluded from the untrusted, it means it is trusted? If yes, why not just call it trusted?" }-
This feature allow you to add all the removable source as untrusted, but exclude your DVD drive, for instance. This just gives an additional level of flexibility.

-{ Quote: "Blue color means "added by the user or from built-in list", black means "created by untrusted process"." }-

Ah, thanks.

-{ Quote: "Unfortunately, there is no protection that doesn't cause any additional CPU usage. But I'm always working on it, trying to reduce it if it's possible." }-

Well, i know that a program needs CPU cycles to run. ;D This is something subjective. I always am after products that have really low CPU usage (don't care about RAM so much nowdays). And DW, was eating considerably (unless there was some conflict in my system that was causing it) more CPU time than Twister, Winpatrol, Comodo, Sandboxie, Process Guard, PC Tools Firewall (all of these eat very low CPU Time, that's why i use them)... And i don't like that. I usually tollerate an AV having more CPU time. But when it comes to HIPS, i like things keeping low... I know, i am paranoid. ;D It's just that when i see on taskmanager a program that needs to run at all times, spike to 9% CPU, i freak out. Only Opera does that and i have accepted it as inevitable. No other security application that i use, dare to spike to 9%. Max 2%. Most are at 0-1% and total CPU time is very low. DW seemed to spike high when opening a new page with Opera.

-{ Quote: "This feature allow you to add all the removable source as untrusted, but exclude your DVD drive, for instance. This just gives an additional level of flexibility." }-

Ah, i see... Good idea. I just didn't understand it immediately. (I know there is an online tutorial. I should read it thoroughly).

-{ Quote: "If 2.46 won't helps, mail me to support and I'll put my hands on this issue." }-

Thank you. I will be checking 2.46 with great interest, no doubt about it.