On request of a few Wilders Members I played with Malware Defender.

Monday night I installed 1.2.1 and after a few looks at this application I thought: when SSM and Antihook would be able to produce a baby, it would be Malware Defender.

This is a mission impossible to find some balance between ease of use and security. Malware Defender is the geek's dream. I uninstalled the program, because it has little use allowing pop ups because the average user does not has a clue what the impact of the message is. Also the rules monitor and switching from monitor to groups is a little less straight forward as for example EQ Secure. Another thing was the description of the silent mode: it says that actions not permitted are denied without asking the user. I assumed this includes denial of ASK rules (the system silently denies rules which have an ASK option). Xiaolin please elaborate. Went to bed to late.

Because Bellgamin asked and I can't stand quitting, I decided to gave it another try. Good thing was that version 1.2.2. was available, so I down loaded the latest version.

New plan of approach

1. After initial installation, I would add some extra protection

2. After making sure in LEARNING mode that the system worked well, I would change some settings: DENYING the worst intrusions while keeping MD in learning mode.

3. Set up a strict containment of a few internet facing programs, to assure (together with DENY of worst threats) that the average user could keep using the system in learning mode for a long time (say a month or so), to establish a user behavioral baseline which would tackle all or nearly all pop-ups.

4. Those contained programs would be launched by StripMyRights (in /LN mode = normal user mode), to include spawned processes as well.

5. In the training period the user can always switch to SILENT mode when doing dodgy internet browsing or delicate internet transactions

And guess what >>> malware defender impressed me!


(Please wait with replies until finished, thanks)

Please note that experienced users, just can add my extra protections
(see below) and implement the containment fo internet facing software.


1 Install Malware defender, import the attached rules, make sure they are set to ASK

Edit import does not seem to work: here are the entries

Extra file protection
C:\Autoexec.bat
C:\boot.ini
c:\config.sys
c:\io.sys
c:\msdos.sys
c:\ntdetect.com
c:\ntldr


Extra registry protection (; plus name means registry value)
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows;Programs
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer; DisallowRun
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer;NoRun
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer;RistrictRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store; Database Distribution Units
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ras
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GinaDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW\boot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW\nonwindowsapp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW\standard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App;Paths
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Mirabilis\ICQ\Agent\Apps\IcqWinCfg
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00?\Control\Session Manager\Environment;ComSpec
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment;ComSpec
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment;Path
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

NOTE YOU HAVE TO CLICK ON A REGISTRY GROUP TO GO TO THE REGISTRY GROUPS,

DITTO FOR THE FILE GROUP CHANGE

2 After making sure the system works well, and opening your favourite applications (including internet facing applications).

Go to options, select protection, MD should be in learning mode, also select "In Learning mode, if explicit "deny" rule is found, do not create permit rule and do not permit the action (see image)"

NOTE: BECAUSE YOU ARE GOING TO SET UP THE CONTAINMENT APPLICATIONS GROUP (STEP 3). THIS CONTAINMENT GROUP ACTS AS A SANDBOX, SO YOU CAN LEAVE YOU SYSTEM FOR A LONG TIME IN LEARNING MODE.

Now create a application group "Contained applications" with following characteristics and move your internet facing programs into it

I have chosen Internet Explorer, Outlook Express and LimeWire.

NOTE: I have moved the internet temporaru directories from default to D:\TEMP IE\, I have done teh same for teh windows temporaray directory (Now in D:\TEMP)

Internet Explorer settings

(remember you can look at the logs and right click to generate a permit rule, or set all deny's of this application group to ASK and start them up in learning mode)

Notice that IE7 is only allowed to save to download directory

Outlook Express settings.

I have moved my WAB book using an registry tweak http://support.microsoft.com/kb/156828, within Outlook you can move your mail location (extra -> options -> maintenance -> change location of archive)

Note that when you save something in an allowed directory (e.g. the download directory), you will get an error message, but the file will be saved. I have noticed Xiaolin of this little notification error.

4 StripMyrights should be trusted (see included documentation).
When running in Learning mode, few can happen when browsing internet or reading e-mail. Due to limited rights and the strong intrusion containment of the Contained Applications group (with default deny and not allowed to write to disk and regsitry).
TIP Xiaolin: offer a preset Contained Applications box in which aps are launced as limited user up front, so I do not have to use stripmyrights

==>

5 I run all the time im Learning mode, so my wife does not get a notification. I will do so for the next two months. When backing up etc I always close MD, to refrain from errors.

When I do internet transactions I set MD in silent mode. Told my wife to do so also. It is a remarkable HIPS :thumb: :thumb: :thumb: I have managed to set it up as a silent clasical HIPS, with nice Anti Rootkit analysis extra's.


Last post :P

Kees1958 nice work mate...

but after try this software i gave up on it, 2 much popups for installing stuff , and for daily work.

and u get an extra "bonus" after restart cpu stuck on 100% for some time , verify some sort of signatures (according to author)

simple u can use CIS and get all this HIPS for free...haa yes + extra firewall :)

-{ Quote: "


5 I run all the time im Learning mode, so my wife does not get a notification. I will do so for the next two weeks. When backing up etc I always close MD, to refrain from errors.

Last post :P" }-
this is the stupid thing in such kinda hips... in 2 weeks ( 5 minuts even) u can get tons of malware ...so what the use?
it is only got 100% effective when dealing with all this popusp , confirmation **** :)

Demoneye,

As posted, my first impression was that it is a HIPS suited for die hard control freaks and I uninstalled. The setup posted will still protect you while in learning mode. The trick with StripMyrights and the "Contained Applications"group is that you create your own HIPS policy containment.

When you switch on to silent mode while surfing it will protect you in a simular way a sandbox does without redirection or virtualisation. It actually impressed me like other software from china (Rising AV, EQSecure, Netchina S3, etc).

Version 1.2.2 is fast on my rig by the way.

Cheers

Hey Kees, I do not know How you do it but Great work.:thumb:perhaps I will have to give it a go again the first time I tried it, it ran great but the popups drive me insane.

-{ Quote: "Please note that experienced users, just can add my extra protections
(download text files and rename them to dat) and implement the containment fo internet facing software.


1 Install Malware defender, import the attached rules, make sure they are set to ASK" }-

what is ASK?
it doesnt import them...said error , and yes i do rename it to *.dat

-{ Quote: "this is the stupid thing in such kinda hips... in 2 weeks ( 5 minuts even) u can get tons of malware ...so what the use?
it is only got 100% effective when dealing with all this popusp , confirmation **** :)" }-

Nope it will protect you see previous post

When running in Learning mode, few can happen when browsing internet or reading e-mail. Due to limited rights and the strong intrusion containment of the Contained Applications group (with default deny and not allowed to write to disk and regsitry).

-{ Quote: "Demoneye,

As posted, my first impression was that it is a HIPS suited for die hard control freaks and I uninstalled. The setup posted will still protect you while in learning mode. The trick with StripMyrights and the "Contained Applications"group is that you create your own HIPS policy containment.

When you switch on to silent mode while surfing it will protect you in a simular way a sandbox does without redirection or virtualisation. It actually impressed me like other software from china (Rising AV, EQSecure, Netchina S3, etc).

Version 1.2.2 is fast on my rig by the way.

Cheers" }-

silent mode is like standard mode , just deny/block with out notify :)
10x a lot for the work ! it is much respect

-{ Quote: "Nope it will protect you see previous post

When running in Learning mode, few can happen when browsing internet or reading e-mail. Due to limited rights and the strong intrusion containment of the Contained Applications group (with default deny and not allowed to write to disk and regsitry)." }-

and what about installing new software ? or remove them? the right just for brows... we got sandboxie for surfing which is 10 time better than this MD mate :)

-{ Quote: "what is ASK?
it doesnt import them...said error , and yes i do rename it to *.dat" }-

Here are rapidshare links http://rapidshare.com/files/169868430/General_rule.dat.html

http://rapidshare.com/files/169868431/Extra_Registry_Protection.dat.html

http://rapidshare.com/files/169868432/Extra_File_Protection.dat.html





ASK is for instance write/execute status (all the red deny's of post #4)

I found some things confusing, like denying an application to start, only to see the rule ignored since it was allowed in another app rule's "Child Applications" tab.

While it certainly seem better than SSM, SSM has a perfectly understandable application rule hierarchy. This one has rule priority not easily understood.
In SSM, deny to start, done. Deny explorer to start xyz, done (and it reflects on xyz's rule). That small detail is something they need to address i think.

If not for that, i see more to like than to dislike. Pretty awesome program! ;D

-{ Quote: "and what about installing new software ? or remove them? the right just for brows... we got sandboxie for surfing which is 10 time better than this MD mate :)" }-

Got me there I prefere the ease of use ranking order also

Policy Sandboxes (DW), Intelligent behavioral blockers, Hybrids with white - black listing (OA outcompetes them all with run safer option for unknown programs), Classical HIPS

For a classical HIPS lovers, Malware Defender is the dream application, I just tried to use its granular control to make it a quiet HIPS.

Cheers Kees

-{ Quote: "I found some things confusing, like denying an application to start, only to see the rule ignored since it was allowed in another app rule's "Child Applications" tab.

While it certainly seem better than SSM, SSM has a perfectly understandable application rule hierarchy. This one has rule priority not easily understood.
In SSM, deny to start, done. Deny explorer to start xyz, done (and it reflects on xyz's rule). That small detail is something they need to address i think.

If not for that, i see more to like than to dislike. Pretty awesome program! ;D" }-

As mentioned in my first post, the rule hierarchy needs some time to get used to (it is a matrix based rule set). But the control granularity is impressive

-{ Quote: "Got me there I prefere the ease of use ranking order also

Policy Sandboxes (DW), Intelligent behavioral blockers, Hybrids with white - black listing (OA outcompetes them all with run safer option for unknown programs), Classical HIPS

For a classical HIPS lovers, Malware Defender is the dream application, I just tried to use its granular control to make it a quiet HIPS.

Cheers Kees" }-i use it when looking for trouble;D 8) ;D in silent mode dennying any files to write in my c: drive;) visited alot of dark places with confidence,i even saw antivirus 2009 died in the spot:thumb: no fuz,then go normal surfing with defensewall :thumb:

Thanks for the information, Kees. Very useful; thanks. :thumb:

Thank you for the tips kees! lots of useful info for sure. I have become sold on MD so bought a license the other night, even though I don't really need another HIPS, but I like to support nice efforts like this one. xialoin mentioned he's working on network protection. That would be a cool addition to this :thumb:

-{ Quote: "Hey Kees, I do not know How you do it but Great work.:thumb:perhaps I will have to give it a go again the first time I tried it, it ran great but the popups drive me insane." }-

Leaving it in Learning mode for a while with the Containment Applications fully restricted you can't be faced with a lot of pop-ups anymore. By the way when you have OA PAID, you can select to NOT be prompted when an unknown program runs AND run it in a RUN SAFER box. This makes OA very quiet while remaining strong.

MD owner doesn resolved the 100% cpu usage after reboot .... after wait more than 10 minuts u reset my pc and uninstall it..

-{ Quote: "Leaving it in Learning mode for a while with the Containment Applications fully restricted you can't be faced with a lot of pop-ups anymore. By the way when you have OA PAID, you can select to NOT be prompted when an unknown program runs AND run it in a RUN SAFER box. This makes OA very quiet while remaining strong." }-
Thanks for the tips,thats why I think I choose online armour, its more easy for me to understand it and set it up.Though I like MD I had no clue other then defaults settings how to configure it with out answering yes,NO maybe, have No clue what to Do.:-\ Something I found rather strange with MD was and example, I have paragon drive back up it would ask for permission with different parts of the same program anothers words, I make a backup image allow or deny make a boot disk allow or deny.Really cool if you wanted to lock a user from certain aspects of the program but being the only user I had to answer several or more times for the same program which lead me to this:wacko:

-{ Quote: "Thanks for the tips,thats why I think I choose online armour, its more easy for me to understand it and set it up.Though I like MD I had no clue other then defaults settings how to configure it with out answering yes,NO maybe, have No clue what to Do.:-\ Something I found rather strange with MD was and example, I have paragon drive back up it would ask for permission with different parts of the same program anothers words, I make a backup image allow or deny make a boot disk allow or deny.Really cool if you wanted to lock a user from certain aspects of the program but being the only user I had to answer several or more times for the same program which lead me to this:wacko:" }-i found comodo with d+ very easy to configure and strong:thumb: love it

agree Jmonge, but out of respect for kees,I will stay on kees topic of malware defender set up and not get into the comodo thing but thank you.:thumb:

Thank you Kees-sensei. It's a beautiful, scholarly job as always.

I adopted all the suggested settings in your posts #1 & 2, as well as some of those in your subsequent posts.

All my "internet facing apps" automatically run in Sandboxie. Thus, I don't need "containment." Further, I have been using MD for 2 months (since early Oct 2008) & have never been bothered by excessive pop-ups. I fully trained MD (in learning mode) for a few days, then put it into normal mode. Since that time, pop-ups are very rare, and MD's alerts are always limited to reporting those activities which are significant &/or unexpected. So I have not found MD to be a hassle but, instead, a valuable watchdog & security advisor.

However, I must note that I disable MD while installing. Of course I only install after taking several precautions including (for example): (1) installing in shadow mode, (2) pre-installation imaging, & -- MOST IMPORTANT -- (3) throwing salt over my left shoulder 3 times while facing east & wiggling my ears.

-{ Quote: "(3) throwing salt over my left shoulder 3 times while facing east & wiggling my ears." }-

Yes, the latter is the most important IMO. :D

Maybe Xiaolin can provide such a containment group by default. Scary thing about HIPS in learning mode is that you allow everything. With the general rule preventing against the worst things and the containment application group, new MD user can be sure of a 'safe' learning time.

I have now set the file groups to default deny
- system files
- system configuration files
- system executable files

Also for the registry groups (default) deny)
- Auto start locations
- System settings
- Start Extra
- Network settings

Cheers Kees

-{ Quote: "Thanks for the tips,thats why I think I choose online armour, its more easy for me to understand it and set it up.Though I like MD I had no clue other then defaults settings how to configure it with out answering yes,NO maybe, have No clue what to Do.:-\ Something I found rather strange with MD was and example, I have paragon drive back up it would ask for permission with different parts of the same program anothers words, I make a backup image allow or deny make a boot disk allow or deny.Really cool if you wanted to lock a user from certain aspects of the program but being the only user I had to answer several or more times for the same program which lead me to this:wacko:" }-

With OA Paid you are fine, use the "do not warn" in combination with "run safer". Also because Tony Klein helped Mike out with start up entries protection (Tony was once a power user providing configs for RegDefend).

About Paragon pop-ups: Yes, most classical HIPS (like D+) have hierarchical rule setups seperating file, registry and application protecction. MD truly has a matrix based rule granularity.

Regards K

-{ Quote: "With OA Paid you are fine, use the "do not warn" in combination with "run safer". Also because Tony Klein helped Mike out with start up entries protection (Tony was once a power user providing configs for RegDefend).

About Paragon pop-ups: Yes, most classical HIPS (like D+) have hierarchical rule setups seperating file, registry and application protecction. MD truly has a matrix based rule granularity.

Regards K" }-
matrix base like netchina

-{ Quote: "Maybe Xiaolin can provide such a containment group by default.
Cheers Kees" }-

I will.

And thanks for the tips.:)

-{ Quote: "
Another thing was the description of the silent mode: it says that actions not permitted are denied without asking the user. I assumed this includes denial of ASK rules (the system silently denies rules which have an ASK option). Xiaolin please elaborate.
" }-
Yes, the system silently denies rules which have an ASK option.

-{ Quote: "Yes, the system silently denies rules which have an ASK option." }-

Thx I found out when testing, may be you can sharpen the help text. Reason fo asking so is that PERMIT is also an option.

"When using silent mode, Malware Defender will not ask user, all the actions that are not permitted will be denied"

into

"When using silent mode, Malware Defender will not ask user, it will silently deny rules which have an ASK option"


I also found out that when you asign a password and unlock the user interface, it will be locked again after next re-boot. This is not wrong, only to get it back into booting in another mode again I had to erase the password. This was not clear to me immediately.

Great program, I hope/wish you will financially manage with a life time lisence proposition in the HIPS market.

Cheers Kees

-{ Quote: "I will.

And thanks for the tips.:)" }-

Great!

Containment of threat gates and outbound protection are the way to go for Classical HIPS to allow them to cross over into larger market segments of the security industry. It will also make you product suitable for a larger public.

Cheers Kees

-{ Quote: "matrix base like netchina" }-

Yep, Netchina claimed the term, but Malware Defender has a more sophisticated matrix on File - Registry - Application level. Netchina has an advantage on an other area, because it is a hybrid FW + HIPS (a good + fast FW also), my guess is that Xiaolin is working on that (FW) also!

-{ Quote: "With OA Paid you are fine, use the "do not warn" in combination with "run safer". Also because Tony Klein helped Mike out with start up entries protection (Tony was once a power user providing configs for RegDefend).

About Paragon pop-ups: Yes, most classical HIPS (like D+) have hierarchical rule setups seperating file, registry and application protecction. MD truly has a matrix based rule granularity.

Regards K" }-
Ok,I see know what your saying thanks

-{ Quote: "Yep, Netchina claimed the term, but Malware Defender has a more sophisticated matrix on File - Registry - Application level. Netchina has an advantage on an other area, because it is a hybrid FW + HIPS (a good + fast FW also), my guess is that Xiaolin is working on that (FW) also!" }-
cool 8) i cant wait;D

Kees1958,

Please excuse my newbie questions, (and unfamiliarity with MD), but just as a clarification for me, I have a few questions about the MD setup example you provided:

RE: Setup Tips example:

1. Into which folder(s) did you add "Extra file protection" entries to under "Global File Rules" or did you create a folder for it and perhaps placed it as the last folder under the Global File Rules ?

2. Same question, as above, for "Extra registry protection". Which folder(s) did you add these entries into ?

3. Also, where you indicated "c:\programs \*;*.bat", I was wondering shouldn't this be "c:\Program Files\*;*.bat", ... etc. ?

4. In Malware Defenders, File rules box, you show file access Read, Write; but where is access "Delete". Does MD have a Delete protection or is Delete action included in the "Write" action ?


..... RE: MD in General:

5. BTW, ... Does MD have an option for monitoring dll loading ? If not, is it not needed because:
a) File Rules for system folders or application folders would alert on an attempt to modify or replace an existing dll ?
b) Or does MD checksum existing exe's and dll's and alert if their checksums changed, due to being replaced with a modified version of the same file ?

6. Does the General permission of "Access data of other processes" cover attempts of process modification by means of code injection ?


Thanks in advance, for my newbie basic questions !

Let me answer some questions. :)

-{ Quote: "Kees1958,
4. In Malware Defenders, File rules box, you show file access Read, Write; but where is access "Delete". Does MD have a Delete protection or is Delete action included in the "Write" action ?
" }-
Create and delete actions are included in the Write actions.

I will seperate the create/delete from write action in future version.

-{ Quote: "Kees1958,
5. BTW, ... Does MD have an option for monitoring dll loading ? If not, is it not needed because:
a) File Rules for system folders or application folders would alert on an attempt to modify or replace an existing dll ?
b) Or does MD checksum existing exe's and dll's and alert if their checksums changed, due to being replaced with a modified version of the same file ?
" }-
MD cannot monitor dll loading, and no checksum verifying feature.

I will consider adding such features. The exe and dll files can be protected by the file rules now.

-{ Quote: "Kees1958,
6. Does the General permission of "Access data of other processes" cover attempts of process modification by means of code injection ?
" }-

Access data of other processes - write memory of other processes, change memory attributes of other processes, or duplicate handle from/to other processes.

Control other processes and threads - create remote threads, terminate/suspend/modify threads, terminate/suspend processes, or debug processes.

You can find these information in the help file.

Thx.

-{ Quote: "The exe and dll files can be protected by the file rules now." }-
I'm satisfied with this approach. It fits my risk profile. It's proactive...existing legitimate dll/exe/other system files are protected while new dll/exe/other system files are prohibited from being written to disk without permission. Depending on file hash monitoring is reactive because the damage (file creation) has been done.

Nick

-{ Quote: "I will consider adding such features. The exe and dll files can be protected by the file rules now." }-In fact, MD can be configured to protect any and all file extensions that I want to protect (not just dll & exe). Also, MD can be configured to protect any & all files &/or file folders that I choose to protect. Shazam!

-{ Quote: "Kees1958,

I have a few questions about the MD setup example you provided:

RE: Setup Tips example:

1. Into which folder(s) did you add "Extra file protection" entries to under "Global File Rules" or did you create a folder for it and perhaps placed it as the last folder under the Global File Rules ?


2. Same question, as above, for "Extra registry protection". Which folder(s) did you add these entries into ?

" }-

I have added pictures in post 1 and 2, Yes I created new groups.


-{ Quote: "
3. Also, where you indicated "c:\programs \*;*.bat", I was wondering shouldn't this be "c:\Program Files\*;*.bat", ... etc. ?
" }-

You are absolutely right :-[ :-[ :-[

Cheers Kees

Xiaolin,

I have a few feature requests

1. Add the containment application group (you already promised)
2. Have a look at my extra registry protection group and decide what to
move to System settings or Auto start registry group or skip it

3. Provide the contained application group with the following features
a) Run applications in Group with limited rights
b) Roll back (Undo) any autostart changes after programs closes
c) Roll back (Undo) any registry changes after program closes


I am starting to like MD more and more :thumb: The temporary rules created for executions in TEMP directory is a geat solution for not polluting your rules set. :thumb:

Thanks for the suggestions.

-{ Quote: "Xiaolin,
2. Have a look at my extra registry protection group and decide what to move to System settings or Auto start registry group or skip it
" }-

I will.

-{ Quote: "Xiaolin,
3. Provide the contained application group with the following features
a) Run applications in Group with limited rights
b) Roll back (Undo) any autostart changes after programs closes
c) Roll back (Undo) any registry changes after program closes
" }-
This is something like sandbox. I will do some research after the network protection feature is finished.

Hey guys, I am giving malware defender a try, and have run into some problems. During normal mode, I ran proxomitron, whreupon MD asked for permission - I made a pemanent rule to allow proxomitron.exe, but it never came up. Then I looked in process explorer and saw that proxomitron was running, but had no window nor did it show up in the system tray, definitely something is wrong there. Also, when I used process explorer to kill a task, MD asked for permission, but once I gave process explorer permission to kill a task, my system locked up and I had to do a hard reboot- again, something wrong there.

Anyone have any ideas as to what may be wrong? All software doesn't work on all systems, and this may just be a case of incompatibility.

thanks in advance:thumb:

Ok last Night I deceided to give malware Defender a run again at its defaults settings.What I did this time left in the learning Mode and openned or ran my most frequently used apps I have,then i switched back to normal Mode and No popups like my first run with MD.I guess I must have switched to normal mode to soon the first time around and did not give enough time for MD to learn my system and is why the pop ups where over whelming.That said its quiet know I like it. :thumb: I assume the defaults settings are good enough or is there anything that should be changed.

-{ Quote: "
Anyone have any ideas as to what may be wrong? All software doesn't work on all systems, and this may just be a case of incompatibility. " }-

It could be incompatibility or...

-{ Quote: "What I did this time left in the learning Mode and openned or ran my most frequently used apps I have,then i switched back to normal Mode and No popups like my first run with MD." }-

...you may need to run in Learning mode for a while. From my so far brief expereience with MD, I have found more than with any other HIPS I've used, this step is so important with MD in avoiding problems similar to what you've described. Hopefully this can work for you.

wat, i understand what you're saying, but even after using learning mode, sometimes things are gonna come up that weren't dealt with in learning mode, they're gonna occur during normal mode - what it looks like to me is that malware defender doesn't do well with applications that it doesn't already have rules for??? i mean if i go and run an application that i didn't run during learning mode, malware defender is gonna cause a system lockup??? ?

-{ Quote: "wat, i understand what you're saying, but even after using learning mode, sometimes things are gonna come up that weren't dealt with in learning mode, they're gonna occur during normal mode - what it looks like to me is that malware defender doesn't do well with applications that it doesn't already have rules for??? i mean if i go and run an application that i didn't run during learning mode, malware defender is gonna cause a system lockup??? ?" }-

Fair enough; I have found MD to be tough on some actions it has no rules for yet. One other fix you could attempt is to check MD's logs at the bottom after this happens, look for "Denied" entries, then right-click it and choose: "Create a permit rule" for this action, (or something to that effect as I'm not at a pc with MD on it atm).

-{ Quote: "I assume the defaults settings are good enough or is there anything that should be changed." }-The defaults are quite good. However, a truly paranoid fellow might want to add the additional items listed in Kees' post #2 for "Extra file protection" & "Extra registry protection (; plus name means registry value)".

-{ Quote: " i mean if i go and run an application that i didn't run during learning mode, malware defender is gonna cause a system lockup?" }-A- I have lots of security programs & other "heavy applications" on my computer, and MD now gets along just fine with all of them. However, MD can cause some application installer programs to be confused or even break.

B- When installing a new application with MD running, MD will throw LOTS of alerts at you -- especially if you have Global File Rules enabled. Sometimes the new app's install routine will patiently wait while you read MD's alert, and (once you "permit" that alert) the app will resume its install routine, no harm done.

C- However, some install routines are NOT so patient when they are repeatedly stopped & started & stopped & started -- again & again & again. Thus, it has been my experience that many install routines become confused or break when interrupted by a series of MD alerts.

D- This same install problem has occured, not only with MD, but with EVERY classic HIPS I have ever used (SSM, D+, OnlineArmor, ProSecurity, etc.). That is why OnlineArmor added an "install" setting. ProSecurity included an install mode from the get-go. SSM advised users to put SSM back into "learning" mode before any installation. And so forth.

E- The lack of an install mode in MD isn't exactly a flaw. Why? Because the install mode (in ALL HIPS that have one) basically suspends the HIPS from popping any alerts, & thus leaves your computer pretty much unprotected during installation of a new app. In effect, the install mode seems to be a convenience, but in reality it gives a phony sense of security.

==> For a thorough discussion of the utility/futility of "install mode" see THAT thread (http://www.wilderssecurity.com/showthread.php?t=221621).

F- To avoid problems during install, I simply disable MD (the same solution I used with other HIPS I have run). This leaves me unprotected by MD during installs. However, I do a lot of checks of a new app BEFORE installing it. My pre-install checks include on-demand scans of the setup file with Twister, Avira, MBAM, etc. Also, I always make a system disk image before installing.

G-Other options...

1- Put MD into learning mode during installs. This avoids possible problems that can be caused by MD's frequent interruptions to an install routine. However, it has the disadvantage of leaving the system unprotected by MD during installs.

2- (a) Leave MD active during installs and answer the pop-ups as they appear. (b) Then disable MD and uninstall the app. (c) Then re-enable MD & install the app again. --- Thus, MD should sit quietly during the re-install but it will be protecting you at all times. This is a very safe way, but some might regard it as a bit of a PITA.

-{ Quote: "It could be incompatibility or...



...you may need to run in Learning mode for a while. From my so far brief expereience with MD, I have found more than with any other HIPS I've used, this step is so important with MD in avoiding problems similar to what you've described. Hopefully this can work for you." }-
thanks for your reply,perhaps I should and let it learn the entire apps my habbits and the like,So when I do switch to Normal mode it will only pop when there is concern.:thumb:

Thanks Mr.Bell.I am not paranoid in the least but when I feel adventures,I fire up shadow Defender the un disputed un defeated champ on my machine so far.beside I can restore a clean image if needed.I will leave Defaults of MD for know make sure all runs well,perhaps tweak at a latter.

*bellgamin's

what about the 100% cpu usage issue ? , after install MD and making first pc restart?

it is the only HIPS making this problem .(ssm work perfect after restarts)
any way to bypass this problem ?
cant use MD coz of that... its freezes more than 10 minutes (and than i resest pc )

10x

-{ Quote: "*bellgamin's

what about the 100% cpu usage issue ? , after install MD and making first pc restart?

it is the only HIPS making this problem .(ssm work perfect after restarts)
any way to bypass this problem ?
cant use MD coz of that... its freezes more than 10 minutes (and than i resest pc )

10x" }-MD hooks the kernel -- it doesn't poll AFAIK. Therefore, it has no need nor tendency to use any significant levels of cpu. The screenies below show cpu usage on my computer by MD's 2 visible processes. In over 8 hours of computer running time, MD has used only 7+ seconds of cpu time.

204705
204706
204707

You need to contact Xiaolin (email to support at torchsoft dot com). You have a unique problem. IMO, it is not MD alone, but some combination of software on your computer that is causing this situation.

-{ Quote: "
what about the 100% cpu usage issue ? , after install MD and making first pc restart?
" }-

Did you test the latest version of MD? thx.

Its running beautifull here and I love silent mode Excutable lock down.:thumb:

known issue:

I found in some rare cases, due to software incompatibility, the alert window cannot get input focus, or the alert window cannot be displayed on top of other windows. Then system lockup may happen.

To resolve the problem, please try using hot-keys of MD to permit/deny the action or disable protection.

-{ Quote: "known issue:

I found in some rare cases, due to software incompatibility, the alert window cannot get input focus, or the alert window cannot be displayed on top of other windows. Then system lockup may happen.

To resolve the problem, please try using hot-keys of MD to permit/deny the action or disable protection. " }-

Thanks for that tip xiaolin. Exactly what i been experiencing here but i suspected some of my other security apps conflicting, we'll all get this thing straight no doubt. Whatta very interesting and efficient HIPS, great app :thumb:

xiaolin, Kees1958

Thanks for the answers!


... xiaolin,
From what I learned on this forum about the features of malware defender and the screen tutorial/images of md presented by Kees1958, I must say that I am very impressed about the protection power of md and ease of rule setup shown in the tutorial of Kees1958.
... Tight on time now, but after the holidays, md will be the first new security pgm on my list to try !
Keep up the excellent work !!!:thumb:

-{ Quote: "Did you test the latest version of MD? thx." }-
hi xiaolin , 10 for reply
yes the 1.22 .

this problem been mention around in this forum and also on other none English boards.

i remember it also been in early version of MD :(

bellgamin's
10x for reply mate

it append mate :(, after install MD and make restart.
i think someone said it about so checksum on files , to see they didnt changed

100x

-{ Quote: "

G-Other options...

1- Put MD into learning mode during installs. This avoids possible problems that can be caused by MD's frequent interruptions to an install routine. However, it has the disadvantage of leaving the system unprotected by MD during installs.

2- (a) Leave MD active during installs and answer the pop-ups as they appear. (b) Then disable MD and uninstall the app. (c) Then re-enable MD & install the app again. --- Thus, MD should sit quietly during the re-install but it will be protecting you at all times. This is a very safe way, but some might regard it as a bit of a PITA." }-

These options (1 & 2) write a lot of rules for nothing. Installation of a program success once, it's a single success. Good to see the behavior of installer if you are unsure, but bad for a day after day HIPS work. You can erase the new rules created after installation, or deactivate HIPS before installation.
"Learning" mode is good for to run a trusted prog, but not for installations!
Many time "allowing" this manner soft installations can increase a lot your HIPS database, and for me, this is bad thing.;)

-{ Quote: "These options (1 & 2) write a lot of rules for nothing. Installation of a program success once, it's a single success. Good to see the behavior of installer if you are unsure, but bad for a day after day HIPS work. You can erase the new rules created after installation, or deactivate HIPS before installation.
"Learning" mode is good for to run a trusted prog, but not for installations!
Many time "allowing" this manner soft installations can increase a lot your HIPS database, and for me, this is bad thing" }-It would help if you read my comments more carefully, in context. I was not suggesting an ideal method for processing installs. Rather, I was replying to a post whereby chrome_sturman wanted MD to CEASE interfering with installs.

I told him the easy way -- simply disable MD during the install. However, that method prevents MD's protective functions. Then I told him 2 ways for (A) stopping MD's interfering with installs, while -- AT THE SAME TIME -- (B) maintaining MD's protective monitorship functions in an active status.

As to unnecessary rules created during install (or any other time) simply open "Rule" drop-down menu, then click "Remove Stale Rules".

If you know a better way to sustain MD's protection WITHOUT allowing MD to interfere with installs, then by all means tell us that BETTER WAY. Otherwise...:gack:

-{ Quote: "These options (1 & 2) write a lot of rules for nothing. Installation of a program success once, it's a single success. Good to see the behavior of installer if you are unsure, but bad for a day after day HIPS work. You can erase the new rules created after installation, or deactivate HIPS before installation.
"Learning" mode is good for to run a trusted prog, but not for installations!
Many time "allowing" this manner soft installations can increase a lot your HIPS database, and for me, this is bad thing.;)" }-

zen_usario

Any relation to THIS (http://ssupdater.com/modules/Forums/index.php?s=&showtopic=3859&view=findpost&p=23518)?

ssupdater.com VIP member?

We, all, know what this ssupdater.com stands for...

Sorry, for being off topic,
but before we see What someone writes
it helps to know Where he comes from...

Dear Bellgamin, don't bother...
I bet he doesn't understand even what you are talking about...

-{ Quote: "zen_usario

Any relation to THIS (http://ssupdater.com/modules/Forums/index.php?s=&showtopic=3859&view=findpost&p=23518)?

ssupdater.com VIP member?

You, all, know what this site stands for..." }-what is all this mean?

-{ Quote: "It would help if you read my comments more carefully, in context. I was not suggesting an ideal method for processing installs. Rather, I was replying to a post whereby chrome_sturman wanted MD to CEASE interfering with installs.

I told him the easy way -- simply disable MD during the install. However, that method prevents MD's protective functions. Then I told him 2 ways for (A) stopping MD's interfering with installs, while -- AT THE SAME TIME -- (B) maintaining MD's protective monitorship functions in an active status.

As to unnecessary rules created during install (or any other time) simply open "Rule" drop-down menu, then click "Remove Stale Rules".

If you know a better way to sustain MD's protection WITHOUT allowing MD to interfere with installs, then by all means tell us that BETTER WAY. Otherwise...:gack:" }-
?? BETTER WAY? I've quoted only "1 & 2" from "G- Other options" explaining my own thought about both. For the rest, I'm totally agree, what's matter?

I've installed a lot of progs using SSM, EQsecure, CIS, and the most of times the only thing was uncheck or not check "remember" from the alert windows, only very few times I've disabled or selected "installation mode" for this, but installing p.g. "Nero", "Microsoft Office", big soft's... can be a real pain without "disabling temporally" your HIPS,... also your AV (if real-time).

By the other hand, I've experimented also occassionally "aborted or failed" installations because HIPS action / installer runtime, waiting for the user interaction.

Well, you see I'm agree with you, only my poor two cents of my good or bad experience I've writed. Excuse me for my bad english, sorry if I'm mistaked:what:

Yes, I'm a SSUpdater user, and a COMODO's reader times ago, and this forum and anothers also.
For me itsn't a problem to participate, actively or reading, with forums. This provide and share information.
I'm not a professional, I'm a curious home user.
My english is very bad, excuses.
You can see how "bad" are my posts, or what, simply reading. Nothing is "hidden" on my own behavior.
I'm a fan of Alcyon's rules set for EQsecure,........:thumb:

Nothing more, simply???

-{ Quote: "Yes, I'm a SSUpdater user, and a COMODO's reader times ago, and this forum and anothers also.
For me itsn't a problem to participate, actively or reading, with forums. This provide and share information.
I'm not a professional, I'm a curious home user.
My english is very bad, excuses.
You can see how "bad" are my posts, or what, simply reading. Nothing is "hidden" on my own behavior.
I'm a fan of Alcyon's rules set for EQsecure,........:thumb:

Nothing more, simply???" }-hey welcome to wilders forum:thumb:

-{ Quote: "Yes, I'm a SSUpdater user" }- Repent! Turn unto the light & be saved from the darkness! ;)

-{ Quote: "I'm not a professional, I'm a curious home user." }-Me, too. Welcome to Wilders.

-{ Quote: "My english is very bad, excuses." }-Your English is much better than my ability to write in YOUR language (whatever it may be).

-{ Quote: "I'm a fan of Alcyon's rules set for EQsecure" }-Hopefully Alcyon will soon develop a rule set for Malware Defender.

Switch to MD -- you won't be sorry if you do. Peace & good luck to you!:thumb:

-{ Quote: "
Me, too. Welcome to Wilders.

Hopefully Alcyon will soon develop a rule set for Malware Defender.

Switch to MD -- you won't be sorry if you do. Peace & good luck to you!:thumb:" }-
Thanks:)
I've readed about it here from Alcyon:thumb:

Few days ago, I've shortly tested MD (trial) with a VM for a "battery" of anti-leak tests, and my first impression was this, impressioned by MD.
MD scored very high, and I'm taking in consideration that MD itsn't one of these softwares frequently included in a "anti-leak test comparative (competition)":)

Nowadays for me, the only reasson for no switch to MD is the pay theme, I'm currently only using freeware's.

@Jmonge

Thanks:)

Hi bellgamin,

-{ Quote: "F- To avoid problems during install, I simply disable MD (the same solution I used with other HIPS I have run). This leaves me unprotected by MD during installs. However, I do a lot of checks of a new app BEFORE installing it. My pre-install checks include on-demand scans of the setup file with Twister, Avira, MBAM, etc. Also, I always make a system disk image before installing." }-

1. Out of curiosity, which procedure do you follow when your applying your manual (I assume your not using auto) or automatic windows updates from the msupdates site ?

... Are you "Disabling" MD, putting MD into "learning mode" or leaving MD in "normal mode" to ensure there is no potential problem now or in the future (in case MS changes the way windows updates performs the install/updating process), when applying MS Windows Updates.


2. Since, I won't have time to try MD until after the holidays, .... If you don't mind answering two basic questions ........

A) ... I am curious, viewing the example provided by Kees1958, as to what is the difference between using the 'ignore' vs 'permit' actions for the "read and write" access options of the File Rules ??? ... and also on the access/permission rules on the general tab of Application Rules" ?


B) ... Also, will MD allow a File Rule to be setup to protect access at the drive letter level, for the purpose to protect an entire external backup drive from being accessed by any process other than the backup pgm and windows system (explorer, utilities, etc) (for example, F:\* write (ask) )

..... If yes, would there be any issues if the backup drive is a USB drive that is turned off, when not being used and as a result be an unavailable/offline drive for MD to monitor for file access protection ?

-{ Quote: "1. Out of curiosity, which procedure do you follow when your applying your manual (I assume your not using auto) or automatic windows updates from the msupdates site ?" }-I always make an image of my system disk before installing Windows patches. I do not download them from Microsoft. Instead, I get them from SoftwarePatch (http://www.softwarepatch.com/). I install them manually, with MD disabled.

As to your question 2a about Permit VS Ignore, I THINK "permit" means to allow the given process to perform the action which is specified by the rule whereas "ignore" means that the rule has no applicability whatsoever to the given process. Here are some quotes from MD's help file...

-{ Quote: "Child application rules are used when creating new processes. If there is no matched child application rule or the permission of matched child application rule is "Ignore", the "Create new processes" permission will be used.

Target application rules are used when accessing memory of other processes, controlling other processes and threads, or sending and receiving messages. If there is no matched target application rule or the permission of matched target application rule is "Ignore", the "Access memory of other processes", "Control other processes and threads", or "Send and receive messages" permission will be used.

Driver rules are used when loading kernel drivers. If there is no matched driver rule or the permission of matched driver rule is "Ignore", the "Loading kernel drivers" permission will be used.

Hook module rules are used when installing message/event hooks. If there is no matched hook module rule or the permission of matched hook module rule is "Ignore", the "Install message/event hooks" permission will be used.

File rules are used when accessing files and folders. If there is no matched file rule, the permission will be set to "Ignore".

Registry rules are used when accessing registry. If there is no matched registry rule, the permission will be set to "Ignore"." }-As to your question 2b -- if Xiaolin doesn't answer your question, I might conduct an experiment to get an answer for you -- but after Christmas, I think.

To get a faster & more authoritative answer, email to <support at torchsoft dot com> -- Xiaolin usually answers quickly & is very helpful & friendly.

-{ Quote: "
A) ... I am curious, viewing the example provided by Kees1958, as to what is the difference between using the 'ignore' vs 'permit' actions for the "read and write" access options of the File Rules ??? ... and also on the access/permission rules on the general tab of Application Rules" ?
" }-
IGNORE means to continue searching for lower priority rules.

-{ Quote: "
B) ... Also, will MD allow a File Rule to be setup to protect access at the drive letter level, for the purpose to protect an entire external backup drive from being accessed by any process other than the backup pgm and windows system (explorer, utilities, etc) (for example, F:\* write (ask) )
" }-
You can add a global file rule (F:\* write (deny) ), then add PERMIT rule (F:\* write (permit)) to the private file rule list of pgm/explorer.

-{ Quote: "
..... If yes, would there be any issues if the backup drive is a USB drive that is turned off, when not being used and as a result be an unavailable/offline drive for MD to monitor for file access protection ?" }-
It should be no problem.

-{ Quote: "what is all this mean?" }-

Read this Thead (http://www.wilderssecurity.com/showthread.php?t=223873&highlight=ssupdater) to remember a few things about ssupdater.com...

This site/forum:

1) Includes links for Security Software Cracking (Keygens, Patches etc.)

2) Presents AntiMalware Tests of Ambigous quality
(i.e. no testing methodology, poor quality/old VX samples etc.)

How, someone can be a member of a Legitimate Forum like Wilders,
and at the same time, be a VIP member of site that includes Cracking links
is a bit strange; not to say schizophrenic...

It is like being out of the Law/against the Law
and at the same time, being with the Law...(<= Paradox).

Even if you don't use any Cracks, zen_usario,
it is not an excuse for being a VIP member of such a site.

I hope that you will not try to convince us about
the validity of their "Tests" in the future...

<Sorry for being out of topic, but some Clarifications needed>

-{ Quote: "Read this Thead (http://www.wilderssecurity.com/showthread.php?t=223873&highlight=ssupdater) to remember a few things about ssupdater.com...

This site/forum:

1) Includes links for Security Software Cracking (Keygens, Patches etc.)

2) Presents AntiMalware Tests of Ambigous quality
(i.e. no testing methodology, poor quality/old VX samples etc.)

How, someone can be a member of a Legitimate Forum like Wilders,
and at the same time, be a VIP member of site that includes Cracking links
is a bit strange; not to say schizophrenic...

It is like being out of the Law/against the Law
and at the same time, being with the Law...(<= Paradox).

Even if you don't use any Cracks, zen_usario,
it is not an excuse for being a VIP member of such a site.

I hope that you will not try to convince us about
the validity of their "Tests" in the future...

<Sorry for being out of topic, but some Clarifications needed>" }-dont worry no buddy will judge you if you come here for help or to improve your security arsenal,all of us come from some where there no angels here;D any way the purpose of this forum is to get help or fight againts malware:thumb:
so again welcome to wilders forum

Kees, thanks for the tips. :)

-{ Quote: "
Hopefully Alcyon will soon develop a rule set for Malware Defender." }-I'm not a partisan of spoonfeeding. Why don't you try to lean how to use MD and make rules by yourself? The satisfaction will be FAR greater.

I don't remember MD alerting me on the "Denied" action in the screenshot. It was easy enough to right-click--> Create Permit Rule to resolve, but it does seem odd there was no alert on it. Maybe there is still a bit of conflict between JPFW 2 and MD?? This is just a heads up to maybe check the logs sometimes for these "Denied" actions. If they are legit processes as in this case then the right-click option to create a permit rule is handy. I'm sure I've seen this "non-alert" anomaly before; I just don't remember the processes involved.

-{ Quote: "I'm not a partisan of spoonfeeding. Why don't you try to lean how to use MD and make rules by yourself? The satisfaction will be FAR greater." }-Hmm... a rather condescending statement. I think you might have a problem there somewhere. Be that as it may, I was merely making reference to the committment that you yourself made HERE (http://www.wilderssecurity.com/showthread.php?p=1351853#post1351853), not long ago. I quote it as follows...

-{ Quote: "There's no need to team up, wat0114. I'll play with MD in my spare times and you'll probably see a ruleset next year." }-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Actually I have cobbled together a fairly decent ruleset by tweaking rules gleaned by MD's learning mode, PLUS a bit of input from my IT when he had a few minutes to spare from time to time, PLUS some excellent suggestions in Kees' set-up tips on MD (http://www.wilderssecurity.com/showthread.php?t=226940). However, I am fairly certain that my cobbled-together rules are not at the level I have heard that you can produce. Therefore, I do hope you find time to develop the ruleset as you said you would do.

Aloha & Best wishes for a happy holiday season,
Bellgamin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The mark of a *True Professional* is that he will graciously impart knowledge to others without going out of his way to belittle "amateurs."

Let's try not to take side-stepped OT comments too seriously like that. I think the best route for all of us MD users is to share all and any of our experiences/issues and we're surely to reach a mutual agreement that can be applied best to keep MD at the top of it's development and effectiveness.

So far it's working brilliantly from what i can read.

EASTER

@bellgamin, wtf are you talking about? If you want, i can always quote the definition of the word "probably" in case you don't know what it means!!! Don't act like a moron and don't play with my nerves.

-{ Quote: "@bellgamin, wtf are you talking about? If you want, i can always quote the definition of the word "probably" in case you don't know what it means!!! Don't act like a moron, please." }-Okay, I replied mildly before, and you have responded with crude & abusive language. I have no intention of sinking to your level. If you want to play with word definitions in order to renege on your promise, that's fine with me. Go in peace.

Further deponent sayeth naught.

@bellgamin, i never said "you'll see". I said "you'll PROBABLY see". Again, don't play with my nerves, espèce de connard!

-{ Quote: "@bellgamin, i never said "you'll see". I said "you'll PROBABLY see". Again, don't play with my nerves, espèce de connard!" }-

Jugez un homme par ses réponses plutôt que par ses questions ;D

Hi
OK guys, will you try to cool the high flung rhetoric and play nice. I really do not want to see this thread "closed" because of "splitting hairs", so stop it please. ;)
I am interested in the suggestions put forth by Kees (and other users) as I am one of those "kicking the tires" of MD. ;)
Constructive discussion and feedback, will help the developer improve his product and users become more familiar with the application.
It would be appreciated if we could try to be civil towards each other. ;D
Thanks/Merci.
Cheers :)

-{ Quote: "Jugez un homme par ses réponses plutôt que par ses questions ;D" }-??? kees you are french ???

Zen said this...
-{ Quote: "I'm a fan of Alcyon's rules set for EQsecure" }-
I replied with this...
-{ Quote: "Hopefully Alcyon will soon develop a rule set for Malware Defender." }-My reply was not insulting. If anything, it inferred a compliment toward Alcyon's expertise. In return I was chided by Alcyon about needing to be spoonfed (post #77). Then he called me a moron (post #81) for reminding him about his statement that he would work on a ruleset.

I had intended to drop this with my last post, and I think Alcyon had similar intent. Then along comes someone to scold me for being the target of these slanderous comments...

-{ Quote: "OK guys, will you try to cool the high flung rhetoric and play nice. I really do not want to see this thread "closed"... " }-Read through this thread. I think I have contributed something. I have posted several times herein with (hopefully) constructive comments. Further, I was the one who asked Kees to do this tutorial in the first place. Then I alerted Xiaolin to Kees' abilities. Afterward, when this thread was started, I alerted Xiaolin so that he would participate.

I try to be nice & equable, but I will NOT suffer insults silently. Neither will I meekly accept shotgun scoldings for defending myself when I am the target of unnecessarily antagonistic comments.

Now, if nobody else decides to counsel me, this silliness will likely end here.

-{ Quote: "I think I have contributed something." }-
I invite you to read carefully the non-subtle "now edited" reply you throwed at me. Your insults contributed to something. Xiaolin will propably explain it to you. Btw, if you're unable to understand the difference between a promise and a probability, you have some serious problems.

@ Bellgamin & Alcyon: Please let's move forward peacefully. Both of you are long time contributors here in Wilders and have contributed a lot of good information. I hate to see you both going back and forth like this. :wacko:

Zuruk Zum Thema wenden Sie Sich bitte:thumb:

Meanwhile, back at the topic :D ----

I use MVPS HOSTS file (http://www.mvps.org/winhelp2002/hosts.htm). I also use Hosts Toggle (http://www.accs-net.com/hosts/HostsToggle/) to manage it.

What settings would do the following...

1- Deny Write permission to HOSTS (except per 2 below)?

2- Allow ONLY HostsToggle.exe to write to HOSTS?

damn, MD get in here 100% cpu when set it to normal mode>:( (xp sp3 uptodate)
i run on the same system (for test) SSM , RTD , COMODO ,MAMUTU all run clean and smooth for days , only this MD insist on 100% cpu ???

it is 100% a bug in MD , how can i make some log save that show what the hell is going in it?

cheers:blink:

-{ Quote: "??? kees you are french ???" }-

No Dutch but most of us, speak a little German and French to (by the way the intentional mis-quote of Voltaire :P was directed at Alcyon to take it easy)

-{ Quote: "No Dutch but most of us, speak a little German and French to (by the way it is an intentional mis-quote of Voltaire :P )" }-
ok i see8)