Can someone explain to me exactly what kind of restrictions DW places on untrusted programs? I know its supposed to be stronger than LUA. But exactly what kind of restrictions are these? Are there any kinds of malware which can run in spite of DW restrictions? I know the DW help file states that certain kinds of advanced keyloggers can run, but is there anything else?

-{ Quote: "Can someone explain to me exactly what kind of restrictions DW places on untrusted programs? I know its supposed to be stronger than LUA. But exactly what kind of restrictions are these? Are there any kinds of malware which can run in spite of DW restrictions? I know the DW help file states that certain kinds of advanced keyloggers can run, but is there anything else?" }-malware is basicly criple withing defensewall,they have no rigths to do any harm,they sitting there without any power

Can they execute? Can they write to C:programs or C:Windows?

-{ Quote: "Can they execute? Can they write to C:programs or C:Windows?" }-
can not modify nothing,your registry is safe too;) if run it as trusted good luck:)
it is criple:):))

So if I were to run SRP together with DW, the malware wouldnt even be able to run right?

with DefenseWall the malware is in a cage that has no permition to harm you pc,you are quite safe,dont actually need the SRP and also DW is stronger than lua;)the only thing you need to do is get a firewall to protect the outbound connection and learn how to use the rollback feature to remove all the debris or left malware malware leave

But surely SRP will add greater restrictions in addition to those imposed by DW?

-{ Quote: "But surely SRP will add greater restrictions in addition to those imposed by DW?" }-yes it will for sure;)

The best way to see what exactly defense wall protects is to install MD. then run the malware as trusted and from MD see what it does. Then run the malware as Untrusted and see what type of restrictions defense wall puts in place.

Fantastic Idea Arran! :thumb:

-{ Quote: "The best way to see what exactly defense wall protects is to install MD. then run the malware as trusted and from MD see what it does. Then run the malware as Untrusted and see what type of restrictions defense wall puts in place." }-

good idea but dont try it on your real system , better play around with malware on VM :D

also SRP provide a strong protection since it local policy , which are very restricted .

about DW , i think is up to ilya to give a total explantion what DW does to the malware it catches...sure it cripple it , make it in a some sort of cage ;D

-{ Quote: "good idea but dont try it on your real system , better play around with malware on VM :D
" }-

Obviously

-{ Quote: "

about DW , i think is up to ilya to give a total explantion what DW does to the malware it catches...sure it cripple it , make it in a some sort of cage ;D" }-

yea ilya can give an explanation if he wants to, but no reason why you can't use MD to find out as well.

-{ Quote: "Fantastic Idea Arran! :thumb:" }-

I agree. MD will afford one the ability to "see" key inter-process activity occurring in real time.

-{ Quote: "about DW , i think is up to ilya to give a total explantion what DW does to the malware it catches...sure it cripple it , make it in a some sort of cage " }-
DefenseWall implies so many restrictions I just can't explain each one. In common, they are far beyond SRP can offer.

-{ Quote: "The best way to see what exactly defense wall protects is to install MD. then run the malware as trusted and from MD see what it does. Then run the malware as Untrusted and see what type of restrictions defense wall puts in place." }-
No, it,s not reliable at all IMO. When you run a programme inside a Sandbox, a classical HIPS might not be able to monitor all of its actions correctly. It,s just my observation.

-{ Quote: "DefenseWall implies so many restrictions I just can't explain each one. In common, they are far beyond SRP can offer." }-

yes of course , DW got many features far beyond just SRP , provide a solid protection against malware :)

-{ Quote: "No, it,s not reliable at all IMO. When you run a programme inside a Sandbox, a classical HIPS might not be able to monitor all of its actions correctly. It,s just my observation." }-
Yes, of course, but only for untrusted processes.

-{ Quote: "No, it,s not reliable at all IMO. When you run a programme inside a Sandbox, a classical HIPS might not be able to monitor all of its actions correctly. It,s just my observation." }-

it is reliable.

Run the malware as trusted and then run it as untrusted. and with MD's logs compare the results.

when you run it as untrusted and MD isn't picking up anything then defense wall is fully containing it.

-{ Quote: "Yes, of course, but only for untrusted processes." }-
Yes, i mean to say that.

-{ Quote: "But surely SRP will add greater restrictions in addition to those imposed by DW?" }-

Only to your own usability of the PC. I would run any malware as untrusted with DW, have not seen it go down yet.

So the deny execute is in theory safer.

-{ Quote: "The best way to see what exactly defense wall protects is to install MD. then run the malware as trusted and from MD see what it does. Then run the malware as Untrusted and see what type of restrictions defense wall puts in place." }-
In a virtual machine environment or with a image backup at hand I hope ;) Because running malware trusted = DW is not protecting

It seems like I'll have to uninstal DW due to insurmountable problems I face. I just can't make it work properly. :'(

I must say that Ilya was really trying to help and kept answering to my questions with promptness, but I just can't come to a solution.

It must be something with my system because I can't even boot into Safe Mode. :-[

The problem with Safe Mode is on your side as DefenseWall do not load its driver this case. The issue may be caused by malware infection (past or present) or system's corruption.

Talking about DefenseWall restrictions, I am more than happy to announce that DW doesn't restrict me to use the right-click context menu any more! ;D

After uninstalling Daemon Tools (and goddamn sptd.sys) I reinstalled DefenseWall and everything seems to work just fine now. :)

Ilya, I really appreciate effort and time you invested in trying to find the solution to problems I had. Good work! :thumb: