Sorry to post this here, but I can't post at Gladiatior yet. Regarding the new beta: Ilya had suggested version 3 would allow whitelisted "safe" programs to install as trusted even when downloaded from an untrusted browser. I am trialling the beta, and downloaded MBAM as a test. It appeared to run trusted with no input from me. Can someone confirm this?

Again, sorry to post here. I am trying to decide between this and Geswall Pro. Frankly, I liked the useability of Geswall as compared to 2.56, but version 3 caused me to hold on the purchase. I still don't know enough about them to fairly judge version 3's enhancements against Geswall Pro. Thoughts or suggestions on that welcome as well.

Hello dueceswild,

I can confirm your findings. Before attempting to install MBAM, it is "untrusted" according to DW's "file properties" and appears in the "untrusted" list. Upon execution, MBAM installs as "trusted" without user input and disappears from the "untrusted" list. I have no idea if this is due to whitelisting or not. I also have no idea if this is normal or not. In any case, until Ilya chimes in, I have my doubts about this default action as it could introduce a security hole.


Peace & Gratitude,

CogitoErgoSum

Thank you for the reply. I have read quite a few posts about Defensewall at Gladiator; honestly it's all starting to run together. It seems I read somewhere Ilya said he was going to do this; I can't remember where. One thread is 60+ pages.

Then again, I haven't been able to find other implementations (such as password protection for behavior such as this, and a timer for suspending protection).

I have reverted to the 2.56 version since though. I thought version 3 was good; just no need for the firewall or the big red X in the system tray. I have OA; and I can't seem to get past the block about 2 firewalls. Sure they're safe as Ilya suggested, but I had enough trouble setting one up. Sure don't need two.

-{ Quote: "Then again, I haven't been able to find other implementations (such as password protection for behavior such as this, and a timer for suspending protection).

I have reverted to the 2.56 version since though. I thought version 3 was good; just no need for the firewall or the big red X in the system tray. I have OA; and I can't seem to get past the block about 2 firewalls. Sure they're safe as Ilya suggested, but I had enough trouble setting one up. Sure don't need two." }-Password protection can be set under the "Advanced" tab. It is global though. I don't believe you can set password protection for certain actions only. If you right click any of the tabs to disable protection for HIPS, Outbound, inbound protection time options from 10 to 60 minutes, upon reboot and permanent. I would recommend you stay with version 3 as it is more secure than 2.56. There is a registry tweak to convert ver. 3 to HIPS only. I recall Ilya posted it but I can't find it at the moment. Maybe someone else has the registry change.

I recall the registry tweak; the link to it is actually in a Wilders thread. Honestly, I didn't know how to implement it, and had/have a feeling we will be seeing version 3 with and without a firewall released soon.

You do bring up an interesting point. You say version 3 is more secure. Makes sense. Especially as I had mentioned earlier I was checking out GesWall Pro as well. Can GW be considered as safe as DW taking into account the number of updates DW receives as compared to GW?

-{ Quote: "I recall the registry tweak; the link to it is actually in a Wilders thread. Honestly, I didn't know how to implement it, and had/have a feeling we will be seeing version 3 with and without a firewall released soon.

You do bring up an interesting point. You say version 3 is more secure. Makes sense. Especially as I had mentioned earlier I was checking out GesWall Pro as well. Can GW be considered as safe as DW taking into account the number of updates DW receives as compared to GW?" }-Sorry never used GesWall so can't compare. I have been happy with DW and great support form Ilya.

Found the link. Actually from you. Sorry. As I said, everything runs together. And as for Ilya, he does seem to be very responsive and covers at least 2 forums.

Create "force_hips" REG_SZ value into the "HKEY_LOCAL_MACHINE\SOFTWARE\SoftSphere Technologies\DefenseWall" registry key.

As for the password protection, you are correct. My reference was to a post Ilya made about how to implement the running of a trusted installer (for example MBAM) downloaded from an untrusted browser without manipulating the file prior to execution. The substance of that discussion was that most participating suggested he configure the program to allow the user to double click the installer, then allow the program to run trusted by use of the password. He also mentioned building a whitelist of trusted installer programs that would run as if downloaded outside DW.

I'll put the footnote that as usual, I may be misinterpreting.

Yes, it's "whilelisting". DefenseWall checks executable file's vendors from their digital signature and, if it's listed as "known as good", runs it as trusted automatically.

Thank you for the reply Ilya. Is this a new feature in V3, or just an expanded "whitelist"?

And if you don't mind, could you highlight some of the improvements that V3 will have (other than the obvious availability of the firewall) over the previous version?

Thank you for your patience and responses. I am really new to products such as yours.

-{ Quote: "Thank you for the reply Ilya. Is this a new feature in V3, or just an expanded "whitelist"?

And if you don't mind, could you highlight some of the improvements that V3 will have (other than the obvious availability of the firewall) over the previous version?

Thank you for your patience and responses. I am really new to products such as yours." }-

firewall of defense wall is quite good. my 2 cents: dwv3 + prevx+ av is enough

-{ Quote: "firewall of defense wall is quite good. my 2 cents: dwv3 + prevx+ av is enough" }-
I am quite certain it is. I guess I don't understand the product enough to be comfortable with it. How does this FW work with regard to "traditional" firewalls. I mean does it cover all programs, untrusted, do I need to set ports, etc.

And Kees1958, if you don't mind, I see that you have used Geswall and Defensewall. Could you point out some fundamental differences?

Btw, I hope you are doing well in recovery.

Thx doctors will advise on op soon. hospital me moved to a room with a touch screen and on screen keyboard, because the brace made it difficult to look at screen and keyboard.

They are basically simular aps. DW has a very user friendly default mode. GW console has a little higher granularity for super users than DW resource protection. On the other hand DW resource protection seperates untrusted from untrusted, which GW does not offer. DW has tutal untrusted file controle which GW does not has. This means that a downloaded file moved to another drive becomes trusted with GW but stays untrusted by DW. GW has one release every year and lttle forum support. DW has an active release calender and an active support. Because GW Pro has an application wizard, the low support is really not a big issue to power users of GW pro. For reference a power user of DW is comparable with an average user of GW.

While resource protection is a very powerfull instrument, few DW users have their own rules. Ilya is very smart because he incorporates some of the personal rules of his power users into the default set (eg cognitoergosum, creer, ako). Since version 2.48 Ilya has implemented my additional resource protection rules in the default also.

Thanks again Kees1958. I think I have about decided to go with DW- maybe even the firewall version with ESET and Prevx.
I do have one last question; more for general knowledge. Ilya is always updating, very responsive and in-touch with his product and users. He releases updates frequently to stay on top of new threats; I take this to mean new threats emerge that can compromise certain portions of Defensewall.

How does GesWall stay as safe as DW when it only produces yearly updates? Or does it just operate differently where updates aren't required as much?

yes that is partly the reason
GW uses windows internals. That is why it used to be the fastest. The example of losing the untrusted marker is a limitation of NTFS file system when on another parttition.

They also tend to ignore some intrusions because the practical value is zero for malware writers. DW and SBIE want to be best in class. That is why they react so fast to new threats. To be honest, that is a little bit of marketing and good reputation / brand management of them.

-{ Quote: " How does this FW work with regard to "traditional" firewalls. I mean does it cover all programs, untrusted, do I need to set ports, etc." }-

I have just started to look (by request) at this firewall implementation. It is too early for me to give correct/full opinion.

There is very little to set and (as I see) only untrusted applications are allowed internet access (which makes sense).

Some will not like it as it does not "Stealth". But for me I prefer the reactions made, as I prefer to make a reset (against) to a scan, if all firewalls did that, then it would actually DOS those scanning, instead with all the vendors blocking such outbound resets, it allows those scanning to scan more easily.

- Stem

-{ Quote: "I have just started to look (by request) at this firewall implementation. It is too early for me to give correct/full opinion.

There is very little to set and (as I see) only untrusted applications are allowed internet access (which makes sense).

Some will not like it as it does not "Stealth". But for me I prefer the reactions made, as I prefer to make a reset (against) to a scan, if all firewalls did that, then it would actually DOS those scanning, instead with all the vendors blocking such outbound resets, it allows those scanning to scan more easily.

- Stem" }-

Thanks to the replies of Stem and Kees1958. As I said before, I am really new to this.
Stem, I REALLY like that you are reviewing the FW portion; I am certain you will be making very helpful posts about it in the near future. Until then though, would it be safe to say your initial impressions are favorable?

-{ Quote: " would it be safe to say your initial impressions are favorable?" }-

Yes.

- Stem

-{ Quote: "Thank you for the reply Ilya. Is this a new feature in V3, or just an expanded "whitelist"?" }-
Yes, it's new feature of V3.

-{ Quote: "
And if you don't mind, could you highlight some of the improvements that V3 will have (other than the obvious availability of the firewall) over the previous version?" }-
Improved protection, whitelisting, easy zone control for installation files, screen access and system restart granular control, bi-directional Internet connections control (PF edition). I could forget something with the list.

-{ Quote: "How does this FW work with regard to "traditional" firewalls. I mean does it cover all programs, untrusted, do I need to set ports, etc. " }-
DefenseWall V3 is the world-first sandbox personal firewall. It gives almost zero popups, no technical knowledge is needed, rules are very straightforward, there is no need to setup ports.

-{ Quote: "To be honest, that is a little bit of marketing and good reputation / brand management of them." }-
From my side, it's not about marketing, but about professional's proud.

Okay, just to update. Based on the responses of all who replied (most especially Kees1958, Stem, and Ilya) I purchased Defensewall. And I installed the beta for the firewall portion. Thank you ALL very much.

Although still a little uncomfortable, I uninstalled OA (maybe just temporarily, but I did it) but still have ESET. I must say, Defensewall version 3 is very very light. Right at 19k as I type this, less offline. Chrome browser. Also, browsing really fast. First time starting Chrome and FF was a little slow, but after that almost instantaneously opening.

NO configuration, everything seems to be working fine, internet access, printer access, etc.

I would like to comment on the new whitelisting. I am very impressed. I have updated CCleaner and MBAM after download. Didn't have to use Defensewall to change status- just downloaded and installed. Some may not like this, but I certainly do. Makes everything easier for my wife, which makes everything easier for me.:)

All that said, this is what makes me feel the best about this purchase:

-{ Quote: "From my side, it's not about marketing, but about professional's proud." }-

this is not an advertisement but i can tell you for my own experience that DefenseWall is one of the most powerfull sandbox with a firewall(very unique)very strong and trouble free;) you wont regret it to buy it i got 3 licences my self and i will for sure renew my licence again;)

-{ Quote: "firewall of defense wall is quite good. my 2 cents: dwv3 + prevx+ av is enough" }-

More than enough, here AV is already a bit overkill. ;D
I have DW, Prevx, Winpatrol Plus :)
Light and watertight! :thumb:

-{ Quote: "I must say, Defensewall version 3 is very very light. Right at 19k as I type this, less offline." }-Light on RAM -- no big deal. After all, RAM is so cheap.

The more important questions (IMO):
1-How is DW3 on cpu?
2-How is DW3 on I/O?

-{ Quote: "Light on RAM -- no big deal. After all, RAM is so cheap.

The more important questions (IMO):
1-How is DW3 on cpu?
2-How is DW3 on I/O?" }-

I'm not looking at my home computer now so I can't be exact, but I can tell you that the CPU usage was low; I specifically looked for spikes reported in the early beta. Didn't see any there.

-{ Quote: "firewall of defense wall is quite good. my 2 cents: dwv3 + prevx+ av is enough" }-

Kees - how about DW3 + Threatfire 4.7? I have TF configured with most of the rules that have appeared on this board, but the best ones are the executable rules that block just about about anything from running unless I give the ok. TF seems to run very lean on my system. Or do you think prevx free would be more solid? I haven't used it before so I don't know what resources it uses.

DW+PX = perfect combo.

-{ Quote: "Kees - how about DW3 + Threatfire 4.7? I have TF configured with most of the rules that have appeared on this board, but the best ones are the executable rules that block just about about anything from running unless I give the ok. TF seems to run very lean on my system. Or do you think prevx free would be more solid? I haven't used it before so I don't know what resources it uses." }-

When you like the anti executable (or at least warn at execution of user space/temp dirs) of TF, there is no need to add anything else, since you seem to be able to handle the extra pop-ups.

The combo DW + PrevX (set heuristics AFTER age/popularity and all sliders to medium) is a terrific combo, because the behavioral/community intelligence kicks in when the protection of DW stops (when you yourself trust an installation exec). This combo is superb for people who do not want to decide themselves (and like to try new software).

With the new DWv3, user friendly security with only avast file and behavioral shield (the freebie) is the most cost efficient, user friendly, high security combo around IMO for people only installing software every now and then.

regards

agree;) with all said here

How about Defensewall + Comodo Firewall ( include Defense +). I got some conflict when install them together ( Comodo Firewall always crash)

allow comodo for untrusted in the defensewall firewall section ;)

Comodo processes doesn't appear in Untrusted applications. You mean adding comodo processes into Untrusted applications list ? Sr for my english

what i mean is in the firewall tab allow comodo for untrusted;)

Oh.Thanks. I used DW 2.x and got that conflict. Now I downloaded and installed DW 3.0. No conflict anymore!

good to know it is ok now man:)

Thanks Kees -- since I usually don't install anything without vetting it pretty thoroughly, I usually just suspend TF for an install so I don't have to deal with all the popups, then turn it back on.

Folo up for you, you recommend DW3 with Avast for a lean, effective setup. Does that mean no TF or Prevx at all, but it would still provide good security? I guess since I don't really do any risky surfing (and I haven't been infected to any extent for a number of years), I'm looking for a light but solid setup.

-{ Quote: "When you like the anti executable (or at least warn at execution of user space/temp dirs) of TF, there is no need to add anything else, since you seem to be able to handle the extra pop-ups.

The combo DW + PrevX (set heuristics AFTER age/popularity and all sliders to medium) is a terrific combo, because the behavioral/community intelligence kicks in when the protection of DW stops (when you yourself trust an installation exec). This combo is superb for people who do not want to decide themselves (and like to try new software).

With the new DWv3, user friendly security with only avast file and behavioral shield (the freebie) is the most cost efficient, user friendly, high security combo around IMO for people only installing software every now and then.

regards" }-


Thanks Kees -- since I usually don't install anything without vetting it pretty thoroughly, I usually just suspend TF for an install so I don't have to deal with all the popups, then turn it back on.

Folo up for you, you recommend DW3 with Avast for a lean, effective setup. Does that mean no TF or Prevx at all, but it would still provide good security? I guess since I don't really do any risky surfing (and I haven't been infected to any extent for a number of years), I'm looking for a light but solid setup.

Sorry for posting twice - have been having a little trouble with my internet connection.

-{ Quote: "Thanks Kees -- since I usually don't install anything without vetting it pretty thoroughly, I usually just suspend TF for an install so I don't have to deal with all the popups, then turn it back on.

Folo up for you, you recommend DW3 with Avast for a lean, effective setup. Does that mean no TF or Prevx at all, but it would still provide good security? I guess since I don't really do any risky surfing (and I haven't been infected to any extent for a number of years), I'm looking for a light but solid setup.

Sorry for posting twice - have been having a little trouble with my internet connection." }-

Yep, DW3 + Avast Free (file and behavioral shield only) should be a more than solid solution for your PC habits, you can skip the rest (not TF no PrevX).

With Chrome/ChromePlus/Chromium/Iron DW3 uses even less CPU cycles due to the internal sandbox of Chrome (and chrome clones). Nice extentions are IEtab, New Tab Behaviour, SiteAdvisor for Chrome. With short cut Ctrl + Shift + Del you can delete all history at once with Chrome (and clones). For the Ad and Flash bashers there is Adsweep and Flashblock

-{ Quote: "Yep, DW3 + Avast Free (file and behavioral shield only) should be a more than solid solution for your PC habits, you can skip the rest (not TF no PrevX).

With Chrome/ChromePlus/Chromium/Iron DW3 uses even less CPU cycles due to the internal sandbox of Chrome (and chrome clones). Nice extentions are IEtab, New Tab Behaviour, SiteAdvisor for Chrome. With short cut Ctrl + Shift + Del you can delete all history at once with Chrome (and clones). For the Ad and Flash bashers there is Adsweep and Flashblock" }-

That sounds pretty lean. I've been using Avira 9 ever since it came out and it has worked very well for me. I take it you feel that Avast 5 is a better fit with DW3 than Avira would be or would it make much difference in terms of my usage?

Thanks for your feedback.

question:
how can I set defensewall to flag all my downloaded files being save on "download areas" as untrusted?

-{ Quote: "question:
how can I set defensewall to flag all my downloaded files being save on "download areas" as untrusted?" }-
Yes, you may set that folders as "untrusted" manually.

thanks Ilya ... would this mean that after I download a file using internet download manager and immediately click on open it would run as untrusted or should I go to the "download area" and run the file from there to have it run as untrusted?

EDIT:
Ok, I can just click open and a warning message would pop-up .. thanks again Ilya

-{ Quote: "question:
how can I set defensewall to flag all my downloaded files being save on "download areas" as untrusted?" }-

They should automatically be set as untrusted if downloaded from your browser, p2p etc as long as they were running as untrusted when the files were downloaded.

However if you use shadowdefender or returnil then Just add these download folders to the untrusted applications list, then all files in the folders will run as untrusted.

@tony
nope ... I run my browser as untrusted - download a file via IDM(untrusted and save dir "download area)") after download is finished and clicking on open via IDM it would run as trusted.

EDIT:
Ilya's suggestion did the trick :) ....

@Ilya
I think this should have been added on the help file (download area set as untrusted) ... most people would expect that they are already protected by defensewall by just doing their normal routine (downloading - running apps) .. w/o them knowing that they have to right click on a file (if they are unsure if it is clean) and run it as untrusted. A help file stating that you have to set the download areas as untrusted first would do the trick, because once you launch a downloaded file defensewall would ask if you would like it to run trusted or untrusted. Or better yet have all the downloads area set to untrusted by default.

-{ Quote: "@tony
nope ... I run my browser as untrusted - download a file via IDM(untrusted and save dir "download area)") after download is finished and clicking on open via IDM it would run as trusted." }-
IDM should be into the untrused list by default. Thus, the files you download should marked as untrusted too. Make sure you are not running DW in "expert" mode.

-{ Quote: "
I think this should have been added on the help file (download area set as untrusted) ... most people would expect that they are already protected by defensewall by just doing their normal routine (downloading - running apps) .. w/o them knowing that they have to right click on a file (if they are unsure if it is clean) and run it as untrusted." }-
DefenseWal is already working this way.

I see ... that might be it ... thanks again Ilya :)