A few days ago my unprotected system got completely dominated by some vicious malware and I had to re-format. I was very glad to find this forum which opened my eyes to all sorts of ways that I could avoid becoming some hacker's ~ Snipped as per TOS (http://www.wilderssecurity.com/faq.php?faq=wilders_tos#faq_wilders_tos_1) ~ in the future. After reading a lot of posts I decided to try using DefenseWall in combination with Prevx (XP SP3).

I'm really happy with the power/unobtrusiveness I get from this, but in DefenseWall the list of

1) Untrusted applications
2) File/registry changes

Seems to be getting kind of large/unwieldy. I've read that users of, for example, Sandboxie can use the Buster's Sandbox Analyzer to make their sandbox more manageable.... is there any such third party app that will let me "tidy up" DefenseWall? Or some app that will might stop it from getting so bloated in the first place?

Alternately, feel free to recommend some other combination of apps that gives solid-but-not-chatty HIPS with the ability to roll back select changes to the system...

I really like Defensewall. Sandboxie is probably more configurable if that is what your looking for. If you know what to delete you can manage the File and Registry rollback in DW. I make sure when I download something I "allow" it (after checking out the download with Hitman Pro first), then change its status to "trusted" before installing it. DW will then decide if it is Internet facing it will place it with untrusted as it should be (i.e., Firefox). You have to be careful not to delete anything that would cripple your system. If you manage your downloads you should be able to mange DW untrusted process with little effort. DW removes items in the rollback list after 30 days (if you have that option checked). I am currently using DW with Emsisoft Anti-Malware, MBAM and ClearCloud DNS. There are a lot of combination's you can try. Do some research on this forum. DW and Prevx is a very good combination. Add MBAM free as an extra scanner. Maybe consider something like ClearCloud or MVPS Host file. Sorry for rambling, but I am not aware of any DW sandbox managers.

I think I am not looking so much for configurability. I chose DefenseWall because it sounded a bit more "set and forget" :)

However I can't resist for now (having just started using it) knowing exactly what it is running untrusted vs trusted so that I can have some peace of mind that it will work for me and that I'm not doing stupid things with it. The untrusted list seems to include every file on my system almost, and there doesn't seem to be a list of what will run trusted at all (just a list of what is currently running).

On the other hand maybe I should just shut up and let it do its job... I did score 330/340 on Comodo's test suite so I'm sure my security is fine. Probably just teething issues?...

In different PCs, I use DW with different IRS software (e.g. Rollback Rx, EAZ-FIX, and AyRecovery).

-{ Quote: "I think I am not looking so much for configurability. I chose DefenseWall because it sounded a bit more "set and forget" :)

On the other hand maybe I should just shut up and let it do its job... " }-Yes DW very powerful and set and forget is what I like. :thumb: :thumb: :thumb:

Update: I'm now trialling Online Armor Premium.

OA can be configured to run quite similarly to DefenseWall - I have it using "Run Safer" on all unknown (aka untrusted) processes, which I believe restricts their rights in a similar way to DefenseWall. You can configure it to run silently, but I have it displaying little system tray notifications whenever something runs as trusted. Once I'm happy that it's behaving as expected I'll switch this off for some nice, silent protection. To be honest I also just find the GUI to be much more pretty which for some reason makes me feel safer :wacko:

However, does anyone know of any avenues of attack that I'm leaving exposed using OA Premium vs DefenseWall?

with defensewall you have the rollback feature and with OA you will have to hunt the offending program to block it or delete it but both will easilly bring back your pc back but with defensewall is easier;) my 2 mexican pesos:)

-{ Quote: "In different PCs, I use DW with different IRS software (e.g. Rollback Rx, EAZ-FIX, and AyRecovery)." }-

Melf,

This is a good combo IRS with defensewall. You can try the freebie Comodo Time Machine. CTM + DW + PrevX = reaaaaal strong plus ability to rollback in an easy manner.

P.S.

Forget about the list. It shows that DW is doing its work. It is administrated in the Registry, so it does not slow down your PC (because it is read all the time, it is constantly in memory)

Kees, Comodo Time Machine solid as a rock these days?

anyone knows if Trusteer Rapport is compatible with Defensewall?

-{ Quote: "with defensewall you have the rollback feature and with OA you will have to hunt the offending program to block it or delete it but both will easilly bring back your pc back but with defensewall is easier;) my 2 mexican pesos:)" }-
nicely said:thumb:

-{ Quote: "anyone knows if Trusteer Rapport is compatible with Defensewall?" }-
No, its not. Caused complete lockups on my machine, Rapport seems not to work with any kind of sandboxing.

tnx m8! :)

that was my suspicion as well since it's not working with either Geswall or Sandboxie.

too bad though.

-{ Quote: " Comodo Time Machine solid as a rock these days?" }-

The current version 2.8 has resolved the previous MBR issues,it's extremely stable for me here.

-{ Quote: "
This is a good combo IRS with defensewall. You can try the freebie Comodo Time Machine. CTM + DW + PrevX = reaaaaal strong plus ability to rollback in an easy manner.
" }-
I've been using DW/Prevx/Rollback Rx combo for several months now and am very happy with it. Kees, what are your current heuristics settings for Prevx? I noticed you changed your recommended settings a couple of times recently, and I wondered why.

-{ Quote: "This is a good combo IRS with defensewall. You can try the freebie Comodo Time Machine. CTM + DW + PrevX = reaaaaal strong plus ability to rollback in an easy manner." }-

I might check time machine out. Catchy marketing names always win me over :) My reservation with rollback software is that I am lazy and don't think I will actually make images/restore points... that's why DW seemed appealing since it will rollback the important stuff for me (most malware doesn't bother deleting your personal files, and my real *can't be deleted or I will cry* stuff does not change very often).

-{ Quote: "Forget about the list. It shows that DW is doing its work. It is administrated in the Registry, so it does not slow down your PC (because it is read all the time, it is constantly in memory)" }-

I have a confession to make. I've found DW to be inconsistent in what it labels as trusted/untrusted. e.g. on a fresh install I downloaded some application that came in an archive. DW labeled it as untrusted, so far so good. I did not have an archive unpacker yet installed so I used explorer to open the archive and dragged the files out. Then I ran them, and it ran as trusted! I then downloaded an archive unpacker and installed it (as trusted so that it could add itself to the right mouse button click menu). Then I had to manually change the application itself to untrusted (kind of annoying... maybe there's some option to "run as install" that I missed). Anyway, when I unpacked the archive with this program, the original application ran as untrusted. Then I tried the original method (using explorer again) and it now seemed to "remember" and run as untrusted.

This inconsistency led me to drop it... I don't want to have to check to make sure every time I download something. OA gives me a little "hey, guess what" each time so I'm happier with that I think.

But it sounds like DW is preferred around here... anybody else noticed any inconsistencies like this? I haven't read about them so was loathe to even mention... maybe I didn't install DW properly or something. I think I need "So easy even my blind grandmother could do it" programs because sometimes I just don't pay attention to what I'm doing.

-{ Quote: "I have a confession to make. I've found DW to be inconsistent in what it labels as trusted/untrusted. e.g. on a fresh install I downloaded some application that came in an archive. DW labeled it as untrusted, so far so good. I did not have an archive unpacker yet installed so I used explorer to open the archive and dragged the files out. Then I ran them, and it ran as trusted! I then downloaded an archive unpacker and installed it (as trusted so that it could add itself to the right mouse button click menu). Then I had to manually change the application itself to untrusted (kind of annoying... maybe there's some option to "run as install" that I missed). Anyway, when I unpacked the archive with this program, the original application ran as untrusted. Then I tried the original method (using explorer again) and it now seemed to "remember" and run as untrusted.
" }-

That is a very old bug I reported to Ilya a long time ago. When you use latest version please inform DW support

-{ Quote: "The current version 2.8 has resolved the previous MBR issues,it's extremely stable for me here." }-

Good stuff andy. You have faith in em, then I'll give it a go.

Melf, about DefenseWall, I'd leave the entries, scan your system with CureIt, Hitman Pro, MBAM, Superantispyware, whatever does it for you, and remove anything suspicious.

Everything else, is harmless while running DW.

-{ Quote: "I have a confession to make. I've found DW to be inconsistent in what it labels as trusted/untrusted. e.g. on a fresh install I downloaded some application that came in an archive. DW labeled it as untrusted, so far so good. I did not have an archive unpacker yet installed so I used explorer to open the archive and dragged the files out. Then I ran them, and it ran as trusted!" }-
If you downloaded "known as good" software, signed with a "known as good" vendor's name, it's OK, that's how DW's whitelisting's working. Other case, it's a security hole and I need as much information as possible to reproduce it.

Ahh, I did not realise there would be a whitelist, I thought that anything through the browser would be untrusted unless I indicate otherwise (I assume there is some way to disable the whitelist?). It probably is on the whitelist, I believe it was the "autoruns" program from sysinternals / microsoft.

-{ Quote: "I've been using DW/Prevx/Rollback Rx combo for several months now and am very happy with it. Kees, what are your current heuristics settings for Prevx?" }-

his current was:
-{ Quote: "Heuristics: default/high
Age: disabled
Popularity: disabled

Apply after age and popularity :)" }-

-{ Quote: " I noticed you changed your recommended settings a couple of times recently, and I wondered why." }-

He was trying to reduce hdd overhead of prevx.

Wow, that's another new setting! So far, I've tried the following:

1. medium setting on heuristics, age and popularity, set heuristics After Age

2. Heuristics max, Age max, Popularity off, set heuristics After Age

3. Heuristics max, Age max, Popularity low, set heuristics After Age

and now

4. Heuristics high, Age and Popularity off, set Heuristics After Age


I've tried each of the first three and haven't really noticed much difference in performance or in the number of detections.

I am now using Defensewall Personal Firewall on its own! Ok well I have EMET and Windows Firewall + Defender as well. I will also scan with HMP occasionally.

I am happy with this setup, what does the collective brain think?

A

-{ Quote: "I am now using Defensewall Personal Firewall on its own! Ok well I have EMET and Windows Firewall + Defender as well. I will also scan with HMP occasionally.

I am happy with this setup, what does the collective brain think?

A" }-

:thumb: DW is great protection. Your setup looks good.

I use DW and am happy with it. You are well protected. :thumb:

-{ Quote: "I use DW and am happy with it. You are well protected. :thumb:" }-
Agree. Also you can take into consideration to add image backup software to your list.

-{ Quote: "Agree. Also you can take into consideration to add image backup software to your list." }-

I am always a bit unsure about image backup. I store all my data on a separate partition, which is backed up to SugarSync. I can complete a re-install of Windows in under an hour ??? I enjoy cleaning out the junk once in a while!

If I was going to run an image backup programme, which has no tray icon, no processes running in the background and no logos/interference at boot up........what would you recommend?

Does Comodo Time Machine meet the above requirements or Keriver 1CRP?

I am very very happy with Defensewall, so an image backup may be worth looking into ;D

Thanks,

A

You defeinitely should take backups into account. If you hard drive will crash, no anti-malware protection can cope it.

-{ Quote: "I am always a bit unsure about image backup. I store all my data on a separate partition, which is backed up to SugarSync. I can complete a re-install of Windows in under an hour ??? I enjoy cleaning out the junk once in a while!

If I was going to run an image backup programme, which has no tray icon, no processes running in the background and no logos/interference at boot up........what would you recommend?

Does Comodo Time Machine meet the above requirements or Keriver 1CRP?

I am very very happy with Defensewall, so an image backup may be worth looking into ;D

Thanks,

A" }-
Comodo Time Machine is not image backup application - it's ISR software like also Rollback Rx.

There are many imaging software worth attention, depends on you like free or paid version.
You may also find useful - the 'old' Raymond's test of imaging software:
-http://www.raymond.cc/blog/archives/2009/11/23/10-commercial-disk-imaging-software-features-and-backuprestore-speed-comparison/

In my case I use ShadowProtect Desktop. Other members might give you a cheaper or even free Image Backup Software.

PS. From what I've heard Macrium is nice free alternative.

-{ Quote: "Comodo Time Machine is not image backup application - it's ISR software like also Rollback Rx.

There are many imaging software worth attention, depends on you like free or paid version.
You may also find useful - the 'old' Raymond's test of imaging software:
-http://www.raymond.cc/blog/archives/2009/11/23/10-commercial-disk-imaging-software-features-and-backuprestore-speed-comparison/

In my case I use ShadowProtect Desktop. Other members might give you a cheaper or even free Image Backup Software.

PS. From what I've heard Macrium is nice free alternative." }-

Thanks for the info!

I am definitely interested in FREE ;D

I will have a look at Macrium to get me started...........

-{ Quote: "Thanks for the info!

I am definitely interested in FREE ;D

I will have a look at Macrium to get me started..........." }-

Are you on Windows 7?

you can use Windows Backup and Restore to create a system image.
it has no processes running in the background... or icon in the system tray :D

-{ Quote: "Are you on Windows 7?

you can use Windows Backup and Restore to create a system image.
it has no processes running in the background... or icon in the system tray :D" }-

Yes Windows 7!

I installed Macrium Reflect Free and it is working very well.

I will take a look at the Windows alternative, it may be worth using as it is included so one less programme to have installed...........

A

Just an update to my last post............

I have decided to stay with Macrium Reflect Free. I have restored a backup and it worked perfectly - very quick and easy to do.

I have also used UNetbootin to create a USB Recovery for use with Macrium!

I'm glad to hear you sorted this out and Macrium meets your requirements :thumb: