Malware Defender - Usage Tips & Tricks?

[1boss1]

Hello everyone,

I've been lurking here just reading for a few weeks, and the wealth of information is fantastic Wilders is a great community. I won't name everyone who has posted advice that's helped me, because i am bound to miss somebody.

Anyhow, i have Malware Defender (awesome product Xiaolin) and i was wondering if anyone knew of any articles/posts that had tips for getting the most out of MD?

Such as how to use it to recognize rootkits, keyloggers, backdoors etc.

For instance under "Hooks" i have items in red with "Unknown Module" and listed as "Not Verified" and don't know if they are bad and how bad they are. Also what things should i look out for in "Autostarts" that may be problematic.

Also "Kernal Modules" i have items in red with no publisher, no description etc example: http://i41.tinypic.com/13z6a77.png

Also how about hardening of default Windows components in the rules?

I know this is quite broad, but everything i've encountered assumes a sound working knowledge of HIPS software and the usage of MD. I really want to understand MD and start using properly but without a gentle shove in the right direction it's hard to know if i'm doing the right thing.

I can see HIPS offers massive benefits over signature based programs, but only if the HIPS is used right so i want to persist until MD and i can protect this machine with confidence.

Note: After reading here, i now have Sandboxie for running untrusted software which launches with RegFromApp to see registry changes. I have Malwarebytes & SuperAntiSpyware for on-demand scanning. I also have Outpost Pro (not real fond of it) plus Norton 09 for real time stuff.

Thanks.

[apathy]

I could definately use that myself, this thread is informative:

[LoneWolf]

Check this thread for some tips......
http://www.wilderssecurity.com/showt...3728&highlight

Don't think you need to config MD for keyloggers and such as posted here.......
http://www.wilderssecurity.com/showt...4519&highlight

I assume you have read MD's help file.

[1boss1]

Quote:

Originally Posted by apathy

I could definately use that myself, this thread is informative:

Yes Malware Defender is very powerful, it seems the articles and documentation only scratch the surface of this powerful app.

That's a good thread (screenshots are a bonus) although i did manage to BSOD my computer trying to follow it.

Many things in it are different than on my MD/System.

Quote:

Originally Posted by LoneWolf

Check this thread for some tips......
http://www.wilderssecurity.com/showt...3728&highlight

Don't think you need to config MD for keyloggers and such as posted here.......
http://www.wilderssecurity.com/showt...4519&highlight

I assume you have read MD's help file.

No i have not seen MD's help file, where is that? On the MD sites FAQ it just explains what is Malware and what is HIPS in 2 paragraphs and that's all the documentation.

Thanks for those 2 links also, it's going to take a while to get the hang of this i see. For now i've only got "File Protection" and "Registry Protection" running because enabling Network & Application protection was killing me with pop-ups and i'm not to sure how to handle the rules.

I'm starting to think for me (at least for now) MD is best used as a system inspection tool rather than a protection tool because without a grasp on the rules i'm likely just to approve malware.

[arran]

unfortunately it's help file has limited information.

Malware Defender is not for the Faint Hearted. Its more for technical users. To learn how it works properly you have to have patience and spend time playing around with it.

[xiaolin]

Quote:

Originally Posted by arran

unfortunately it's help file has limited information.

You are right.

I will write some tutorials later.

[LoneWolf]

Quote:

Originally Posted by 1boss1

No i have not seen MD's help file, where is that? On the MD sites FAQ it just explains what is Malware and what is HIPS in 2 paragraphs and that's all the documentation.

Open MD, left click "help", left click "help topics".

Quote:

Originally Posted by 1boss1

Thanks for those 2 links also, it's going to take a while to get the hang of this i see. For now i've only got "File Protection" and "Registry Protection" running because enabling Network & Application protection was killing me with pop-ups and i'm not to sure how to handle the rules.

I'm starting to think for me (at least for now) MD is best used as a system inspection tool rather than a protection tool because without a grasp on the rules i'm likely just to approve malware.

There is a learning curve for understsnding MD as with any classical HIPS.
I would sugggest starting out in "learning mode" for a few days, running all your normal programs as well as rebooting a few times so MD can learn your system.

[JosephB]

Planning on trying MD very soon and I was wondering .....

Has anyone tried and tested running the 3rd party defragmenters of PerfectDisk and Diskeeper Pro on a pc running MD ?

... Do they get along without any issues ?
... When using PerfectDisk and Diskeeper Pro can one use their options of performing a "boot time - defrag" (aka defrag before windows loads) with MD without any potential conflicts or issues ?

[mike21]

that won't be a problem

just use learning mode to automatically create rules about defrag & boot defrag

[jmonge]

Quote:

Originally Posted by mike21

that won't be a problem

just use learning mode to automatically create rules about defrag & boot defrag

that is what i call piece of cake

[1boss1]

Quote:

Originally Posted by xiaolin

You are right.

I will write some tutorials later.

Excellent thanks Xiaolin, keep up the great work

These ones have got me wondering/concerned:

Kernel Modules: http://i41.tinypic.com/13z6a77.png
Hooks: http://i42.tinypic.com/1zei4xf.png

For the Hooks, the ones without a description and that say "Unknown Module" i can't right click and "Locate in Windows Explorer" like i can with others so i can't find the .sys name to Google.

Are these Unknown Hooks safe to Right Click > Unhook?

Also for the "Kernel Modules" that are not found, for instance the first one awhrnf4m.sys it's 404 plus i Googled and there's zero results. Would it be safe to search in registry and delete the keys pertaining to it? (Backing up the registry state prior of course)

Quote:

Originally Posted by LoneWolf

Open MD, left click "help", left click "help topics".

There is a learning curve for understsnding MD as with any classical HIPS.
I would sugggest starting out in "learning mode" for a few days, running all your normal programs as well as rebooting a few times so MD can learn your system.

I'm usually a fan of RTFM, but i completely overlooked the inbuilt help topics. That's a mistake, there's tons of helpful info in there thanks LoneWolf.. So to anyone else new to Malware Defender first stop should be:

Help > Help Topics

Yes i run MD in learning mode for a few days, but i think that wasn't long enough for me. I have a "lot" of applications installed, i do SEO/Web Development so i have everything from Xampp to Photoshop to site architecture analysis tools.

I might throw MD back in learning mode for a week and make a conscious effort to open and use all tools.

BTW would the abbreviation for Classical HIPS be CHIPS?