Malware Defender

[Ibrad]

Like most of my security software I like to understand how to use it before I install it. Do the fact I finally decided I should use a Classical HIPS again I want to make sure I do it right this time.

After reading few threads on this software I see that you should run your machine in learning mode for a few days, does Malware Defender do this automatically for the first boot or do I have to manually set that up?

While installing software do I just put the software in learning mode or do I have to take the time to answer a alert for everything the installer is trying to do?

Do I have to manually uninstall and reinstall this app for every update?

Are the default rules ok, or do I have to go through and set everything up?

From what I have read Malware Defender has a firewall built into it, will it conflict with any other software files?

Is Malware Defender very stable? I don't want to have to reformat my machine after trying to install it.

[_kronos_]

Quote:

Originally Posted by Ibrad

After reading few threads on this software I see that you should run your machine in learning mode for a few days, does Malware Defender do this automatically for the first boot or do I have to manually set that up?

It automatically changes to Learning Mode after installing. When you think it is necessary (=it has learned enough), you can change to Normal Mode..

Quote:

Originally Posted by Ibrad

While installing software do I just put the software in learning mode or do I have to take the time to answer a alert for everything the installer is trying to do?

You can choose to answer all alerts, or simply choose in the popup the option to treat that setup as Installer or Updater. In this way you would be alerted only for most critical actions.

Quote:

Originally Posted by Ibrad

Do I have to manually uninstall and reinstall this app for every update?

No, usually newest MD releases can be installed over the previous version (only a reboot is needed). Anyway Xiaolin explicitly suggests when is recommended to uninstall-reinstall, often when there are big changes..

Quote:

Originally Posted by Ibrad

Are the default rules ok, or do I have to go through and set everything up?

MD will warn you for new actions seeing the ruleset (= if it does not know if an action is safe or not, because in the ruleset there are not rules about it, it will warn you)

Quote:

Originally Posted by Ibrad

From what I have read Malware Defender has a firewall built into it, will it conflict with any other software files?

It is suggested to not install 2 firewalls together. if you use any another software firewall simply disable one of them.
It is important to not install 2 firewall/hips together.

Quote:

Originally Posted by Ibrad

Is Malware Defender very stable? I don't want to have to reformat my machine after trying to install it.

MD is very stable...

Anyway these are my opinions..

Regards

[Scoobs72]

Quote:

Originally Posted by Ibrad

After reading few threads on this software I see that you should run your machine in learning mode for a few days, does Malware Defender do this automatically for the first boot or do I have to manually set that up?

MD places itself automatically into learning mode on installation. I would recommend you reboot a few times in learning mode, then spend 10 minutes opening every application you can to generate rules. I would also recommend changing the default application rules "Send message to other processes" and "Duplicate handle from/to other processes" to permit. This will reduce the level of security a bit, but will also make MD much less chatty.

Quote:

Originally Posted by Ibrad

While installing software do I just put the software in learning mode or do I have to take the time to answer a alert for everything the installer is trying to do?

Disable MD when installing software assuming it is software you trust. If you don't trust the software then either you shouldn't be installing it or you should be using some other containment method. You can use learning mode and then "Remove Stale Rules", but I don't find that approach necessary.

Quote:

Originally Posted by Ibrad

Do I have to manually uninstall and reinstall this app for every update?

No

Quote:

Originally Posted by Ibrad

Are the default rules ok, or do I have to go through and set everything up?

The default rules are good. There should be no need to change them, aside from the change I mentioned above...which some people may disagree with, but which makes MD a lot more user-friendly for me.

Quote:

Originally Posted by Ibrad

From what I have read Malware Defender has a firewall built into it, will it conflict with any other software files?

Potentially. If you want to use a separate software firewall then just disable the network protection. However, if you're behind a router then MDs network protection adds outbound filtering to your already strong inbound protection from the router's firewall.

Quote:

Originally Posted by Ibrad

Is Malware Defender very stable? I don't want to have to reformat my machine after trying to install it.

Yes, very stable in my experience. I've never had a single crash or problem with it.


My only other comment is to take time to learn and understand MD. It is very powerful, but can be initially quite confusing and result in uninstalling it due to frustration. When you get a pop-up take time to read and understand it, don't rush your response. Then post pop-up review the rule it created so you can begin to understand how the rule structure works. A key point to remember is that rules go from bottom to top. It is an awesome application and can be 'enjoyed' - which is rare from a security application.

[_kronos_]

Quote:

Originally Posted by Scoobs72

Disable MD when installing software assuming it is software you trust. If you don't trust the software then either you shouldn't be installing it or you should be using some other containment method. You can use learning mode and then "Remove Stale Rules", but I don't find that approach necessary.

I don't agree, switching to Learning Mode means that installer has full power.. that has no sense if you want to be protected by an hips, imho..

[Scoobs72]

Quote:

Originally Posted by _kronos_

I don't agree, switching to Learning Mode means that installer has full power.. that has no sense if you want to be protected by an hips, imho..

1st rule (for me) - don't install software you don't trust. As long as you are installing software you trust then learning mode can be used to view the changes made by the installer. It is purely for curiosities sake. Personally I don't use learning mode like that (I disable MD) and for monitoring the install I use Total Uninstall. But I have read that some people use learning mode during the install then delete stale rules afterwards.

[Ibrad]

I only install software I trust, most of the time when I am installing something it is a game I have from a disk.

Also if I do go the learning mode route would I have to delete all the stale rules manually or does it automatically remove them for me?

[G1111]

Quote:

Originally Posted by Ibrad

I only install software I trust, most of the time when I am installing something it is a game I have from a disk.

Also if I do go the learning mode route would I have to delete all the stale rules manually or does it automatically remove them for me?

I don't believe so, there is an option under "rules" to remove stale rules and remove temporary rules. You can easily delete then manually. Also, I export (save) a rule set every so often as a backup. This way if you think you messed up a rule you can always import the previous rule set. You can also reset it back to default rules if you wish. The great thing about MD is you can configure it to your heart's content. Do some research on some of the past posts here at Wilders. Folks have been very creative with coming up with rule sets. There is a 30-day trial period so you can test the program. I have had no conflicts with my current setup.

[Scoobs72]

Quote:

Originally Posted by Ibrad

Also if I do go the learning mode route would I have to delete all the stale rules manually or does it automatically remove them for me?

"Remove Stale Rules" option is effective so manual removal shouldn't be required. But I wouldn't recommend installing in learning mode as standard practice.

[Ibrad]

This thing is much more powerful then anything I have ever used, I could really mess my machine up with it

If I disable Malware Defender before installing anything do I have to reboot to enable it again?

I have been reading some old threads on Malware Defender and it seems so advance and hard to understand, but I am in need for a new challenge. (The last time I used a classical HIPS was Online Armor 2 or 3)

[LoneWolf]

Quote:

Originally Posted by Ibrad

I have been reading some old threads on Malware Defender and it seems so advance and hard to understand, but I am in need for a new challenge. (The last time I used a classical HIPS was Online Armor 2 or 3)

Have you read the help file?

[Ibrad]

I have found no help file online and my schedule is busy this week. I actually plan on backing up my important stuff and installing it this weekend. That's why I am trying to learn everything about it now.

[G1111]

Quote:

Originally Posted by Ibrad

This thing is much more powerful then anything I have ever used, I could really mess my machine up with it

If I disable Malware Defender before installing anything do I have to reboot to enable it again?

I have been reading some old threads on Malware Defender and it seems so advance and hard to understand, but I am in need for a new challenge. (The last time I used a classical HIPS was Online Armor 2 or 3)

No, there is "pause protection" button in the tray icon. Just re-enable protection, you don't have to reboot. You can also choose from file, registry, network and program protection. The help file is attached to the program (in the upper part of the GUI). After installing MD leave it in learning mode and reboot a few times. Run some of your programs. Then select "normal mode." You can leave the default settings and still have good protection. I would suggest moving your trusted security programs to the "trusted applications' folder.

[LoneWolf]

Quote:

Originally Posted by Ibrad

I have found no help file online and my schedule is busy this week. I actually plan on backing up my important stuff and installing it this weekend. That's why I am trying to learn everything about it now.

Sorry, I thought you already had MD installed. (That'll teach me to try and read without my glasses)
Good plan on backing up before installing MD or any new program to your system.
Some good advice and tips for everyone here.
When you do install, I do recomend reading the built in help file, might help getting a better grasp on MD, I know it helped me.
Personally, I left MD in training mode for a few days, rebooting several times, under a tight Sandboxie setup as so to avoid being infected when surfing the net while MD learned my system. Looking through MD's logs and rules to make sure nothing that shouldn't be allowed was allowed. Opening all normal programs a few times. Once MD was trained, Sandboxie was put away and I fired up ShadowDefender to compliment MalwareDefender, but that is just my personal preference, as is running MD in "silent mode" most of the time to act as an anti-executable with a white list.

[jmonge]

good idea about training MD and then put it in silent mode nothing new will be introduce to the system

[1boss1]

Quote:

Originally Posted by Scoobs72

Personally I don't use learning mode like that (I disable MD) and for monitoring the install I use Total Uninstall. But I have read that some people use learning mode during the install then delete stale rules afterwards.

I use Total Install for monitoring installs also, because it helps with program removal where Malware Defender doesn't. But i don't disable MD completely during installs, i leave network protection only enabled this way it catches phone homes or my data potentially being sent out.

Seems a good balance.

[bellgamin]

I am addicted to trying out new software, especially security apps. Therefore, I always image at least weekly. As a further fail-safe, I usually (not always) use MD during installs as follows---

1- I install/trial new stuff in Shadow Mode, with MD in learning mode. Then I study MD's logs.

2- If I see something in the logs that I do not like, I reboot and POOF! -- it's all cleaned away.

3- If I like the program, & the logs in Shadow Mode look okay, then...

3a- I leave Shadow Mode, put MD into "Pause Protection", & install the program.

3b- IF the install requires a reboot, I enable MD before rebooting. That means I will get a plethora of pop-up's from MD after the reboot -- such is life when you are paranoid.

[Brummelchen]

/me do it other way round:

- install software into sandboxie
- examine sandbox and registry
- kick it off (most of it) or keep it (i'm almost maxed out with tools)
- install it and set MD to learning mode while gambling around with my new toy

that covers almost 99% of all activities.

[Stem]

I have been having a look at Malware Defender, albeit just from general use (not testing with leaktests).
I do quite like the app and thought it a possible replacement for my current hips, after getting the nag screen on startup (from 9 days left) I decided to purchase, however, the link from the website to Paypal causes error.
I have attempted to purchase through other online sources but wherever I attempt to purcahse I am given an error of "The affiliate store you are accessing is no longer available for sales of this product. "

I did send an e-mail directly to support[at]torchsoft.com, but as that was almost 4 days ago with no reply I am wondering if this product is still actually available/supported.


- Stem

[jmonge]

yes it is but maybe xiolin is bussy given some kunfu clases for the weekend wait maybe on monday he will appear

[subset]

I'm not really sure what is going on, but I read in the Chinese MD forum something that they are currently also not able to purchase MD.

And from xiaolin (sandworm) "The recent replacement of domain names and hosting services provider, there will be some problems."

But that's all Google translator information.

Cheers

[Brocke]

Quote:

Originally Posted by jmonge

good idea about training MD and then put it in silent mode nothing new will be introduce to the system

silent mode? didnt know it had that? hows that work?

how do i do that then?

[jmonge]

silent mode in md means block all new stuff without any alerts those apps that are trusted and or introduced in learning mode will be allow

[Brocke]

if your computer is malware free (Clean) is there a way to tell MD to trust all files so there are no popups only new files/changes asked?

[jmonge]

yes learning mode first then reboot and allow all regular programs and then put it in silent mode that is how it worksit will be like anti-executable and without any pop ups

[bellgamin]

Quote:

Originally Posted by subset

And from xiaolin (sandworm) "The recent replacement of domain names and hosting services provider, there will be some problems."

It sounds like Xiaolin/Torchsoft might have changed web hosts.

I sent Torchsoft a message. I hope all is well with Xiaolin, & that he will reply here soon.

Stem - I am a long-time user of MD (Malware Defender). It is very reassuring when someone with your high degree of computer expertise finds MD to be a good enough HIPS for you to use personally.

I expect Xiaolin will have his hosting problems resolved shortly.