Defensewall Question.

Im new to defensewall . From the DW help file
http://www.softsphere.com/online-help/defensewall/
i found this
DefenseWall HIPS' (Host-based Intrusion Prevention) protection scheme is 'Isolation'.
Applications and processes which interact with the internet - we call them 'threat gateways' - pose a serious risk to your system safety. Hackers use these threat gateways and applications to penetrate your computer, to infect and alter it or to damage your system integrity.
DefenseWall marks these threat gateways and processes as 'Untrusted' and they operate in an 'isolated' environment. Any files and applications downloaded or launched through those untrusted gateways are also marked Untrusted - they cannot harm your system.
So i tried to check effectiveness of DW. I used a trojan downloader , it downloaded files without disturbing DW and infected my system.
So wats the use of DW. Just for sanboxing browsers
Do u really think its good
How it detects and untrusts a program

 

this why ilya made DW3 , its include a firewall , i guess you try version 2.56 (official) ....

 

Was the downloader set as untrusted in Defensewall?

 

im currently using DW 2.56.
so wats the use of DW 2.56 without firewall

 

No DW didnt notice that downloader..

 

Who told you Dwall 2.56 was a substitute for a firewall?

 

DW by itself is a great policy-based sandbox HIPS.

If you have the standalone DW with a third-party firewall/Vista/Win 7 firewall behind a router you do not need the added firewall in DW 3.

 

Lebowsky and Blackcat. I didnt mean its a substitute for firewall . Please read my 1st post in this thread and give me an answer if u can

 

nik, you have to understand how the program works.

If you use firefox to access the internet, right-click on the firefox .exe file, and select 'change status to untrusted'. This means all downloads are protected.

DefenseWall automatically adds Firefox, IE and others by default. All downloads are therefore protected. You can 'protect' any program accessing the internet, not just browsers, just by right-clicking and selecting 'change status to untrusted'.

So if you download a trojan, it can't do any harm to your system.

Which program did you use to download this trojan? Was it a browser not recognised by DefenseWall? Or did you add the file straight to your comp, from a USB, and selected 'run as trusted'. Or was the file already on your desktop before you installed DefenseWall? Those are the only scenarios I can think of.

If you set DW up properly, it does what it says. Take a few minutes to read the online help file to understand how it protects your system.

 

I added that file straight to my computer. And executed . It was a trojan downloader ,it downloaded trojans and infected my computer .I setup DW properly and there was no problem with DW at that time and it didnt notice that downloader.

 

so i have to manually add malwares to untrusted?

 

nikanthpromod,
Did you get infected through your browser while your browser was running as untrusted?
or did you execute the malware as trusted?

 

No. You have to manually add the program which downloaded it. That's the idea.

 

please read my first post....
I didnt do anything to DW. I had a trojan downloader in my pc. I executed that.
It connected to internet and downloaded trojans .DW didnt do anything.
After getting infected i scanned my pc with MBAM and it found 15 trojans.

 

As with all securitysoftware it's to be installed on a clean machine.

 

so if that malware download files without my input invisibly , whats the use of DW.
DW untrusts removable medias and browsers automatically, not other malwares

 

My computer is clean always . But i checked DW ,whether it prevents that malware or not. But it failed

 

So when you have downloaded the malware with a software which isn't untrusted the malware can download whatever it wants and DW wouldn't notice, because the malware itself isn't untrusted of course.

 

Then why use DW altogether .

 

come on man. please understand my question .Why it couldnt make that downloader as untrusted?? Thats my doubt.
From their help
Applications and processes which interact with the internet - we call them 'threat gateways'
DefenseWall marks these threat gateways and processes as 'Untrusted' and they operate in an 'isolated' environment.

 

OK, man . Here goes: read a little bit more :


DefenseWall has a built-in database of potential threat gateways: applications and processes which interact with the internet and are the doorway to possible infected files and malicious software.

Add any other applications (executable files) to the Untrusted Applications List that you are using which are not in the this Built-in Default List and are considered to be threat gateways.

 

Well if i understood corectly the trojan downlaoder was already on your PC when you installed Defense Wall.If u want to run the trojan,and test DW protection change it's status to untrusted.

 

If the trojan downloader was already on your machine before installing dw, then it will run as trusted unless you manually added it to the untrusted list or run it as untrusted.
If you downloaded it with firefox/ie then it would automatically be added to the untrusted list that is how defensewall works, hence why it should be installed on a clean system.

 

ok..... so anything downloaded via firefox(untrusted with DW) will be added to untrust list. And if i run that file it will be untrusted. Now that answer is clear
I will download it with firefox again and close all untrust programs. Then i will execute that to check DW. After that ill post my results. Thanks for ur commentsssss

 

Ok so you launched the trojan downloader as trusted,no wonder you got infected.

Exactly.

Make sure you protect all the threat gateways, including browsers,media players,cd and dvd's, usb and all removable media. As long as your system is clean to begin with DW is superb in protection.
Ilya is always very helpful getting any problems one might have solved.