DefenseWall Restrictions

Discussion in 'other anti-malware software' started by Dregg Heda, Sep 6, 2009.

Thread Status:
Not open for further replies.
  1. Dregg Heda
    Offline

    Dregg Heda Registered Member

    Can someone explain to me exactly what kind of restrictions DW places on untrusted programs? I know its supposed to be stronger than LUA. But exactly what kind of restrictions are these? Are there any kinds of malware which can run in spite of DW restrictions? I know the DW help file states that certain kinds of advanced keyloggers can run, but is there anything else?
  2. jmonge
    Offline

    jmonge Registered Member

    malware is basicly criple withing defensewall,they have no rigths to do any harm,they sitting there without any power
  3. Dregg Heda
    Offline

    Dregg Heda Registered Member

    Can they execute? Can they write to C:programs or C:Windows?
  4. jmonge
    Offline

    jmonge Registered Member

    can not modify nothing,your registry is safe too;) if run it as trusted good luck:)
    it is criple:):))
  5. Dregg Heda
    Offline

    Dregg Heda Registered Member

    So if I were to run SRP together with DW, the malware wouldnt even be able to run right?
  6. jmonge
    Offline

    jmonge Registered Member

    with DefenseWall the malware is in a cage that has no permition to harm you pc,you are quite safe,dont actually need the SRP and also DW is stronger than lua;)the only thing you need to do is get a firewall to protect the outbound connection and learn how to use the rollback feature to remove all the debris or left malware malware leave
  7. Dregg Heda
    Offline

    Dregg Heda Registered Member

    But surely SRP will add greater restrictions in addition to those imposed by DW?
  8. jmonge
    Offline

    jmonge Registered Member

    yes it will for sure;)
  9. arran
    Offline

    arran Registered Member

    The best way to see what exactly defense wall protects is to install MD. then run the malware as trusted and from MD see what it does. Then run the malware as Untrusted and see what type of restrictions defense wall puts in place.
  10. Dregg Heda
    Offline

    Dregg Heda Registered Member

    Fantastic Idea Arran! :thumb:
  11. demoneye
    Offline

    demoneye Registered Member

    good idea but dont try it on your real system , better play around with malware on VM :D

    also SRP provide a strong protection since it local policy , which are very restricted .

    about DW , i think is up to ilya to give a total explantion what DW does to the malware it catches...sure it cripple it , make it in a some sort of cage :D
  12. arran
    Offline

    arran Registered Member

    Obviously

    yea ilya can give an explanation if he wants to, but no reason why you can't use MD to find out as well.
  13. wat0114
    Offline

    wat0114 Guest

    I agree. MD will afford one the ability to "see" key inter-process activity occurring in real time.
  14. Ilya Rabinovich
    Offline

    Ilya Rabinovich Developer

    DefenseWall implies so many restrictions I just can't explain each one. In common, they are far beyond SRP can offer.
  15. aigle
    Offline

    aigle Registered Member

    No, it,s not reliable at all IMO. When you run a programme inside a Sandbox, a classical HIPS might not be able to monitor all of its actions correctly. It,s just my observation.
  16. demoneye
    Offline

    demoneye Registered Member

    yes of course , DW got many features far beyond just SRP , provide a solid protection against malware :)
  17. Ilya Rabinovich
    Offline

    Ilya Rabinovich Developer

    Yes, of course, but only for untrusted processes.
  18. arran
    Offline

    arran Registered Member

    it is reliable.

    Run the malware as trusted and then run it as untrusted. and with MD's logs compare the results.

    when you run it as untrusted and MD isn't picking up anything then defense wall is fully containing it.
  19. aigle
    Offline

    aigle Registered Member

    Yes, i mean to say that.
  20. Kees1958
    Offline

    Kees1958 Registered Member

    Only to your own usability of the PC. I would run any malware as untrusted with DW, have not seen it go down yet.

    So the deny execute is in theory safer.
  21. Kees1958
    Offline

    Kees1958 Registered Member

    In a virtual machine environment or with a image backup at hand I hope ;) Because running malware trusted = DW is not protecting
  22. SafetyFirst
    Offline

    SafetyFirst Registered Member

    It seems like I'll have to uninstal DW due to insurmountable problems I face. I just can't make it work properly. :'(

    I must say that Ilya was really trying to help and kept answering to my questions with promptness, but I just can't come to a solution.

    It must be something with my system because I can't even boot into Safe Mode. :oops:
  23. Ilya Rabinovich
    Offline

    Ilya Rabinovich Developer

    The problem with Safe Mode is on your side as DefenseWall do not load its driver this case. The issue may be caused by malware infection (past or present) or system's corruption.
  24. SafetyFirst
    Offline

    SafetyFirst Registered Member

    Talking about DefenseWall restrictions, I am more than happy to announce that DW doesn't restrict me to use the right-click context menu any more! :D

    After uninstalling Daemon Tools (and goddamn sptd.sys) I reinstalled DefenseWall and everything seems to work just fine now. :)

    Ilya, I really appreciate effort and time you invested in trying to find the solution to problems I had. Good work! :thumb:
Thread Status:
Not open for further replies.