Geswall 2.8 Released

cool,even the free version?wooo thats freaking cool man,so if geswall for free blocks viruses why some people paid for antivirus software when they have a free alternative

 

Hi,

if I run a couple of Malware to test Geswall - how can I remove all remands afterwards?
I mean only the isolated files from the test, not all isolated files.
And if it's possible, is this also possible with the free version?

Cheers

 

hey very good question,i want to know i never tried this one,i know defensewall's rollback feature is able to remove alot of garbage out,also sandboxie delete the content of sandbox but what about GesWall?i wonder how

 

Not an automated removel. But there is an isolated file scanner in the console( see the pic) but u wil have to manually locate n dlete the files. U can sort them by location, by date n time, by parent application who created them etc.

But u will be protected even if u don,t delete the files.

 

cool

 

Ok, Let me explain it with a simple example.

1- Suppose i have a virus Hasher.exe. I labelled it as untrusted and then run it. GesWall isolated it ofcourse. See Pic 1.

2- Hasher.exe is not allowed to damage the system but it creates a file hasher.ini that is automatically isolated by GesWall. Pic 2.

2- I run again isolated file scanner. I arrange files according to time n date of creation. Hasher.ini is at the top meaning the latest created isolated file. Pic 3.

3- Right click n delete. File is gone. Pic 4

Parent for ini file is mentioned explorer not hasher.exe because the actual parent( hasher.exe) was labelled via explorer( right clik menue)- a sort of grandparent. If hasher.exe would had come as a drive-by via IE, GW will show IE as parent for the ini file.

 

awesome

 

I have AntiVir, Outpost, and Prevx Edge.. Outpost seems to automatically allow keylogging unless you tell it to block, maybe because it's a known program. But would this conflict? I saw no difference with Outpost turned off.

Thanks for you help. Will see if I can send a bug report. I hope to be able to use Online Armor when the next version is released.

 

Hit "Print" Lol

 

Somethings weird with the prices of geswall when you go to the purchase screen.Ive been there on three occasions over the last few days and had 3 different prices.. ive screen captured two of them.Any idea whats going on?

 

Yes, is it not because the currency is fluctuating? I suppose that if you are going to buy it you should check out the currency first.

 

I dont really understand.I would have thought there's a fixed unit price and fixed tax.??
ellison

 

GeSWall is European based (office in Luxembourg?) and is therefor priced in Euros which is why the base price keeps varying in £'s here in the UK. The tax stays at 19% of the basic converted Euro to £'s price which is why the amount of tax keeps changing. I nearly bought GW a few months ago before the pound started its slide. Don't know whether to buy it now in case the pound slides some more or wait and see if it recovers

 

But if I uninstall Geswall it will open Pandora's box.
I wish there would be a easy way like with SBIE to get rid of all these red hat files.

Anyway, thanks for explanation.

Cheers

 

Yes, uninstall will let those files free but still they will not execute unless clicked by the user. By default GW stops creation of any files in system32 directory and start up locations and denies creation of any browser plugins etc, so the files even when free( after u un-install GW) will not auto-execute.

Infact for ordinary user, GW is best to be used in combination with a signature based AV. AV will catch most of malware files. MAlware files not detected by AV will remain isolated until in future they are added n AV,s signature data base and become detected. Similarlt any browser plug in , keylogger, rootkit etc will fail to install due to GW.

SBIE virtualizes the files. GW n DW depend mainly upon policy restrictions so there is this difference.

If u want file virtulization, SBIE is best option. Just think if GW is same as SBIE, who will use GW, almost no one will prefer GW over SBIE if they are so similar.

We need to have more n more options. I still agree that thius un-install issue is valid. may be they should implement a feature that will erase all untrusted executables created after install of GW but it will need a careful work to implement as it might break some applications.

 

This is the only issue I have with programs like this. The average user will never be able to figure out what is safe to delete. That is why something like Sandboxie will always have the edge over programs like this and Defensewall.

 

Why to remove any thing? Just keep program installed and clean ur browser cache and temp files sometimes, may be with CCleaner.

U are protected well.

 

Wouldn't you want your machine to be free of cruft? The files might be inactive, but some people, like me, certainly don't want any traces of malware left over.

 

Me too but I think an ordinary user want to be protected only without any hassle of maintenance jobs otherwise you will see everyone using SBIE and virtualization products etc. Just my idea.

Users out there certainly don,t think like most of the folk here on wilders.

As afr as advanced users are concerned I am sure they can be free of malware traces in any way, there are a lot of ways.

 

The problem was Outpost - it was somehow preventing GeSWALL from protecting. I put Avira's firewall back on, and am using GeSWALL as my HIPS along with Prevx.

 

Good that you sorted out the conflict.

 

Thanks for the explanation.It now makes sense a little
ellison

 

Glad I could throw a little light, it looks as though the pound is now recovering against the Euro so I will hang on a little while.

 

Still trialing the pro version ,i notice application wizard in right click context menu is always greyed out ,no matter what type of file i right click on such as .exe
Is this normal or is it not functioning?
ellison

 

Not normal at all.