Malware Defender 2.4.4 beta

I don't think that MD contains a fully featured ARK, like e.g. RkU is.
IMHO it's a first-rate HIPS with a lot of very useful system tools.

The catch phrase "advanced rootkit detector" from the website is maybe too much of a good thing.
I think "advanced system tools" would be also a hat to suit, wouldn't add fuel to the expectations and also prevent to be the only HIPS in an ARK test.
However, I didn't find any other HIPS there and I doubt that they would have scored better, even they also state to detect hidden processes and rootkits etc.

Practically I doubt that MD would run as trouble free as it does now if it would have a driver like most of this dedicated super-duper ARK tools.

Cheers

 

What sort of (different) driver?
mdservice is a kernel-level driver, right?
Driver-wise, the only difference I've noticed between the MD driver and some other HIPS / ARK apps is that the MD driver loads as a service (post-winlogin) vs loading via BootExecute. Although the latter arguably affords a greater degree of protection, except for impacting startup loadtime (logged in and desktop visible) I don't understand how it would it would be less "trouble free"...

...aside from the potential scenario of "locking yourself out" by installing a new app (or windows update) and neglecting to ensure the HIPS is in learning mode during the post-install reboot.

 

im really impressed by this program to bad it cant detect and remove malware.

is the firewall strong?

 

you can remove malware manually if you want i tested againts braviax.exe virus and i removed it with MD

 

very true Thanks

 

just find the file with malware defender and delete it,also can block any running processes make a rule for it and then find the rule and with a mouse click place any files in blocking mode and when in blocking mode restrick it not to start

 

As mentioned earlier in this thread and elsewhere, MD doesn't act as a stateful firewall. It just monitors outbound TCP/UDP requests; it doesn't marshall all protocols.

 

Are most of these ARK tools really designed to run on every boot? I doubt that.
Most are just start-scan-fix-close tools.

However, apart from their great detection capabilities most of these tools have also great capabilities to crash a system or raise incompatibilities and wouldn't pass any quality assurance.

They are very useful in specific situations, but you will hardly find any of these tools implemented in a real-time protection software.

Cheers

 

feature request:

Beyond * and ? wildcards, it would be real helpful to have additional regex available in the search -- especially negation

[^\]system32\whatever
[^\]internet

In some instances, the "Match whole string" option is helpful. More often though, beginning-of-string matching is desirable rather than exact match.

 

point of confusion -- GUI discrepancy

In the MD "Rules" tab treeview, "Application Rules - Normal" and "Application Rules - System" are displayed as top-level siblings.

However, applications within the "Application Rules - System" group are affected by the [App]* asterisk rule (which is displayed as a child of "Application Rules - Normal")

 

question / suggestion:

MD "Autoruns" tab does not display (as far as I can tell) entries for codecs

Do codecs represent a significant malware vector? (IMO they do)
Should the autoruns coverage be expanded to include codecs?

 

bug report:

I've encountered a consistently repeatable bug, such that the MD GUI hangs/freezes.
I will post a followup to provide specific details "how to reproduce".
In the meantime, if you're using MD please try this:

view the "Hooks" tab in the MD GUI
click the left-column "User Mode Code Hooks"

and reply _IF_ you discover that your GUI starts scanning (dialog box) but hangs

(If it doesn't hang, no need to reply.)

 

You said "no need to reply" not "do NOT reply". Ergo, I did as you suggested & it worked just fine. Didn't hang.

 

Doesn't hang here. inka - Win7??

 

Even with Windows 7 it doesn't hang here.

Cheers

 

Can you think of a better way to display this? It's not really very confusing. To 'simplify' the display you'd have to add an extra tree:
- Application rules
_____*
_____ Normal
________Installers and Updaters...etc
_____System
________C:\windows\explorer.exe......etc

...and that would make things awkward as you now have an extra tree. Labelling * as "Default rules for normal and system application rules" would resolve the 'confusion'.

 

A better way? Yes, perhaps a top-level "Global Application Rules" node should be added
(matching the convention used for registry, network, and file rules).

In the meantime:
a rule apparently belonging to NodeA affecting a children of nodeB
is a discrepancy and a potential source of confusion.

If you care to further 'argue about' this factual observation... {crickets}

 

Here's a factual observation - your observation is petty, picky and unecessary. There is no source of confusion once brain is engaged. I have proposed an alternative and explained why that would have its own downfall. Hence the current solution is most likely the best one. Criticism needs to be constructive to be of real value. Otherwise...{insert sarcastic comment}

 

Hi,

I can not save Alternate Data Streams to a file under Windows 7.
Anyone else with this problem?

Cheers

 

Malware Defender 2.5.0 beta1 is released

The beta version is available for download at http://www.torchsoft.com/download/md_setup_2.5.0_b1.exe

what's new?
- Added support for filtering logs.
- Added support for pausing protection for a period of time.
- Fixed a bug when handling files on FAT32 partition.
- Fixed a bug that cannot stop displaying alert for creating registry link even if the protection is disabled.
- Fixed a bug that cannot save Alternate Data Streams to a file.

Thanks for testing.
Xiaolin

 

Re: Malware Defender 2.5.0 beta1 is released

Just tested this with 2.5.0 beta1 and it works now for me.

Cheers