Malware Defender 2.6.0 beta

Thanks bellgamin, I was just wondering. With the latest version of MD the mdhook.dll is not injected into other processes by default to avoid conflict with other programs. Xiaolin advised someone else to allow it to inject if there were no problems. I was hoping he would stop by and respond. Perhaps it makes no difference at all from a security standpoint.

 

It makes a difference, just read the program help or this post.
https://www.wilderssecurity.com/showpost.php?p=1620342&postcount=27

Cheers

 

Thanks subset. Turns out with the dll loaded, MBAM IP protection won't load. Oh well.

Works okay if I load MBAM first then the MDhook.dll.

Added mbamservice.exe to MD trusted applications group. Hopefully that will fix any conflicts with MBAM IP Protection and mdhook.dll.

 

Xiaolin doesn't check here every day. However, in my experience, he always drops by & posts comments if you send him an email requesting that he do so.

 

Thanks bellgamin, but subset had the answer. It is explained in the MD help file.

 

No experience with Malware Defender here. Can it be run as a stand alone app or does it need to run alongside a sig base av?

 

It's a standalone classical HIPS, so can be run by itself, or more commonly as a 2nd line of defense, e.g. as backup to an AV or Sandboxie.

 

Right now I'm running Avast IS. Would the two firewalls conflict?

 

They may conflict, even though MD uses the Windows Firewall Engine. Difficult to know for certain. You can run MD without network protection, thereby avoiding any conflict, just to be sure.

 

i am running MD with prevx with no problems at all

 

MD does not use Windows FW engine. MD's code is self-contained, except for API calls of course.

MD is NOT a FW (firewall) & will not conflict with any software FW. (However, see NOTES below.)

MD has network functions which enable the user to exercise limited control over connections, but it is very UNgranular when compared to even the simplest software FW.

I use MD to control outbound connections only. I do not use a software FW because I have an SPI/NAT-capable router.

IMO, MD + Router is substantially more powerful than a stand-alone software FW. (However, if using a router, it is important to change the password that protects that router. Hackers do search for routers where the user has left the password at its manufacturer's default setting.)

NOTES:
1- MD hooks the kernel. It is *possible* (far from certain) that MD can conflict with ANY other application that also hooks the kernel.
2- However, I have safely run MD alongside security apps (many of which hooked the kernel) such as Sandboxie, DefenseWall, early versions of Comodo D+, System Safety Monitor, Kerio 2.1.5 FW, Filseclab FW, Sygate FW, Avira FW, Threatfire, and lots of antivirus programs (I am a security program junkie).
3- At the other extreme, MD & Online Armor do NOT play well together. This is true even if only one of them is running. In other words, OA & MD won't tolerate each other being installed on the same computer, even if one or both of them is disabled. That is true for my 2 computers -- your mileage may vary.

 

I will clarify that - my understanding is that it uses the windows filtering engine. If I've got that wrong, then that's a big surprise as I always thought that was the case.

 

Yes, Windows Firewall and MD use the Windows Filtering Platform.
If you have the setting 'log blocked' for the Windows FW and you block an outbound connection with MD, then there is a log entry in Windows FW log.
So it's obvious that they are based on the same thing.

Cheers

 

WFP is for both/all - but settings are separated.
(Windows Firewall, MD, Windows 7 Firewall Control, PCTools Firewall)
The kernel hook from MD is only for the HIPS, not for the firewall control.

 

I learned something!

Thanks Brummelchen & subset & scoobs.