iDefender (new HIPS for Windows)

You could post your questions directly to developer on GitHub so also other iDefender's users or potential buyers could benefit from the infos posted there, both for open or closed ones (Currently out of 40 closed issues, 36 are in Chinese and 4 in English, i posted issues #43 and #44 but they were actually questions )
As I wrote in a previous post, the developer is very quick on responding. Here it is the GitHub issue page https://github.com/wecooperate/iDefender/issues

 

From my understanding from the UI, the AV seems only on-demand and not in real time as it does not substitute the needs of an AV

Unknown app should have been prompted by the HIPS either way

So maybe it’s just rule tuning somehow

 

Probably the test was made with a version prior to 5.1.1.0 which added support for AV real-time protection.

 

Version 5.1.1.0 also added a one-month free trial of the Pro version so Shadowra could benefit of it to test iDefender Pro too. If he didn't I think he make the test when 5.1.1.0 wasn't available yet. Unfortunately the video doesn't show which version number he used for the test.

 

About my question #44 about iDefender Pro and online games https://github.com/wecooperate/iDefender/issues/44 I thought about it a lot and I must say that I'm reluctanct to install iDefender Pro (I'm not interested in iDefender Free) because even if in its normal state with default rules / plugins is a software perfectly legit, I wouldn't want that Blizzard could include it anyway in anti-cheat blacklisted apps for its capability, if its stock rules are edited in a specific way or if other rules (i.e. cheating plugins) are imported from 3rd party sources, to bypass online games anti-cheat protections.
As far as I know Blizzard anti-cheat blacklist isn't public so I know I would still have doubts if it's worth installing it, with the risk of a permanent ban from World of Warcraft.

 

From their website:

iDefender - The Infinite Potential Host Intrusion Prevention System (HIPS) & Real-time Endpoint Detection and Response for Home
Prevent Ransomware
Detect and block ransomware in real time to protect critical files from malicious encryption

Noting this, I thought that a very simple test would be fun. However after running 4 different ransomware samples against iDefender, 3 of them (Xdata. Revenge, Ishtar) were able to encrypt files rather easily.

A sub-optimal result.

 

Interesting. Thanks for that.

 

Same results over here as well including Hades Locker, Rahni (XData), Lightning Crypt, Pet Wrap (MBR), Jolly Roger, Roza Locker UGH What iDefender DID DO for me was encourage me to reopen my long closed prison of malwares. And there's tons i still have left untested, with ONLY the hash file number as name, and BIN as extensions. Hah i thought i was done awhile messing with those. ALL are thoroughly TIGHTLY SECURED on a special Windows 8/1 rig JUST AS STORAGE.

Many would likely blast right through any Windows 11 version including & regardless of AV or layering third party shields without iDefender.
WiseVector StartX was the absolute best (FOR ME) at EFFECTIVELY thwarting ransom cryptors, And before that Heilig RansomOff of which i was an official NDA Beta Tester with for a time. Now RansomOff is all but fully purged from Google Searches pretty much.

Speaking of FUN you should run Acid Blast.exe on iDefender. A harmless PRANK executable but iDefender never lifted a finger of an alert yet acid blast does the ransomware screen block dance RAPIDLY forcing you to find Task Manager to Terminate. I still HATE that joke program

 

All that said, I am still a huge old school fan of Pure full feature rulesets HIPS as a secondary defense recognition/detection monitor.
iDefense partially (Nearly/Fully) fits my criteria with that expectation. However for me it is way too much crippled in the free version to encourage my interest for Pro. And 30 day Free Trial smells like a fast draw. Trying to think positively here.

 

I must say that I didn't fully understand this issue. But as mentioned before, the fact that iDefender is able to bypass Windows PatchGuard (and hook the SSDT) is more troubling to me.

Again, I'm not saying they are not trustworthy, but IMO security tools should not try to bypass OS security features. This might cause security and stability issues, especially combined with other security tools. BTW, with this tool you can see if the SSDT has been hooked, rootkits used to do this in a malicious way.

https://www.softpedia.com/get/System/System-Info/SSDT-View.shtml

 

Thanks for testing and too bad! So this means that the file defence feature doesn't work as planned. And I assume it doesn't have a feature to (manually) protect certain folders like Downloads and Documents?

Cruelsister, can you perhaps also test infostealers? Because iDefender claims that it can block access to browser data, I assume both in memory and disk. And do you guys also have malware that performs code injection/process hollowing?

Yes, will see what I can do.

 

To play at World of Warcraft you have to install Battle.net client and login to your Blizzard's account with e-mail address and password. Blizzard's games integrate a anti-cheat protection software called Warden. From War of Warcraft Wiki https://worldofwarcraft.fandom.com/et/wiki/Warden_(software) :

Warden (also known as Warden Client) is an anti-cheating tool integrated in Blizzard Entertainment games such as Diablo II (since patch 1.11), StarCraft (patch 1.15), Warcraft III and most notably World of Warcraft. While the game is running, Warden uses API function calls to collect data on open programs on the user's computer and sends it back to Blizzard servers as hash values to be compared to those of known cheating programs. Privacy advocates consider the program to be spyware. Blizzard has said that Warden does not gather any personally identifiable information about players other than the account being used. It also states that the data collected is only used for finding evidence of malicious programs and cheating.

With its stock rules / plugins iDefender isn't a cheating software but it can become so if its rules are edited in a specific way for cheating purpose or if rules specifically created for cheating are imported from sources external to the developer. iDefender's developer wrote "Many people use it for illegal purposes related to cheating plugins. Dozens of people ask about it every day, so we have now banned all game-related questions, almost all of which are aimed at bypassing the game's anti-cheat mechanisms" and also "It is strictly prohibited to be used for any form of cheating". Obviously I don't want to cheat in playing at World of Warcraft but my fear is that Blizzard could still include it in the list of cheating apps even if it is not used for this purpose. As I already wrote above and as far as I know, Blizzard's blacklist is not public so it isn't possible to know what Blizzard considers as cheating apps. Even more so if someone were to use iDefender to cheat in World of Warcraft, I definitely think Blizzard would add it to the blacklist.
If the anti-cheat system Warden finds a blacklisted app in player's system the penalty in general is a ban from the game. The ban could be for a period of time but, in the worst case scenario, it could lead to a permanent ban with the forced closure of Blizzard's account.
As for playing World of Warcraft I've already spent time and a considerable sum of money for subscription and in-game purchases, I certainly can't afford such a risk, so I prefer to avoid installing iDefender.

Lastly, from World of Warcraft Wiki https://worldofwarcraft.fandom.com/et/wiki/Cheating

In MMOs (Massively multiplayer online games: any online video game in which a player interacts with a large number of other players), cheating is often defined as doing some thing immoral or unethical with or in the game.

In World of Warcraft
Most people have different thresholds of what they consider cheating. The license agreement for most MMORPGs covers some types of cheating as a legal issue that has various related penalties.

Definitions
Most players consider buying items or large amounts of in-game money through means outside the game a form of cheating (this is also specifically and expressly forbidden in the World of Warcraft terms of service). Most also agree that using some sort of automated macro program to repeat some mundane but profitable task as a form of cheating.
Other types of cheating:

• Using an exploit.
• Using undocumented cheat codes for an advantage without an opponent's knowledge.
• Altering game code to give an advantage.

Why avoid it
The question that often gets asked: "What's wrong with cheating?" ...usually followed by: "It's only a game."
Some possible answers:

• It can adversely affect other people's enjoyment of the game - for example, it unbalances the playing field which is especially heinous in the PvP environment.
• It makes other players less friendly or helpful, because they start to think they might be helping someone who doesn't deserve it.
• It gets you kicked out of the game.

 

Thanks to Nick and Mr. X, I can post normally now.

Given that many people are confused about whether iDefender affects games or leads to account bans, here's a further explanation: iDefender does not impact games, nor does it provide any cheating methods such as reading or modifying game memory.

So why was it mentioned before that some people used iDefender in cheating scenarios? This is because game anti-cheat systems typically load drivers. As HIPS (Host Intrusion Prevention System) software, iDefender can intercept driver loading, which may cause the game's anti-cheat system to malfunction, potentially allowing some cheating tools to avoid detection.

Any antivirus software with HIPS capabilities can achieve this. However, because iDefender is very lightweight and its settings are straightforward, it can easily be configured to block driver loading, which is why it was recommended by some.

Later, game anti-cheat systems were updated to deny game entry if driver loading fails. Simultaneously, iDefender has since included certain game drivers in its built-in trustlist to prevent them from being blocked by custom rules. Consequently, the original method lost effectiveness, leading many to inquire about the reason.

Finally, never use iDefender to intercept the driver loading of anti-cheat systems. If you encounter such issues, please report them to us. We will add the relevant drivers to the built-in trustlist to prevent this from happening.

 

Thank you for your explanation, I'm not a technician so I don't fully understand it but can you guarantee me 100% that Blizzard one day or another won't add iDefender to its blacklist of prohibited applications knowing that, with external cheating plugins, it still has the possibility to bypass online games anti-cheat systems and especially if World of Warcraft's Warden anti-cheat system identifies iDefender on someone's system who is using it to cheat, or at least trying to, in the game ?
I guess you're the same developer who replied to me on GitHub https://github.com/wecooperate/iDefender/issues/44 "Many people use it for illegal purposes related to cheating plugins." and "Dozens of people ask about it every day, so we have now banned all game-related questions (almost all of which are aimed at bypassing the game's anti-cheat mechanisms)" so someone World of Warcraft player could use those cheating plugins, imported from who knows where, to cheat in game.
World of Warcraft is probably the most popular online game in the world, so the chances of someone trying to cheat, possibly using also iDefender with the imported cheating plugins, are greater than other online games.
We can't exclude it or am I wrong?

 

iDefender does not have "cheating plugins"; this is likely a misunderstanding caused by AI translation. We will fix it. It can only be leveraged to intercept driver loading, not to provide cheating functionality.

 

Some tutorials and use cases for iDefender have been added here ( https://www.idefender.net/help/ ), and hope this will be helpful.

 

The developer wecooperate replied to my question ( #44) in English as you can see from the screenshot below. I didn't need to use a translator for it, of course, and he wrote about cheating plugins.

The AI translation is related to a previous issue ( #42) that a iDefender Pro's user had with the online game Valorant.

https://github.com/wecooperate/iDefender/issues/44

 

I apologize for the confusion. What I meant to express is that the error was not caused by your translation, but occurred when the developer used translation while replying. The latest issue has been updated and fixed.

 

Then it wouldn't be necessary the warning that "It is strictly prohibited to be used for any form of cheating" unless that's another error caused by AI translation.
Anyway case closed for me. I still prefer not to install iDefender, other World of Warcraft players can do what they want, obviously.

 

I believe you're misunderstanding. iDefender can block driver loading, causing certain video games not to run. So either the user has to make sure not to block those drivers manually, or iDefender should add those drivers to the whitelist. So normally speaking you shouldn't run into major problems with iDefender.

 

Thanks for your clear explanation and good to see you on this forum! Can you perhaps comment on certain of my posts?

For starters, why did you guys decide to add a feature that can bypass PatchGuard? And which code injection methods does iDefender monitor? And why did iDefender perform poorly against certain ransomware samples?

And perhaps you can also make videos about how iDefender is able to block certain malware? For example, perhaps you can test infostealers who try to access browser data. Perhaps you can also test malware that performs process hollowing.

https://www.wilderssecurity.com/threads/idefender-new-hips-for-windows.458024/page-3#post-3250163
https://www.wilderssecurity.com/threads/idefender-new-hips-for-windows.458024/page-2#post-3250010
https://www.wilderssecurity.com/threads/idefender-new-hips-for-windows.458024/page-3#post-3250086
https://www.wilderssecurity.com/threads/idefender-new-hips-for-windows.458024/page-3#post-3250109

 

It could also be but anyway I won't install iDefender Pro (I'm not interested in iDefender Free), to avoid completely any potential issue, major or minor, with World of Warcraft. In my specific case, weighing up the pros and cons, it's not worth the risk.
Other World of Warcraft players may think differently, of course. For me the matter ends here and I will not return to this subject anymore.

 

That's fine, but you need to make decisions based on the correct understanding of this matter. From what I understood, there isn't anything special about iDefender, other HIPS like SpyShelter and Comodo can block drivers too. So iDefender isn't actively trying to interfere with anti-cheat systems, and is even whitelisting certain drivers to avoid causing problems.

 

I can definitely attest to iDefender as 'lightweight and straightforward settings. That's an excellent advantage. Furthermore many of us are thrilled being older school and for us it's distinctly understood, we don't do games, anti-cheat etc. Looks like gamers are cramming the net these days and constantly raise a fuss with that practice. So be it for them but the rest of us are more concerned about malware protection a decent HIPS will help snap up and interrupt with modern detections.

iDefense so far when i use it is looking like it is filling in the blanks as things go along. Because it is so lightweight there is virtually zero impact running live on one of my rigs. Soon as i find time a good test of capability will happen on this end using Atomics Red Teams many various attack and entry scenarios. Kind of excited about that and am in some expectation of results.

WELCOME TO THE FORUMS!

 

I have SpyShelter: if I disable it, can I safely try iDefender ?