iDefender (new HIPS for Windows)

So about the comparison table I posted in my previous post the Free version has all those features except for Support and you have to pay 29.99 $ each year for having it ? I'm sorry if I don't understand, furthermore the Comodo website it is not very explanatory, in my opinion.

 

It's amazing how a thread can be derailed pretty fast.

 

You're right but certainly the lack of contributions from the iDefender developers doesn't help to keep this thread focused on iDefender, in my opinion. They were very quick to respond to me when I posted them some questions about the compatibility between iDefender and World of Warcraft, after those 4 posts they didn't answer to other questions posted by some users and their last post is dated 26th September.
In conclusion I think it's not the best way to promote a pretty unknown software, at least for the non-Asian market. Moreover it is a cybersecurity software so the infos about its effectiveness and usability are very important, of course.

 

Point taken, we should probably post questions about Comodo in another thread. However, a comparison between Comodo, SpyShelter and iDefender is still interesting. But what is your experience so far with iDefender? Does it actually alert about stuff? And is there an autoblock option?

 

Yes quite disappointing, I hope I didn't scare him away with my technical questions? But I believe my questions weren't that bad, I was just trying to figure out against what types of code injection iDefender protects, why iDefender couldn't stop certain ransomware samples and why he chose to implement a PatchGuard bypass option, which most security tools don't do.

 

I don't think so. Anyway, as I already wrote previously, you and other iDefender users (or potential users) could post your questions on GitHub page https://github.com/wecooperate/iDefender/issues
When I posted on that webpage my questions about the iDefender / World of Warcraft interaction the developers were quick in responding before deleting my posts, their replies and prohibiting the discussion of games-related issues.
If they don't even answer your questions on their GitHub page, that certainly isn't a good sign.

 

"Avira Security Warning: Unsafe website"
-----------
https://threatyeti.com/search?q=idefender.net
https://www.urlvoid.com/scan/idefender.net/

 

It's probably because it's hosted in China. Obviously this is not actually an unsafe website, unless you simply don't trust Chinese software.

 

There is no activity on that page at all, but I guess we should try again?

Also, I noticed a topic about keylogging protection, and they forgot to add certain protection against keyloggers. However, it would be interesting if they could develop keystroke encryption, something that SpyShelter 15 doesn't offer anymore.

https://github.com/wecooperate/iDefender/issues/41

 

I don't think that Avira (and the rest of the AV) flags all Chinese sites.

 

I definitely think you should post your questions on GitHub. The lack of developer's activity on GitHub can also indicate that in that period there were no answers simply because there were no questions addressed to the developers. Furthermore I just discovered that the developer's answers related to the closed issues aren't shown on the GitHub contribution table (almost all closed issues are in Chinese language).
The iDefender's developer wecooperate updated contribution table is found at https://github.com/wecooperate and his last contribution, dated 26th September, is the following open issue

 

I can say that on VirusTotal only CRDF (I guess it is https://threatcenter.crdf.fr/) flagged it as malicious
https://www.virustotal.com/gui/url/d1bd418f16146f0cf123c9cc066a97669c147d1715bc89d116a3b1232f7a2260

 

It is ; there’s two different installers but you can choose to install only the firewall even in CIS one’s

 

The free / premium version has everything the paid / pro version has, with the exception of support

 

Got it, thank you.

 

That's abit long in the tooth for a 'security' program. I'd rather a more recent firewall like Malwarebytes WFC. It & windows own firewall are still actively updated to handle new malware exploits.Add a decent hips like iDefender & you're good to go.

 

Version 5.2.0 is now available, introducing a host of new features and improvements. https://www.idefender.net/changelog.html

• Mechanism Improvements
  
  • Refactored all built-in rules based on ATT&CK framework, adding labels, scoring, and threat levels
    
    
  • Added automatic blocking mechanism based on IOA multi-step behavior
    
    
  • Added automatic blocking mechanism based on scoring system
    
    
  • Added stack detection to identify Direct Syscall, Indirect Syscall, and Shellcode calls
    
    
  • Added UAC Bypass detection
    
    
  • Added Keylogging detection
    
    
  • Added asynchronous detection mechanism based on ETW-TI
    
• New Built-in Rules
  
  • Global Trusted Modules
    
    
  • Automatically Blocking Malicious Behaviors (IOA)
    
    
  • Automatically Blocking Malicious Behaviors (Scoring)
    
    
  • Automatically Allowing Anomalous Behaviors from High-Reputation Processes
    
    
  • Automatically Blocking Suspicious Behaviors from Low-Reputation Processes
    
    
  • Block modification of HVCI settings to intercept driver loading
    
    
  • Lsass Hardening
    
    
  • Block LOLBins Process Network Access
    
    
  • Block Keylogging
    
    
  • Block Browser Data and Password Theft
    
    
  • Block UAC Elevation Bypass Exploits
    
    
  • Block Exploits Leveraging System Mechanisms
    
    • Block WDAC modifications
      
      
    • Block DosDevices symbolic link modifications
      
      
    • Block wow64log.dll hijacking
      
• Feature Optimizations
  
  • Optimized process reputation mechanism
    
    
  • Optimized injection detection mechanism
    
    
  • Optimized process caching
    
    
  • Network Access Prompt support allowing high-reputation processes
    
    
  • Prompt pop-ups now display TTP
    
    
  • Other usability improvements
    
• Issue Fixes
  
  • Fixed UI lag caused by driver blocking pop-ups in Windows 11, version 25H2
    
    
  • Fixed various other reported issues
    

 

Strong Improvements this version, 5.20.

 

Hi @ Wilders

I am trying our iDefender HIPS with little knowledge of what HIPS do.

I have a question for the Community:-

If iDefender is in learning mode all prompts are dealt with silently and allowed. When I switched off Learning mode some prompts popped up but I missed them so they were blocked. In Events I can see what is blocked but I don't know what to do to unblock them and achieved the same result as if it were in Learning Mode (Allowed).

Could some when explain what to do please?

Thanks

Terry

 

Hi,

The rule is shown on the event.

You can double click on the event, it will open a windows with the rule triggered. Click on the rule text in that window and it will open it

 

Hi Nastrahl

Thanks for that. When you have opened it in the event and you have clicked on the rule text in that window and it opens, what do you do then? I ask this because it is blocked and I want to unblock it?

Thanks

Terry

 

Click on the rule’s text to open the rule settings directly

 

Hi Nastrahl

Thanks again for that.

I say again when you "Click on the rule’s text to open the rule settings directly" what do you do to unblock it ?

Thanks

Terry

 

Sorry I misunderstood

Once it opens the rules windows, there can be one or two tabs. The first one is ’Options’ and the second one is ’Exclusion’.
If there’s only one tab it’s always the Exclusion one.
Here, you can add the process to exception, but it will require you to specify manually the path or the process name.

 

Manually editing via Exclusion is a more flexible approach, allowing for the setting of wildcards and more. If you simply need to trust a process or a target, you can right-click on the blocking event and select "Trust Process" or "Trust Target" to quickly unblock it.