AppDefend Wishlist / New Features / Suggestions

Hi,

Was just browsing the Appdefend Forum and this post :

https://www.wilderssecurity.com/showthread.php?p=752380#post752380

Brought an idea to mind. How about a "simple" disk protection per application a bit like the simple network control we have now.

Example :-

Application
C:\Program Files\Windows NT\Accessories\wordpad.exe

Could have the following 3 options for disk access :-

1) Disk access to App path and Sub dirs - RW (options: NONE/RO/RW)
2) Disk access to "My Documents" - RW (options: NONE/RO/RW)
3) Disk access to System - RO (options: NONE/RO/RW)

So wordpad.exe would be allowed read/write access to it's own directory and any sub directories and read/write to "My Documents" but only read access to the rest of the systems disks.

It might be a way of reducing any damage done by naughty apps that have been allowed to run thinking they are safe but then seeing lots of delete requests to "C:/windows/system" that might make you change your mind !

Wouldn't want it to delay the eagerly awaited next Beta if it was to be included and probably would need lots of work anyway.

Cheers
Joe999

 

hi~sorry about my English because i come from Asia.
i've tried the standard regdefend and then appdefend beta(including RD).

first,i find that AD's log is not so detailed as RD's. when i view the log of RD,i can see if it's blocked/allowed by application rules,or ask user,or auto user,i think it's very useful.

secondly,when appdefend asks me if i allow a applicaton to set a global hook,i choose "allow always",the result is the application will be allowed to set global hooks or just the current one? Maybe i couldn't say it clearly so i give a picture of SSM .If Appdefend can't do this as SSM now ,i wish AD can have the feature in future version

Thank you

 

Hi Kkiko, The "always allow" is application specific, this is as intended as that application is SHA checked, if malware were to change an .exe with "allow always" then you would receive a pop-up, if you know that the application has changed say via an update then you would re-allow it.

Bare in mind that a keylogger that you may have accidently "caught" would be stopped in it's tracks by AD unless you allowed it, this is why applications are given individual attention for their specific rules.

BTW - Your English is not at all bad

HTH. Pilli

 

at the moment .. and sorry to kick in .. but Appdefend cannot come even close to SSM .. the metamorphose SSM has made is phenomenal .. backed up with good support!

.. I don't know what's happening ... but honestly .. this happend a lot lately .. there is simply no support for Ghost Security and that was one of the best features it had .. the fast answers from Jason ..

so my feature request is:

give us the support like we had before .. I have to bite my tongue for not giving any more feedback ...

 

Hi Infinity, As you can see from other threads Jason has been very busy making ground breaking changes to the GSS suite - He is only one man whereas SSM is now being developed by a team.

Jason had some severe problems a while ago and they have now been resolved. I think that you will find that Jason's support will be second to none once the new suite is finished.

Pilli

 

I don't doubt you, nor do I doubt Jason .. but GSS is loosing ground (and I won't even talk about PG .. .. )
.. I know SSM is with 3 guys (I believe) .. But I thought Jason was not the single coder/programmer .. if this is the case, I can understand this even more.

I was just a little worried, that's all. cause GSS has fine capacities (had a good backup / support .. the other Ghost moderator I haven't seen him for ages

.. if RD and AD can be purchased as one program/suite, then Jason is one step closer again (this will probably go on and on and on) .. but the capacities are numerous with GSS .. like I said from the beginning.

Best Wishes to you and Jason! and I hope, once again that it will be alright in the end .. for everyone.

 

Suggestion

Couldn't find this in the suggestion thread, which was closed anyways....

When AppDefend pops the window asking if an app can connect to a site, why not put a button there that resolves the address like 'whois' does? Knowing the site it is trying to access can help judge if the request is legitimate.

Better yet, can you incorporate the 'Shazou' extension that works with Firefox? I have it in my browser - by clicking the icon I can tell Wilders is at 65.175.38.194, its run by Freeze Frame Graphics at 3949 Schelden Circle, Bethlehem, PA. It also shows a Google map of the location (single building surrounded by grass).

Thanks.

 

Re: Suggestion

Good idea! but... If you've already got software that does that for you,why bloat AD with unnecessary things we already have?

 

Theres basically only a few wishes I would like added to AppDefend.

First I would like some sort of disk access protection, being able to set where particular processes are allowed to read or write files would secure a system no end, well something along those lines anyhow, I guess joe999 put it better then I did in post #51

Secondly I would like to see some form of ASLR as well.

Thirdly some kind of virtualization layer similar to DeepFreeze or ShadowUser.

Thats about it for me right now, I dont want much really, okay okay....how about some more ghosts.....hehe

Hugs for George the ghost,
Fluffy

 

first i would like to appreciate appdend design it is really cool.
my wishes are
on memory protection should be like PG that is appdefend warns any application which tries to write on memory of others but even if it is allowed to write it should be specific to that process not others for eg. if some process wants to modify iexplore.exe it should only be allowed to iexplore.exe not csrss.exe please add this feature.
thanks.

 

It's a good idea in theory, but I dislike the complexity it adds to the user interface. Mostly because it's very difficult for the end user to determine why something is happening, lists of lists is something I try to avoid.

This has been discussed in great detail with some of my testers and some ideas were brought up to allow the greater flexibility you desire without the UI headache. They should be in the next GSS.exe.

 

Hello,

would it be possible to make AD's firewall a bit more talkative?
Currently it indicates only that an app is initiating a network connection.
Perhaps the old feature showing the address/port/protocol at least could be brought back.

Thanks, xtree

 

GSS v1.410

These will probably be addressed as GSS comes closer to a release version, but I wanted to state them any way.

1. Columns are not sortable by clicking on the column name, please consider making the display user sortable by clicking on a column header.
2. The Logging screen only displays the time and event happened but not the date, please consider adding the date as well.

These are my main things I would like to see incorporated in the release version.

 

I would like standardized GUI, so its easier to read, my eyes dart all over the place to read, and due to the way its currently setup, sometimes I just give up and go 'allow once' a few hundred times..

Also AppDefend recognising 'installation' applications, probably when it an allowed setup.exe extracts and executes a TMP file. So setup.exe "Allow?", then TMP "Parent Process Setup.exe - possible Installation program - Allow?" then it will ignore all other TMP and setup.exe requests for that session.

I agree with the 'disable appdefend' for XX amount of seconds. Or 'disable appdefend until next reboot' or 'Disable appdefend until PID terminates'. any sort of rule that you want Appdefend (even regdefend) to disable and allowing it to turn back on automatically when the time 'is right'.