MALWARE DEFENDER SETUP TIPS

The defaults are quite good. However, a truly paranoid fellow might want to add the additional items listed in Kees' post #2 for "Extra file protection" & "Extra registry protection (; plus name means registry value)".

A- I have lots of security programs & other "heavy applications" on my computer, and MD now gets along just fine with all of them. However, MD can cause some application installer programs to be confused or even break.

B- When installing a new application with MD running, MD will throw LOTS of alerts at you -- especially if you have Global File Rules enabled. Sometimes the new app's install routine will patiently wait while you read MD's alert, and (once you "permit" that alert) the app will resume its install routine, no harm done.

C- However, some install routines are NOT so patient when they are repeatedly stopped & started & stopped & started -- again & again & again. Thus, it has been my experience that many install routines become confused or break when interrupted by a series of MD alerts.

D- This same install problem has occured, not only with MD, but with EVERY classic HIPS I have ever used (SSM, D+, OnlineArmor, ProSecurity, etc.). That is why OnlineArmor added an "install" setting. ProSecurity included an install mode from the get-go. SSM advised users to put SSM back into "learning" mode before any installation. And so forth.

E- The lack of an install mode in MD isn't exactly a flaw. Why? Because the install mode (in ALL HIPS that have one) basically suspends the HIPS from popping any alerts, & thus leaves your computer pretty much unprotected during installation of a new app. In effect, the install mode seems to be a convenience, but in reality it gives a phony sense of security.

==> For a thorough discussion of the utility/futility of "install mode" see THAT thread.

F- To avoid problems during install, I simply disable MD (the same solution I used with other HIPS I have run). This leaves me unprotected by MD during installs. However, I do a lot of checks of a new app BEFORE installing it. My pre-install checks include on-demand scans of the setup file with Twister, Avira, MBAM, etc. Also, I always make a system disk image before installing.

G-Other options...

1- Put MD into learning mode during installs. This avoids possible problems that can be caused by MD's frequent interruptions to an install routine. However, it has the disadvantage of leaving the system unprotected by MD during installs.

2- (a) Leave MD active during installs and answer the pop-ups as they appear. (b) Then disable MD and uninstall the app. (c) Then re-enable MD & install the app again. --- Thus, MD should sit quietly during the re-install but it will be protecting you at all times. This is a very safe way, but some might regard it as a bit of a PITA.

 

thanks for your reply,perhaps I should and let it learn the entire apps my habbits and the like,So when I do switch to Normal mode it will only pop when there is concern.

 

Thanks Mr.Bell.I am not paranoid in the least but when I feel adventures,I fire up shadow Defender the un disputed un defeated champ on my machine so far.beside I can restore a clean image if needed.I will leave Defaults of MD for know make sure all runs well,perhaps tweak at a latter.

 

*bellgamin's

what about the 100% cpu usage issue ? , after install MD and making first pc restart?

it is the only HIPS making this problem .(ssm work perfect after restarts)
any way to bypass this problem ?
cant use MD coz of that... its freezes more than 10 minutes (and than i resest pc )

10x

 

MD hooks the kernel -- it doesn't poll AFAIK. Therefore, it has no need nor tendency to use any significant levels of cpu. The screenies below show cpu usage on my computer by MD's 2 visible processes. In over 8 hours of computer running time, MD has used only 7+ seconds of cpu time.





You need to contact Xiaolin (email to support at torchsoft dot com). You have a unique problem. IMO, it is not MD alone, but some combination of software on your computer that is causing this situation.

 

Did you test the latest version of MD? thx.

 

Its running beautifull here and I love silent mode Excutable lock down.

 

known issue:

I found in some rare cases, due to software incompatibility, the alert window cannot get input focus, or the alert window cannot be displayed on top of other windows. Then system lockup may happen.

To resolve the problem, please try using hot-keys of MD to permit/deny the action or disable protection.

 

Thanks for that tip xiaolin. Exactly what i been experiencing here but i suspected some of my other security apps conflicting, we'll all get this thing straight no doubt. Whatta very interesting and efficient HIPS, great app

 

xiaolin, Kees1958

Thanks for the answers!


... xiaolin,
From what I learned on this forum about the features of malware defender and the screen tutorial/images of md presented by Kees1958, I must say that I am very impressed about the protection power of md and ease of rule setup shown in the tutorial of Kees1958.
... Tight on time now, but after the holidays, md will be the first new security pgm on my list to try !
Keep up the excellent work !!!

 

hi xiaolin , 10 for reply
yes the 1.22 .

this problem been mention around in this forum and also on other none English boards.

i remember it also been in early version of MD

bellgamin's
10x for reply mate

it append mate , after install MD and make restart.
i think someone said it about so checksum on files , to see they didnt changed

100x

 

These options (1 & 2) write a lot of rules for nothing. Installation of a program success once, it's a single success. Good to see the behavior of installer if you are unsure, but bad for a day after day HIPS work. You can erase the new rules created after installation, or deactivate HIPS before installation.
"Learning" mode is good for to run a trusted prog, but not for installations!
Many time "allowing" this manner soft installations can increase a lot your HIPS database, and for me, this is bad thing.

 

It would help if you read my comments more carefully, in context. I was not suggesting an ideal method for processing installs. Rather, I was replying to a post whereby chrome_sturman wanted MD to CEASE interfering with installs.

I told him the easy way -- simply disable MD during the install. However, that method prevents MD's protective functions. Then I told him 2 ways for (A) stopping MD's interfering with installs, while -- AT THE SAME TIME -- (B) maintaining MD's protective monitorship functions in an active status.

As to unnecessary rules created during install (or any other time) simply open "Rule" drop-down menu, then click "Remove Stale Rules".

If you know a better way to sustain MD's protection WITHOUT allowing MD to interfere with installs, then by all means tell us that BETTER WAY. Otherwise...

 

zen_usario

Any relation to THIS?

ssupdater.com VIP member?

We, all, know what this ssupdater.com stands for...

Sorry, for being off topic,
but before we see What someone writes
it helps to know Where he comes from...

Dear Bellgamin, don't bother...
I bet he doesn't understand even what you are talking about...

 

what is all this mean?

 

?? BETTER WAY? I've quoted only "1 & 2" from "G- Other options" explaining my own thought about both. For the rest, I'm totally agree, what's matter?

I've installed a lot of progs using SSM, EQsecure, CIS, and the most of times the only thing was uncheck or not check "remember" from the alert windows, only very few times I've disabled or selected "installation mode" for this, but installing p.g. "Nero", "Microsoft Office", big soft's... can be a real pain without "disabling temporally" your HIPS,... also your AV (if real-time).

By the other hand, I've experimented also occassionally "aborted or failed" installations because HIPS action / installer runtime, waiting for the user interaction.

Well, you see I'm agree with you, only my poor two cents of my good or bad experience I've writed. Excuse me for my bad english, sorry if I'm mistaked

 

Yes, I'm a SSUpdater user, and a COMODO's reader times ago, and this forum and anothers also.
For me itsn't a problem to participate, actively or reading, with forums. This provide and share information.
I'm not a professional, I'm a curious home user.
My english is very bad, excuses.
You can see how "bad" are my posts, or what, simply reading. Nothing is "hidden" on my own behavior.
I'm a fan of Alcyon's rules set for EQsecure,........

Nothing more, simply

 

hey welcome to wilders forum

 

Repent! Turn unto the light & be saved from the darkness!

Me, too. Welcome to Wilders.

Your English is much better than my ability to write in YOUR language (whatever it may be).

Hopefully Alcyon will soon develop a rule set for Malware Defender.

Switch to MD -- you won't be sorry if you do. Peace & good luck to you!

 

Thanks
I've readed about it here from Alcyon

Few days ago, I've shortly tested MD (trial) with a VM for a "battery" of anti-leak tests, and my first impression was this, impressioned by MD.
MD scored very high, and I'm taking in consideration that MD itsn't one of these softwares frequently included in a "anti-leak test comparative (competition)"

Nowadays for me, the only reasson for no switch to MD is the pay theme, I'm currently only using freeware's.

@Jmonge

Thanks

 

Hi bellgamin,

1. Out of curiosity, which procedure do you follow when your applying your manual (I assume your not using auto) or automatic windows updates from the msupdates site ?

... Are you "Disabling" MD, putting MD into "learning mode" or leaving MD in "normal mode" to ensure there is no potential problem now or in the future (in case MS changes the way windows updates performs the install/updating process), when applying MS Windows Updates.


2. Since, I won't have time to try MD until after the holidays, .... If you don't mind answering two basic questions ........

A) ... I am curious, viewing the example provided by Kees1958, as to what is the difference between using the 'ignore' vs 'permit' actions for the "read and write" access options of the File Rules ... and also on the access/permission rules on the general tab of Application Rules" ?


B) ... Also, will MD allow a File Rule to be setup to protect access at the drive letter level, for the purpose to protect an entire external backup drive from being accessed by any process other than the backup pgm and windows system (explorer, utilities, etc) (for example, F:\* write (ask) )

..... If yes, would there be any issues if the backup drive is a USB drive that is turned off, when not being used and as a result be an unavailable/offline drive for MD to monitor for file access protection ?

 

I always make an image of my system disk before installing Windows patches. I do not download them from Microsoft. Instead, I get them from SoftwarePatch. I install them manually, with MD disabled.

As to your question 2a about Permit VS Ignore, I THINK "permit" means to allow the given process to perform the action which is specified by the rule whereas "ignore" means that the rule has no applicability whatsoever to the given process. Here are some quotes from MD's help file...

As to your question 2b -- if Xiaolin doesn't answer your question, I might conduct an experiment to get an answer for you -- but after Christmas, I think.

To get a faster & more authoritative answer, email to <support at torchsoft dot com> -- Xiaolin usually answers quickly & is very helpful & friendly.

 

IGNORE means to continue searching for lower priority rules.

You can add a global file rule (F:\* write (deny) ), then add PERMIT rule (F:\* write (permit)) to the private file rule list of pgm/explorer.

It should be no problem.

 

Read this Thead to remember a few things about ssupdater.com...

This site/forum:

1) Includes links for Security Software Cracking (Keygens, Patches etc.)

2) Presents AntiMalware Tests of Ambigous quality
(i.e. no testing methodology, poor quality/old VX samples etc.)

How, someone can be a member of a Legitimate Forum like Wilders,
and at the same time, be a VIP member of site that includes Cracking links
is a bit strange; not to say schizophrenic...

It is like being out of the Law/against the Law
and at the same time, being with the Law...(<= Paradox).

Even if you don't use any Cracks, zen_usario,
it is not an excuse for being a VIP member of such a site.

I hope that you will not try to convince us about
the validity of their "Tests" in the future...

<Sorry for being out of topic, but some Clarifications needed>

 

dont worry no buddy will judge you if you come here for help or to improve your security arsenal,all of us come from some where there no angels here any way the purpose of this forum is to get help or fight againts malware
so again welcome to wilders forum