Malware Defender 2.2.0 beta

I'm using Malware Defender and I'm also using
- antivir
- Outpost Pro
- Defensewall

My operating system is Window Vista. I have problems with MD beta 2 and MD beta 3. MD affects my wireless connections: I can use mail programs but I can't use any brower. I can' t understand the reason.
I didn't have this problem with MD 2.1 and MD 2.2 beta 1.

Any suggestions?

Thanks in advance.

 

Thanks for the bug report. The browser cannot be started? Could you try the learning mode?

If you cannot resolve the problem with learning mode, could you try disable the "Read-Restricted Files" rule group?

 

Thank you xiaolin my wireless connection work now.

MD confilcts with Outpost HIPS?

 

I tested MD with OP, but do not find problems. It's complicate to use multiple security softwares.

 

OK thank for your help xiaolin

 

Yes, I also have some programs on USB sticks which appear on a stale rule clean up. I think that it would be a good idea to have some sort of ignore list.

 

Hi Pete,

Having a program in the trusted group is the easy way to resolve problems when MD is conflict with other security softwares. Normally, using learning mode will resolve such conflict. But sometimes the conflicted action does not execute when MD is in learning mode.

The ignore list will be added in next release.

 

Malware Defender 2.2.0 final is released.

English version: http://www.torchsoft.com/download/md_setup.exe
French version: http://www.torchsoft.com/download/md_setup_fra.exe
Spanish version: http://www.torchsoft.com/download/md_setup_esn.exe
Russian version: http://www.torchsoft.com/download/md_setup_rus.exe

What's new?
- Added protection against accessing Service Control Manager.
- Added protection against loading dynamic link libraries.
- Added protection against accessing COM interfaces.
- Added protection against setting hidden attribute of file or folder.
- Added support for searching permission and comment of rules.
- Added support for managing multiple rule files.
- Added support for Windows 7 rc.
- Separated "duplicate handle" permission from "access memory of other processes".
- Improved performance when handling file reading actions.
- Minor improvements and fixes.

NOTE:
If you upgrade MD from v2.2.0 beta2 or before, please restart system in learning mode after upgrade.

If you upgrade MD from v2.2.0 beta1 or before, please import the following rule file. (Rule menu -> Import) http://www.torchsoft.com/download/Read-Restricted_Files.dat

 

Installed & running smoothly!

Why restart in learning mode? How long should I remain in that mode?

 

Currently trying the latest version of MD. The only problems I have had so far is a pop up saying that MD can't register the following hot key: ctrl+shift+alt+P.
so i disabled hot keys in MD. Perhaps a conflict with Adobe Photoshop or Canon Digital Photo Professional? Also I cannot open Dr. Web CureIt (free scanner) because of its self extracting files. It will run if I disable protection in MD first.

Otherwise seems to be running smoothly with all my other programs. I ran it in Learning Mode for awhile opening and running all my programs and doing several reboots.

 

It may not necessary to restart in learning mode. You can switch to normal mode after restarted.

 

You can change the hot key or clear the specific hot key.

If you encounter conflict problems, you can try using learning mode or grant full permissions to the corresponding application rule.

 

Running well so far on Windows 7 RC, Vista SP2, and XP SP3. Thanks as always for the improvements.

 

Given the new protections, I would recommend staying in learning mode for a session or two of normal usage. For me, that spanned about two days. Depending on the OS or installed apps, you may otherwise have to respond to quite a few alerts.

 

After several years with Ghost Security I have changed over and purchased a license for Malware Defender 2.2.0. I have enjoyed AppDefend/RegDefend, but development seemed to stop in March of 2008 and several E-Mails to Jason recently went unanswered. Although he continues to sell the products it looks like support has also ended.

I have been trialing MD for a day and after all seemed to go well I went ahead and purchased it. Is the default protection adequate. I am still learning the program and haven't started tweaking it yet. Also, does it respond at all to scripts/worms. I have DiamondCS WormGuard installed and am wondering do I still need it.

 

hi xiaolin.

MD is such an excellent HIPS, Keep up the good work, I hope MD lives forever.

was wondering can you in one of the later versions add a rule which prevents the reading of the registry??

lets say for arguments sake if a hacker gained access to your pc, how would you stop him from reading thru the registry? How would you prevent Internet facing app's from sending out registry information to remote servers??

It may not be a security issue but it is a privacy issue as the registry holds a lot of valuable information.

what are peoples thoughts on this?

 

Xioalin,

I have a small change request. Currently the default of the system group the is ask. Could you change this to ignore. Reason for asking is that ignoe defaults to the * general application rule. So when I have ask or deny in the * application default, this is not overruled with ask, due to the higher priority of the system group.

Thanks

Xiaolin, PC Magazine published startup cop pro4, on the website they have a list of keys which they protect, have a look at it, please.

 

Thank you

 

I am still yet to test, but has anyone else tested on how fast MD loads during boot up. MD should be the very first thing or one of the first to load during boot up. So as other programs can submit to MD's authority not MD submit to other authority. Because if some one got malware which started during boot up we all know what the end result could be eh. So xiaolin can MD be advanced forward during boot up?

 

Hi Kees,

I have changed the default permissions of the system app rules from ignore to ask to avoid being affected by low priority rules. For example, if you set some permissions to DENY in the * app rule, the system may work improperly, or even may not be able to start.

But you can change the permission to ignore manually.

 

Are you talking about driver load time or user interface (tray icon) load time? MD's protections are generally kernel driver based and in place before you see the logon screen.

 

Hi arran,

It will reduce the system performance if add the feature to detecting registry read actions.

I think the network protection can prevent sending out registry information.

 

Hi Xiaolin,

I have "Use random name for Malware Defender driver" enabled, but the driver name has been the same at every startup since installing 2.2.0. Tested on Vista SP2 and XP SP3.