Malware Defender 2.2.0 beta

Hi nick,

The last used driver name is saved in registry. MD will change driver name only if cannot open the driver with last name. So normally, the driver name will be changed after upgrade.

The old versions have same behaviour too.

 

Thanks for the explanation. I checked my bootlogs and see now how the driver naming works.

 

I am talking about driver load time. as you can see in the screen shot defense wall and eqsecure drivers starts a bit before MD. the one marked at the top AEinput is Anti-executable by faronics driver. Is it possible to move MD's driver further up? is there such a program that will do this? or can only xiaolin do this with the way MD is written?

 

that's ok we don't want to add features if it means sacrificing system performance.

 

Well congratulations from me too xiaolin, MD is excellent, I hope you won't abandon development too. Its kind of expensive for hips and I had to pay around 20% VAT additionally, via regnow, but since the license is lifetime, it is definitely worth it.

 

Hello,

What is the difference between the following two rules :





Thanks.

 

The permission on the Permissions page (first picture) is the default value. If the list(second picture) is empty or the permission of matched rule in the list is IGNORE, then the load dll permission on the Permissions page will be used.

 

The update speed may slow down after MD become mature. But I will not abandon the development. Thank you.

 

MD's "Lifetime License" concerns me as to your long-term financial soundness. I suggest that you exclude/grandfather folks who NOW have lifetime license, and switch to something like Ilya uses for Defense Wall Hips. I quote Ilya's license terms as follows...

Another option might be to offer 1-year licenses for (say) $12, and also retain the option for buying a lifetime license at the price you now charge.

I hope that others will chime in with their comments. I do want MD to remain financially successful for a long long time!

 

I will think about it. But even I will change the license, the promises for users that already paid will not changed.

Thank you.

 

The lifetime license is nice but at $40 USD I can get a whole suite if I wanted one (more comprehensive but not lifetime). I really like MD but it's not really for non-technical users as far as usability goes.

 

I compared MD 2.2.0 and DW 2.55 driver loading on XP SP3, Vista SP2, and Windows 7 RC, and see that, for me, MD's driver lags DW's dwall.sys only on Windows 7...

XP SP3:

Loaded driver \??\c:\windows\system32\drivers\ncmebaaa.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\dwall.sys

Vista SP2:

Loaded driver \??\c:\windows\system32\drivers\majpohid.sys
Loaded driver \SystemRoot\System32\Drivers\dwall.sys

Windows 7 RC:

Loaded driver \SystemRoot\System32\Drivers\dwall.sys
Loaded driver \SystemRoot\System32\drivers\discache.sys
Loaded driver \SystemRoot\system32\drivers\csc.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
Loaded driver \??\c:\windows\system32\drivers\bednigeg.sys

You can generally change a driver's start value to 0 (boot) using regedit. It may or may not work. MD 2.2.0 blocks tampering with the start value. Even if it did work, I'm not sure you would gain anything. These are issues best left for the devs to shed light on.

 

Does MD forget the rules in limited user account?

I used to run MD and Prevx 3.0 Free in LUA, but I noticed that MD forget some rules... even if during the popup i select Create permanent rule for that application (without the command line)

 

I think you are right. It forgot some of my rules too, but I don't remember if it was before or after registration but I am sure that it was previous version than 2.2.0

 

Only being using MD for a short time, and I am running the latest version 2.2.0, but have not experienced that problem with rules reverting. I just tried changing the a permission for CCleaner from "ignore" to "ask" then changed MD from silent to learning mode, ran CCleaner closed the program changed MD back to silent and the permission was still "ask" (create new process). Only a simple test. I moved KAV and Outpost to "trusted" mode and they are still in that category after a few days and reboots.Maybe Xiaolin could check on this.

 

I reviewed the source code but did not find problems. If anyone have more details information to reproduce the problem, please send email to me.

Thanks,
Xiaolin

 

I have been running MD for a fairly long time -- always the latest version -- & also have not experienced any problem with rules reverting. I'm not saying it doesn't happen -- but it hasn't happened to me.

 

This Malware Defender is a HIPS lovers Dream come true.

Especially the file and folder rules which makes it so so Powerful.

 

Malware Defender 2.2.1 final is released.

English version: http://www.torchsoft.com/download/md_setup.exe
French version: http://www.torchsoft.com/download/md_setup_fra.exe
Spanish version: http://www.torchsoft.com/download/md_setup_esn.exe
Russian version: http://www.torchsoft.com/download/md_setup_rus.exe

What's new?
- Fixed a bug when handling file path in Vista or above.
- Fixed a bug in mdhook.dll.
- Fixed the problem that the priority of logging event is not the same as the prioiry of rule.


Thanks,
Xiaolin

 

Downloaded and installed over the existing version with no problems. Rebooted in learning mode just to be sure. Also backed up my existing rules before the install. Everything seems to be running smooth. The new install did not affect my existing rules. Thanks Xiaolin.

 

Ditto. Ding Hao! Support for MD is amazingly superb, as always.

 

Yes added a custom rule for a single file. Lock the User Interface and its in a vault. Great program MD.

 

I have a question for Xiaolin,

Before purchasing, I would like to know if I'm allowed to install MD on a multi-boot system, ie : installing it on my XP SP3 partition, and on my Vista SP2 partition ?

Thanks in advance !