Malware Defender

The official link seems work for me again!

edit: I tried md in virtualbox. Guest OS is windows xp. The problem is the MD GUI couldn't show up if vb is using seamless mode. Maybe I'll wait for the final version. Btw,md looks too complicated to me.

 

provide some infos about your system pls!
Win7 no problems

@CloneRanger - kidding in using internet explorer?
dont you have any script and ad filter on him?

 

To all

I don't know about the link being hijacked but I have an account on that site and I tried to download again and it worked for me perfectly

Sorry to hear that some people couldn't download the file

 

it's a nice program
but on a old pc , i run a malware and it by passed malware defender


don't know how trusty it is

 

depends on your malware and on your MD settings.
my crystal ball is in repair these times

hashes of current versions
0aef8eb9ded0c834e1b858a56f48b100|md_setup_eng_260.exe
47317bad8ce043c91da2503509d0cff7|md_setup_en_270.exe
5ef13742dc16424dc3f90d023fbb92fc|md_setup_en_271_beta.exe
sorry - NO links here - not allowed this way.

#
ok, no i have some trouble with MD and a sandboxed program
i tried setup new latest glary utilities and MD denied somehow
access to \program files\ and \userdesktop\

# was MD 2.7.0 and 2.7.1_beta, 2.6.0 did fine

## solved, was mdhook.dll outdated

 

I bet a thousand dollars that it only bypassed MD due to your bad configurations.

 

@Brummelchen

No not kidding I got various different errors in reaching some of the redirects with FF, so used IE6 as well which worked better in some cases.

Hardly ever use IE these days, but both it a FF are very much locked down. Only enabled scripting etc to do the test. Wasn't worried about getting infected, as i have good security software and prevention in place as well

 

Windows 7 x86

Current security setup is in my sig.
I don't know it could probably be PCTools but i didn't really tried to find what was the cause of the BSoD and internet connection problems

 

Hi arran,I know you like MD a lot,but here's someone bypassing it.
-http://cid-ad319598642e8326.skydrive.live.com/self.aspx/Public/Video/Malware%20Defender%20Process%20Protection.avi-

-http://cid-ad319598642e8326.skydrive.live.com/self.aspx/Public/Video/Malware%20Defender%20Process%20Protection%20with%20Rules.avi-

-http://cid-ad319598642e8326.skydrive.live.com/self.aspx/Public/Video/Malware%20Defender%20Process%20Protection%20with%20Deny%20All%20Rule.avi-

Well,it was originally posted here: ~ Link to Unknown Material Removed ~

 

Interesting Video. Its not a complete bypass because firstly with file rules you have to allow the creation of the executable file on your OS secondly you have to allow it run.

So once allowed to run it becomes as case of controlling the behavior of the running test.exe I do believe there is other configurations on MD which was not configured. Test.exe uses other processors on your pc to do its dirty work and in the video I didn't see any configurations on the system processors for example why was lsass.exe allowed to terminate windows? I also didn't see any file folder registry configurations on the video either.

Someone Please PM me this Test.exe

 

JRViejo why has the link to the official chinese MD forums been removed?

and the video links removed?

 

cleaner Malware Defender

is there a cleaner ?
to make a fresh install for malware defender
maybe i have some issues with my xp
i installed some days ago defencewall , and after malware defender

thanks

 

I didn't watch the video and won't anyway since it's too complicated for me to understand.

I'll pm you the test.exe. You may check it out yourself.

 

but can it work under sandboxie?
it could be more safe

 

OK I have tested test.exe on MD thanks to the people who PM'd me.

MD didn't as well as I expected at controlling it's naughty behavior.

If you allow the creation of the File, allow it to run and allow it to load a couple
of DLL's it seems to be able to terminate other app's. However it can't terminate MD so MD has good self defense. Also it can't terminate app's if you select in MD's rule the rule called "Protect this application from being accessed by other processes" for each app. Unfortunatly you can't select this rule for system programs so test.exe can terminate them. You can however prevent windows from being shut if test.exe terminates lsass.exe by denying winlogon.exe from shutting down windows.

I'm still testing But I hope this will be fixed in one of the 2.7 versions.

PS a bit off topic but Sandboxie Passes

 

So for which process should you click "protect this app from being accessed by other processes" in order to protect windows from shutting down? only winlogon.exe or also lsass.exe or something else?

 

If you select this rule like in the screenie for each app test.exe cannot terminate them.

however you will notice you cannot select this rule for system app's so test.exe is able to terminate them. winlogon.exe and lsass.exe are system app's, regarding lsass.exe if that is terminated you can prevent windows from being shut down if you deny winlogon.exe from shutting down windows is what I was saying.

 

Great.
So next step is, how do you deny winlogon.exe from shutting down windows? I cant seem to make it work.

 

You can select Deny when prompted or create a static rule as shown in the screenshot. I would opt for selecting deny over creating the static rule.

 

Thanks for the info!

Deny or static rule should give the same result, why are you advocating one and not the other?

 

Because sometimes winlogon.exe may want to legitimately restart the computer and you can choose allow.

 

I am using MD to prevent windows update to shutdown windows. Handy

 

Lol... just for this? You know that can be done via group policy? gpedit.msc - Computer Configuration - Administrative Templates - Windows Components - Windows Update

 

yes it's off tipic
but run under sandboxie , can sandboxie stop it?


by the way is only the last version full compatible with w7 ?

is the author sometime here in this forum?