Malware Defender

Discussion in 'other anti-malware software' started by Ibrad, Mar 15, 2010.

Thread Status:
Not open for further replies.
  1. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    566
    The official link seems work for me again!

    edit: I tried md in virtualbox. Guest OS is windows xp. The problem is the MD GUI couldn't show up if vb is using seamless mode. Maybe I'll wait for the final version. Btw,md looks too complicated to me. :p
     
    Last edited: May 7, 2010
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,869
    provide some infos about your system pls!
    Win7 no problems

    @CloneRanger - kidding in using internet explorer?
    dont you have any script and ad filter on him? :blink:
     
  3. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    UK
    To all

    I don't know about the link being hijacked but I have an account on that site and I tried to download again and it worked for me perfectly:)

    Sorry to hear that some people couldn't download the file:'(
     
  4. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    6,167
    it's a nice program
    but on a old pc , i run a malware and it by passed malware defender
    :thumbd:

    don't know how trusty it is
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,869
    depends on your malware and on your MD settings.
    my crystal ball is in repair these times :p

    hashes of current versions
    0aef8eb9ded0c834e1b858a56f48b100|md_setup_eng_260.exe
    47317bad8ce043c91da2503509d0cff7|md_setup_en_270.exe
    5ef13742dc16424dc3f90d023fbb92fc|md_setup_en_271_beta.exe

    sorry - NO links here - not allowed this way.

    #
    ok, no i have some trouble with MD and a sandboxed program
    i tried setup new latest glary utilities and MD denied somehow
    access to \program files\ and \userdesktop\

    # was MD 2.7.0 and 2.7.1_beta, 2.6.0 did fine

    ## solved, was mdhook.dll outdated
     
    Last edited: May 7, 2010
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    I bet a thousand dollars that it only bypassed MD due to your bad configurations.
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @Brummelchen

    No not kidding :D I got various different errors in reaching some of the redirects with FF, so used IE6 as well which worked better in some cases.

    Hardly ever use IE these days, but both it a FF are very much locked down. Only enabled scripting etc to do the test. Wasn't worried about getting infected, as i have good security software and prevention in place as well :)
     
  8. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Windows 7 x86

    Current security setup is in my sig.
    I don't know it could probably be PCTools but i didn't really tried to find what was the cause of the BSoD and internet connection problems :D
     
  9. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    566
    Hi arran,I know you like MD a lot,but here's someone bypassing it. :D
    -http://cid-ad319598642e8326.skydrive.live.com/self.aspx/Public/Video/Malware%20Defender%20Process%20Protection.avi-

    -http://cid-ad319598642e8326.skydrive.live.com/self.aspx/Public/Video/Malware%20Defender%20Process%20Protection%20with%20Rules.avi-

    -http://cid-ad319598642e8326.skydrive.live.com/self.aspx/Public/Video/Malware%20Defender%20Process%20Protection%20with%20Deny%20All%20Rule.avi-

    Well,it was originally posted here: ~ Link to Unknown Material Removed ~
     
    Last edited by a moderator: May 8, 2010
  10. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    Interesting Video. Its not a complete bypass because firstly with file rules you have to allow the creation of the executable file on your OS secondly you have to allow it run.

    So once allowed to run it becomes as case of controlling the behavior of the running test.exe I do believe there is other configurations on MD which was not configured. Test.exe uses other processors on your pc to do its dirty work and in the video I didn't see any configurations on the system processors for example why was lsass.exe allowed to terminate windows? I also didn't see any file folder registry configurations on the video either.

    Someone Please PM me this Test.exe
     
    Last edited by a moderator: May 8, 2010
  11. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    JRViejo why has the link to the official chinese MD forums been removed?

    and the video links removed?
     
  12. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,423
    Location:
    U.S.A.
    arran, the same forum link was removed from this thread, closing that thread.

    The video links were not removed, just de-linked, and such video links have been either de-linked or in some cases removed, since LowWaterMark's AV Tests statement in this Post.
     
  13. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    6,167
    cleaner Malware Defender

    is there a cleaner ?
    to make a fresh install for malware defender
    maybe i have some issues with my xp
    i installed some days ago defencewall , and after malware defender

    thanks
     
  14. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    566
    I didn't watch the video and won't anyway since it's too complicated for me to understand. :D

    I'll pm you the test.exe. You may check it out yourself.
     
  15. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    6,167
    but can it work under sandboxie?
    it could be more safe
     
  16. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    OK I have tested test.exe on MD thanks to the people who PM'd me.

    MD didn't as well as I expected at controlling it's naughty behavior.

    If you allow the creation of the File, allow it to run and allow it to load a couple
    of DLL's it seems to be able to terminate other app's. However it can't terminate MD so MD has good self defense. Also it can't terminate app's if you select in MD's rule the rule called "Protect this application from being accessed by other processes" for each app. Unfortunatly you can't select this rule for system programs so test.exe can terminate them. You can however prevent windows from being shut if test.exe terminates lsass.exe by denying winlogon.exe from shutting down windows.

    I'm still testing But I hope this will be fixed in one of the 2.7 versions.

    PS a bit off topic but Sandboxie Passes
     
  17. Gen

    Gen Registered Member

    Joined:
    Jan 9, 2007
    Posts:
    73
    So for which process should you click "protect this app from being accessed by other processes" in order to protect windows from shutting down? only winlogon.exe or also lsass.exe or something else?
     
  18. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    If you select this rule like in the screenie for each app test.exe cannot terminate them.

    however you will notice you cannot select this rule for system app's so test.exe is able to terminate them. winlogon.exe and lsass.exe are system app's, regarding lsass.exe if that is terminated you can prevent windows from being shut down if you deny winlogon.exe from shutting down windows is what I was saying.
     

    Attached Files:

    • md.JPG
      md.JPG
      File size:
      34.2 KB
      Views:
      565
  19. Gen

    Gen Registered Member

    Joined:
    Jan 9, 2007
    Posts:
    73
    Great.
    So next step is, how do you deny winlogon.exe from shutting down windows? I cant seem to make it work.
     
  20. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    You can select Deny when prompted or create a static rule as shown in the screenshot. I would opt for selecting deny over creating the static rule.
     

    Attached Files:

  21. Gen

    Gen Registered Member

    Joined:
    Jan 9, 2007
    Posts:
    73
    Thanks for the info!

    Deny or static rule should give the same result, why are you advocating one and not the other?
     
  22. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    Because sometimes winlogon.exe may want to legitimately restart the computer and you can choose allow.
     
  23. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    I am using MD to prevent windows update to shutdown windows. Handy
     
  24. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Lol... just for this? You know that can be done via group policy? gpedit.msc - Computer Configuration - Administrative Templates - Windows Components - Windows Update ;)
     
  25. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    6,167
    yes it's off tipic
    but run under sandboxie , can sandboxie stop it?


    by the way is only the last version full compatible with w7 ?

    is the author sometime here in this forum?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.