iDefender (new HIPS for Windows)

To clarify, I have been using HIPS for the last 20 years, and ''rules per process'' is a standard feature. Obviously, most of the rules are made for semi-trusted processes, because you're not going to make rules for malware, those are simply terminated.

To be honest, I'm not sure what you mean with ''scenario-based'' rule model, because I suppose iDefender will always alert when a single behavior is triggered, or will it only alert when multiple rules are triggered? That's not the impression that I get from the screenshots though.

 

Yes, almost all HIPS are process-based as the main entity ("rules per process"). However, this approach has limited scalability and flexibility. The core of HIPS revolves around processes and behaviors, whereas iDefender adopts the opposite logic by using behaviors as the main entity for rule configuration. For instance, to prohibit the launch of certain processes, you only need to set a few process parameters. Similarly, to protect files from being accessed, simply specify the files to be protected and the trusted parameters. iDefender has streamlined various common usage scenarios into templates, allowing users to complete rule setup with just a few parameters, thereby simplifying the complexity of custom rule creation. Many users have previously expressed a desire for process-based rules, but after getting accustomed to behavior-based methods, they found the latter's rule management to be simpler and more flexible. Meanwhile, they have also utilized Folder and Param Group to create their own sets of rules managed by process.
This is an AI translation, so it might not be the clearest explanation. You could try exploring on your own — once you get familiar with how it works, you’ll probably understand it better.

The process-based rule template is under development and slated for release in the second upcoming version, in response to demand from the Team version.

Currently, custom rules only support a single behavior. Some multi-step behaviors are available in the built-in IOA rules.

 

Hello

Where can I ask for a feature request ?

I would like to ask if you can let the user to be prompted for rules for which their actions are 'block' only at the moment.

Thanks

 

It can be requested via email (support@trustsing.com) or Github issue.
However, if the action of a rule is only 'block', it generally falls under configuration-type rules or kernel rules (too frequent) and does not support prompts. If there is a specific use case, you can provide a detailed description and later add a rule template to support it, after which a rule that supports prompts can be added.

 

For anyone interested, yesterday Shadowra ran a test on iDefender Pro. Here is the link https://malwaretips.com/threads/idefender-pro-présentation-reviews.138491/