About Defensewall...

That was not helpful at all. At least answer this question I posed earlier. I was refering to this when I said that DW was easy to bypass.

 

You can make a thread on DW foums with all details. It will be better.

 

Hello n8chavez,

The following link may help answer some of your questions regarding DefenseWall(DW).

https://www.wilderssecurity.com/showpost.php?p=1124775&postcount=7

As for APT, chances are good that it terminated only DefenseWall's GUI process(defensewall.exe). It should not have terminated DefenseWall's internal service process(defensewall_serv.exe) which is related to DW's protection mechanisms. All-in-all there should be a total of two system processes running that are visible and are related to DW. Keep in mind that DW is installed at the ring-0 protection level(kernel) as a system driver.

Another thing to keep in mind is that, by default DW automatically tags all applications(safe or malicious) downloaded via your web browser to the desktop as "untrusted". These tagged applications appear in the "Untrusted applications" tab window.

Q: How can I add a program as "trusted"?
A: You can ensure that a program will be running as "trusted" by checking to see that it does "not" appear in the "Untrusted applications" tab window. If it is part of the list you can remove it by following the instructions in the link that I have provided earlier in this reply.

Q: How do I know what is "trusted"?
A: One way to check if an application is running as "trusted" is by checking to see that a "DefenseWall Status: Untrusted" text notification does "not" appear on the top-most border of a window or screen of an open program. Another sign, is by observing that the DW system tray icon does "not" turn red/orange in color when a program is open.

If you have any more questions, please feel free to ask me. I will do what I can to help clarify them. Hope this helps.


Peace & Gratitude,

CogitoErgoSum

 

I wish there was a setting that enables DW to mark every 'file' as untrusted unless told otherwise, not just those that are downloaded from your browser. I think that DW, in that area lacks control that other HIPS have.

 

N8chavez,

Follow up Aigle's suggestion and read the help files first. A policy Sandbox like DW or GW focus on the threatgates (external sources). This because those sources are the only entry points of NEW malware.

When you are afraid of having Malware running on your computer, run an AV-scan. Leave the PC for a month or so and run a second scan. When both are clean you have a 99% of not being infected. When you want to rule at that last percent, do not use your PC for another 3 months. Run a scan. When you are malware free than and still feel that you might be infected, buy a new one with a different OS (like unix), that will surprise the bugs hunting you (they can not know which PC you are going to use on a specific day).

 

In that case your PC will be virtually free of malware as you will not be able to boot it.