AppDefend v1.300 Alpha Release

Discussion in 'Ghost Security Suite (GSS)' started by Jason_R0, Aug 1, 2007.

Thread Status:
Not open for further replies.
  1. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    http://www.ghostsecurity.com/downloads/setupadrd1300b1.exe



    A few weeks late, but here is the next alpha of AppDefend (and RegDefend).

    Compared to the last alpha a lot has changed under the hood, all of the core work is now done at the kernel level - which required the shifting of most of the old core into kernel mode. This is much more secure and gives greater control over how things like rule files are handled (if they are missing, corrupted, etc) and there is no mess in telling the driver what to do when it comes to certain events unlike before. In effect it is more efficient as there is no need for any process to be involved, whereas before 3 or 4 communications would need to be made for any actual event. The "downside" to this, if you could call it that, is the time it took to get it right and stable. Hopefully this alpha is a lot more stable than v1.200, it has been for myself and the private beta testers anyhow.

    RegDefend (the upcoming v3) has also been added since the last GSS alpha, and it now automatically handles everything from the kernel level just like AppDefend. At the moment I have only added about 8 rules manually, relating to common registry startup areas and service/driver areas, but it will be enough to test out RegDefend and report back on it's stability. Due to no new gss.exe (with the new GUI code) you cannot edit the rules due to the internal changes in how RegDefend works, but you will when the new gss.exe is ready (upcoming alpha).

    I am going to be releasing more updates on a regular schedule until the final is done so people can see the progress more clearly.

    old v1.300 versions
    http://www.ghostsecurity.com/downloads/setupadrd1300.exe
     
    Last edited: Aug 15, 2007
  2. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    Hmmmm.......I'm going to give this puppy a go, it sounds sweet to me, I'm sure its got a lot of improvements over the previous builds, one thing put me off the other alphas was the lack of RegDefend, I will give this a go on my laptop too.

    @ Jason: It made my day to hear this "I am going to be releasing more updates on a regular schedule until the final is done so people can see the progress more clearly." , it can only help to improve things, we can test new features/functions and of course stability of the code more often, there for we all benefit, thats good to hear to, so thanks :D

    Fluffy
     
  3. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    Well, I just downloaded it and gave it a test drive, came across a few problems already :-

    1). RegDefend is totally disabled and cannot be enabled, plus theres no rules, the rules section is blank, just complains about choosing a profile, since there are none I cant choose any.

    2). The alerts need to be z-ordered, at boot sometimes the alerts are frozen and cant be clicked on for a short while, after a short while the current alert is replaced with a new one so you never get to allow or block the previous one.

    3). Either during boot or shutdown some alerts are never remembered, for example for me BoClean will always generate an alert everytime I shutdown, even through I tell AppDefend to always to allow.

    4). Comodo Firewall 2.4 cannot initialize for some reason, so it becomes non functional.


    Okay, thats all I can remember for now, apart from those issues very impressive Jason, you seem to be getting there and making the next version awesome, I like the boot time protect, should give malware a real headache.....hehe

    Fluffy
     
  4. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Is this new Alpha release incorporating Tonys ruleset for Regdefend...o_O :D
     
  5. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I took a quick spin on this alpha version as well, as the alpha designation suggests, exercise caution in using it.

    I installed it on two partition variants, one with a "typical" security setup (it happened to be Dr Web/AVG Antispyware/Returnil) and a second which had no security software installed.

    I noted some of the problems noted above (alerts seemingly losing focus, some lack of remembering). It also appears that there is a significant conflict with one or more of (Dr Web/AVG Antispyware/Returnil).

    On the clean partition (Dr Web/AVG AS/Returnil/GSS uninstalled then GSS only reinstalled) a problem developed which quickly morphed into a continuous restart cycle a minute or two into a login session.

    Problems were resolved with straightforward safe mode uninstalls.

    System is a vanilla Dell 4500 Win XP SP2 with 1 GB of RAM. In my hands, on my system, stability is not quite where it should be.

    Blue
     
  6. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    @ Mongol: At the moment Jason has only added about 8 rules, and RegDefend can not be used to edit rules as GSS is still using the old GUI code, this build is only to test the new core of GSS, hopefully the new GUI code will be added soon so we can test it out too :D

    So far great work Jason, the only thing that I would like to see changed is the position of the buttons on the alerts, maybe if they were at the bottom of the alert it would be easier/quicker to deal with an alert, just a thought, through I admit to liking the old style (beta v1.110) :)

    Fluffy
     
  7. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    One specific problem that I've seen, even though I was under the impression that RD was fully disabled, is the appearance of RD prompts during logon. An example shot is below. Generally, this wouldn't be a problem. Unfortunately, that alert window won't process input or respond in any way. Right now I'm ~ 15 minutes into a session and it's still sitting on top of everything in the middle of the screen, blocking any further processing of GSS prompts or any popup that it fully covers.

    Blue
     

    Attached Files:

    • RD.png
      RD.png
      File size:
      23.3 KB
      Views:
      1,651
  8. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    XP SP2, Toshiba M70-320, Only GSS and Avast! for security: system froze after entering login password. Reboot, same thing. Tried with and without Ghostshell.
    Last alpha version allowed boot without issues (with Ghostshell), and i could see the ghosts during boot process, not this time (are they shy now).

    If more input is needed, please tell me, i don't know what is needed.
     
  9. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Glad I held off on installing. I rarely mess with beta stuff but the possibility of something new here really wet my whistle...:eek: :D
     
  10. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    @ Mongol: Theres no harm in trying out Alpha's or Beta's so long as you have a way to back up your system before installing and reverse any changes if something goes wrong, I only use my long years of experience with windows to fix any problems, but if I was worried I would use some kind of drive imaging software to take a snapshot before installing an Alpha or Beta, truth is never over extend your self, stay within your knowledge, alot of people get excited and install a Beta or Alpha build and cant reverse things when it goes wrong, at the moment if I was you I would wait for a stable Beta to come out and then give GSS a test drive, good luck and have fun when or if you do :)

    Fluffy
     
  11. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Thats what I plan to do, wait for word from Jason about a new Alpha/Beta release ironing out some of these early wrinkles. For now the 1.20 release is rolling along just fine here...:cool:
     
  12. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    Are you using the stand alone RegDefend v2.000 with the AppDefend v1.200 ? I did think about doing this myself, but I guess I'm so used to using GSS that I prefer to use AppDefend and RegDefend in one whole suite, its nice having the two side by side in GSS rather then two separate programs and GUI's , not that it matters now, I mean Jason will soon have the new Alpha and hopefully not long to go the Beta stable and good to go :)

    Fluffy
     
  13. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    I'm using the suite. You are right, its nice having the two together in one package...:thumb: :cool:
     
  14. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    v1.300 up and running fine here. There was a little delay with some of the alerts on first boot but after that its been running great. I'm a little sad that the ghosts have been taken away, i liked the ghosts floating around on screen. Perhaps you could put an option in to enable/disable it?
     
  15. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    @ farmerlee: Just wondering, did you delete the old GSS folder before installing ? , I think I forgot and wonder if the left overs caused any problems I saw :doubt: , maybe I will try a fresh download and install :)

    I didn't see any ghosts on my screen either, weird, is it a bug or has Jason disabled or removed them from this build ?


    Fluffy
     
  16. cbuddha42

    cbuddha42 Registered Member

    Joined:
    Aug 4, 2007
    Posts:
    10
    Hey, is there a 64-bit version available?
     
  17. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I just uninstalled v1.2, restarted my system then installed v1.3.

    I'm still waiting on a reply from jason in regards to the floating ghosts, hopefully he can clarify the situation.
     
  18. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    @ farmerlee: Thanks, I will look forward to hearing the reply, I'm sure theres a good reason why, and Jason will at a later date bring the ghosts back :thumb:

    I have tried a fresh install, during boot up I had no alerts (strange o_O) , then when the desktop started loading I got some alerts, mostly RegDefend ones, like with BlueZannetti, I had one stuck permanently on my screen and it wouldnt go away, I tried clicking but it wouldnt accept any clicks, in the end I had to reboot, but the system wouldnt shutdown, I did the old hold the power button in trick, no problem, it shutdown, also I had problems with my Comodo firewall, it refused to initialize, just asked me to re-install it, my feeling is the GUI code is causing these issues, hopefully when Jason adds the new GUI code it will solve them :)

    Fluffy
     
  19. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    No, but it should be fairly simple to do a 64bit build (as long as you remove the "useless" kernel update Microsoft added to stop GSS). I will do a test later tonight, and if it works without much work required I'll release it.
     
  20. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    I've removed them at the moment, but they will be back soon.

    I forgot to mention there are 3 files you should look at removing yourself, at this stage at least (uninstaller will ask eventually). They are in your system32 folder, and start with "gss_" . They are the rules and other files, if you uninstall and keep those files there AppDefend will think they are still valid and you won't get any more alerts until you change the rules.
     
  21. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    It actually depends on the situation, sometimes the system is doing something which makes it disable input for various reasons, especially during boot you can get some alerts you will never be able to respond to, but you will be able to "see" them. Winlogon seems to do this with network access at boot on XP machines.

    At the moment RegDefend alerts won't be remembered, but if it is indeed AppDefend then it is something curious. Could you tell me what specific BOClean things aren't remembered?

    Yes that is a problem people have been noting with the last alphas too, it still needs more work to figure out what it is doing that is breaking when GSS is installed.
     
  22. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    I have v1.30 installed and a couple of reboots back I was able to see gss in my task manager and edit the apps section for a few tweaking and now it doesnt show up at all. The cool part is the protection is still on and it remembered all of my settings prior to set up. All I need to do is use the gss start exe to launch the gui. However now in the apps section there are no apps to be viewed anymore but gss still remembered my previous settings. What is cool about this program now is that none of the RK scanners can detect gss as running as a service its like it don't exist except for its hooks into the kernel of course which can be seen.
    Was able to aquire access to the apps table and this time it shows all of my apps that I set up previously, did this by starting a new program which got flagged by gss then launched the gui and now all my apps shows up in the apps table which I can now edit settings to them if I choose. I like the memory usage only 2,100k.
     
    Last edited: Aug 4, 2007
  23. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    There is still v.1.200 at the top of the form, I guess the change to v.1.300 has been forgotten.

    I also experience the Disabled state of Reg Defend. I receive the same RegDefend screen like Blue Zanetti. Finally all critical GSS files working fine.
     
  24. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    @ Jason: Thank you for the info on the ghosts, RD and everything else too, I cant wait until they are back and RD is completely working, I have deleted the gss_ files and this has helped lots, I think it was just junk from previous installations causing some problems.

    All I see now from BoClean (boc424.exe) is a RD alert during shutdown, I guess this is to be expected at the moment, I will keep you posted to anything else.

    As for Comodo firewall, I'm unsure to whats going on, the last install of GSS alpha v1.300 after a few reboots the Network Monitor initialized, but thats all, the Application Monitor, Component Monitor and the Application Behaviour Analysis were all un-initialized, strange, I'm unsure as to why the Network Monitor started working during boot up, or the other way around, why the others wouldnt initialize :doubt:

    I have noticed the same as yankinNcrankin, if you either add a new application by browsing for it or just clicking the add button then the Applications list gets populated, before browsing or adding its totally blank, I have seen some other blank entries and duplicated System info, I mean in the Info section on the System tab, my Comodo cpf.exe has lots of winhlp32.exe listed, and PaintShop pro 9 is totally blank, while the others have normal entries, just seems rather weird to me :doubt:

    Fluffy
     
    Last edited: Aug 5, 2007
  25. Mark Klomp

    Mark Klomp Registered Member

    Joined:
    Sep 30, 2005
    Posts:
    61
    But I'm not sure about it being kernel level. I mean the downside is now it has become a vital (system-) process of the computer, and when it crashes, your computer gives a BSOD, right? Or am I wrong?

    Guys I installed the v1.3, but it's totally disabled as you said, and I don't even get any alerts, so i don't know how you are doing this, to get alerts. No rules have been installed, so how the hell can you get alerts? I tried to install my backupped alerts of my previous v1.10 beta version, but I can't install them. first copied them to program files (didn't worked), then to system32 folder, and renamed them to the names GSS is searching for. But it couldn't load them successfully, although ofcourse it said they found the files.

    there needs to be done really much yet for it to be final I can see.
     
    Last edited: Aug 7, 2007
Thread Status:
Not open for further replies.