Beta-testing of the DefenseWall Host Intrusion Prevention System.

Discussion in 'other anti-malware software' started by Ilya Rabinovich, Sep 19, 2005.

Thread Status:
Not open for further replies.
  1. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Has anyone added more programs to the untrusted list for extra security or are the default settings ok.
     
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I'm afraid not. The skin is built as non-resizable.
     
  3. qazu76

    qazu76 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    21
    I've just added all my internet facing programs and winrar. Apart from that i'm running default.
     
  4. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    I have firefox in my untrusted list - yet when I run it it sometimes does not show up as a untrusted app on the front tab.

    Yet if I try IE - shows instance always on front tab

    Event seem to record everything - but now If I look on the front panel - DW says that Firefox is trusted? but it is in my untrusted list.


    Bit dazed and confused
     
  5. RipVanTinkle

    RipVanTinkle Registered Member

    Joined:
    Oct 20, 2005
    Posts:
    102
    Franklin - anything that connects to the internet
    I've added these so far

    FTP proggies - FlashFXP, FTPSpy
    Browsers - Opera
    Download Managers - Net Transport
    Weather programs - Mr Weather
    Newsgroup proggies - PowerGrab, Grabbit, SoulSeek

    ======

    Starfish_001
    I've never seen Firefox running as trusted when it should be Untrusted
    The only anomily I've seen is when Dr Watson fires up, it never gets
    listed under Untrusted even though 1 Untrusted app is listed - You Have
    One Untrusted Process... etc

    =============

    It's been a great addition to my security and no problems with updating
    Low on resources and exists with all my security apps with no problems
    at all.

    One Happy Camper here :)
     
    Last edited: Jan 1, 2006
  6. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Ilya,

    As a new registered user of DefenseWall HIPS v1.11, I have been experiencing some consistent and intermittent problems with Opera v8.51 and Eudora v7.0.1(free w/ads) which are listed or I have included as an "untrusted" application.

    1.) Scrolling up and down through the bookmarks is consistently slow or sluggish in Opera.
    2.) On an intermittent basis, it takes an additional 1-2 seconds or more to open and close both Opera and Eudora.
    3.) On an intermittent basis, random execution requests such as opening the bookmark panel, clicking a bookmark in the bookmark panel or deleting private data freezes up Opera briefly for a few seconds before resuming.
    4.) On an intermittent basis, entering my password and checking for new mail freezes up Eudora briefly for a few seconds before resuming.
    5.) On a consistent basis, I have observed that the DefenseWall icon in the system tray remains red/orange during the entire duration when using and long after closing/exitting an "untrusted" application such as Opera or Eudora.

    FYI, the pc in question is a Dell with WinXP SP2, 3.2 GHz Intel P4 and 1 Gb RAM. The other resident, "active" security applications that I am running include: BOClean, Look'n'Stop firewall, NOD32, Online Armor and RegRun Platinum 4.5. Until proven otherwise, it appears that DefenseWall may be conflicting with both Opera and Eudora. A prompt reply and solution to this matter would be greatly appreciated.


    Peace & Love,

    CogitoErgoSum
     
    Last edited: Jan 3, 2006
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    A good way to test this, in the meantime, would be to try shutting the others down one at a time to see if the problem is remedied. It may also be that one of these is conflicting with DW on your system.
     
  8. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, Notok is right. I was testing DW with the Opera and I had no problem with it. Just try to switch off one-by-one all the resident programs but DW and see when the Opera's speed will back. Then report about the last app switched off- I'll try to reproduce the situation and to fix the problem.
     
  9. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Notok and Ilya,

    I shut down BOClean, Look'n'Stop, NOD32, Online Armor and RegRun Platinum 4.5 one at a time repeating this sequence for both Eudora and Opera a few times. Unfortunately, I did not find any conclusive evidence that these apps. are conflicting with DefenseWall and causing problems with Eudora and Opera. FYI, interestingly, after shutting down Online Armor, I could only restart it by rebooting my computer. Could OA possibly be conflicting with DW or vice versa? Despite these findings, issues #1, #2 and #7 remain unresolved.


    Peace & Love,

    CogitoErgoSum
     
  10. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    As about #1 and #2- I don't know. Contact me via e-mail, I'll try to send you test drivers with the part of the hooks switched off. This will help to understand (and to fix) the reason of the slow down.
    As about #7- the icon terns red if there are some dangerous behaviour is blocked. Just send me the log file- I'll look at it.
     
  11. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    sys tray icon disappeared? any ideas how to get to the GUI?
     
  12. toadbee

    toadbee Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    123
    Starfish -
    Check your task manager. Is defensewall.exe running?
    If not, got start - programs and run defensewall.

    If it is try end task on defensewall.exe (you are still protected), then restart defensewall like above.
     
  13. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    Thanks forgot that defensewall.exe was just interface - killed and restarted fine
     
  14. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    I have firefox in my untrusted list - yet when I run it it sometimes does not show up as a untrusted app on the front tab. But the title bar says defenceWall untrusted

    If I look on the front panel - DW says that Firefox is trusted? but it is in my untrusted list and the title bar says defenceWall untrusted

    If I hit the red button to close all nothing happens.

    Gave up an rebooted


    Ilya any ideas second time in 2 days?
     
  15. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    What do you mean "front panel"? Front panel of what? The status is dislpayed within the title bar of the window and "Trusted and Untrusted processes- now running" dialog.

    That is very strage. It shouldn't be like that. Try to investigate this question and contact me via e-mail on results.
     
  16. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046

    Front panel first tab in your DW interface - close all untrusted

    Indeed - a reboot cured it but this is the second time. Could this be something to do with process Guard. The process is non longer prottectd by PG?
     
  17. toadbee

    toadbee Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    123
    So starfish - you are saying the grey button "you have # untrusted process(es) running on your computer" isn't reporting that FF is running.

    Sounds like PG or another app is interferring with the communication between the DW GUI and the DW sys driver.
     
  18. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    I once forgot to keep PG in learning mode when upgrading DW - that caused some confusion, but if I remember right I reinstalled DW with PG in learning mode and now its OK - could that be worth trying?

    Best Regards
     
  19. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    Firefox is untrusted yet in the trusted list - so yes . Only happened twice so far.

    And yes I agree I think it probably is another Kernel app - PG or NOD nothing looks wrong but ...

    Have Exchanged an email with Ilya. But at the moment need to make ireproduce on demand. ....
     
  20. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    This is something I encountered during the beta as well, sometimes it just seems that it doesn't see untrusted apps, but it's hard to replicate. For the record I do not run PG, so that wouldn't be the highest on my list of suspects. I do, however, run NOD32.
     
  21. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Man, this is one long thread. I would like to beta-test Defense Wall HIPS, however I really do not want to read this whole thread. I would like to give my opinions on a few features of DW:

    Beatifull interface, Two thumbs up for eye candy.

    On the main page it says: "You have X# untrusted process(es) running on your computer.", when you click this it launches the "Trusted and Untrusted Details" window. It would be nice if you could move processes between the Trusted and Untrusted zones though this window.

    When DW is already open and I try to open it from the Start Menu, I get an error saying: "Multiple instances are not allowed". It would be nice if the shortcut launched the main window of the current running instance instead.

    I'm not sure if this has already been said, but it would be beneficial for DW to run as a service, this would add some security.

    So far everything has been running smoothly, running on WinXP SP2 with all updates, using default settings and running IE frequently.

    BTW, it is a really nice feature that user has the ability to add either proccess, folder or application to the untrusted list, makes it easy on the user.
     
    Last edited: Jan 6, 2006
  22. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Also, if there was an advanced mode that would allow custom default restrictions and custom restrictions per proccess, this would be nice.

    And, when attempting to launch an untrusted application as trusted when the application is already open, a dialog box asking whether to close and restart the application as trusted automatically or not would be nice. Or even plain text notification in red under the options on the right letting the user know the application is already open and therefore cannot be launched trusted.

    Here is an example of what I am suggesting(i'm sure you could implement it in a much nicer way):
     

    Attached Files:

    • well.JPG
      well.JPG
      File size:
      80.8 KB
      Views:
      130
    Last edited: Jan 6, 2006
  23. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    The beta-test process is temporary closed. DW is release now. The beta-tesing will be switched on later, when I will be testing the next major release. As you understand (I hope), if I won't be selling the product I'll have to freeze the project and start looking for the work as a hired personal.

    It is possible to move trusted process to untrusted zone, back action is impossible. I'll think about this feature, but a little bit later.

    Aha, will be done.

    It won't add any security, because GUI is just a control panel. All the defense core is driver-level. You can close my GUI, but the protection will be working.

    I see no reasons. It is security hole. If everything is working fine- why to change it?

    I see no reasons for now. For example, you launch IE as trusted already having IE running as untrusted. Why to close untrusted instances? Trusted IE will be reliably separated from the untrusted processes zone. How it will rise up the productivity of the user's work or security level? I don't understand..... Please, explain!
     
  24. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046

    I think we have a suspect
     
  25. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Because some users might want to run certain programs in untrusted mode, but allow certain exeptions. If I am correct, running an e-mail client in untrusted mode prevents it from launching AntiVirus programs to scan incoming mail?

    Good :D I should have checked before making such a suggestion.

    Some processes do not allow multiple instances(like messaging clients). Only reason I made this suggestion is for a more user friendly interface.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.