DefenseWall 3.23 Beta

Discussion in 'other anti-malware software' started by chachazz, Mar 1, 2014.

Thread Status:
Not open for further replies.
  1. Pete is right, better to launch a light version of DW x64, called Defense Walletje: (is Dutch for small Wall :D )

    1. Firewall
    Uses Windows as inbound, DW as outbound
    ==> Improved Windows FW

    2. Elevation shield
    Only allow trusted binaries to elevate from safe places, when they are signed and from trusted publisher or have an whitelisted hash
    ==> improved UAC (more granular as Deny Elevation of Unsigned feature with remember functionality, UAC can be set to auto elevate).

    3. Execution Shield (internal OS feature, present M$)
    Set SRP with default level as basic user, for all files, except Admin, implements Symantec tweak to run MSI as Admin, only run as Admin is replaced by DW's Run As Trusted: this also overrules Admin Shield, after it has checked executable at Virus Total (when safe it auto allows, when flagged by 5 it auto denies, in between it asks the user for confirmation with warning
    ==> Improved SRP still able to install (right click) and VT check

    4. Program Shield
    With two components
    a) LUA-sandbox
    Redirects access to admin protected area's to file/registry sandbox when a protected program is launched. At program closure question is asked to recover or dump files from sandbox, registry changes are always flushed, saved files are given a Low IL through ACL and set as downloaded unsecure file (security zone 1806)
    ==> Improved run as (LUA as I have now implemented with Joanna's tips and tricks)

    b) Intrusion Guard
    Install EMET automatically for these guarded programs, add additional DW x32 protection through available mechanisms in x64 on process/memory level.
    ==> Improved EMET

    What do think of this?

    Regards Kees
     
    Last edited by a moderator: Mar 7, 2014
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, I know what you mean, but I think it's highly unlikely that malware is able to bypass behavior blockers on Win 8.

    For example SpyShelter and Comodo Firewall seem to be able to intercept just about anything. ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.