DefenseWall HIPS v2.40 RC1 released

Discussion in 'other anti-malware software' started by smith2006, May 8, 2008.

Thread Status:
Not open for further replies.
  1. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
  2. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Thanks for the heads up. Installed and working ok here so far.
     
  3. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK

    Sam here!:thumb:
     
  4. pidbo

    pidbo Registered Member

    Joined:
    Dec 25, 2006
    Posts:
    198
    Just to mention to those that might use Shadow Defender

    from Tony's website

    "» Conflict List

    DefenseWall, Comodo Firewall

    If you have any product above installed in your PC, please DO NOT install Shadow Defender."
     
  5. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Thanks for this.

    Sometime's I think it would be a good idea if there was some way to report conflicts in this forum somewhere. I'm aware of a few conflicts myself and would like to help others avoid time-consuming problems.
     
  6. Wake2

    Wake2 Registered Member

    Joined:
    Apr 30, 2005
    Posts:
    205
    Thanks smith2006 for the update notice.

    Wake
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Thanks, I hope I can install DefenseWall HIPS v2.40 RC1 very soon. :)
     
  8. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    What's new?
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Untrusted processes are now also contained from each other, so the policy restrictions are even tighter.

    This mechanisme also give you the option (what already was implemented in GeSWall Pro) to allow your mail directory to be accessed only accessed by outlook express, see example. In GeSWall Pro you define your mail directory as 'Condidential' and make an acception in the MSIMN configuration part. In DefenseWall you only have to tell that this resource belongs to MSIMN only. When another untrusted process accesses an newly added protected resource, DW asks you whether to allow it or kill the process (so you can not really mess up).


    DefenseWall has total untrusted file control (that is a big plus over simular programs), plus the options to define

    a)Folder/file as 'Confidential' (meaning no untrusted program is allowed to access it = protected)
    b)Folder/file as 'Defense excludes' (meaning that untrusted programs are allowed to change them = unprotected)
    c)Folder as 'Download area' (meaning after 15 days it changes from unprotected to protected, meaning untrusted programs are not allowed to change them anymore, NOTE the status stays UNTRUSTED when it was downloaded)
     

    Attached Files:

    Last edited: May 8, 2008
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    See example below how easy it is to add protection.

    When you select it to "System" no untrusted process is allowed to touch these files/folders/registry entries. By default HKLM hives are protected (in most Policy Based Sandboxes), but you could add some additional HKCU hive protection when you should want that.

    When you click File or Folder you get standard 'explorer like' navigation, when you select registry you get standard 'regedit like' navigation.

    Regards Kees
     

    Attached Files:

    Last edited: May 8, 2008
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Uhhh.

    For all existing users: Ilya will provide build in out of the box resource protection settings, so you can

    a) still keep DW using out of the BOX (advanced resource protection disabled)
    b) only enable resource protection and use build in default protection settings (will provide a little more protection with just one click)
    c) go wild and create your own (so now DW also facilitates tweaking options which some power users of GeSWall Pro like of GW)

    My advice to the advanced DW configuration:
    a) define your Download directory (as explained in previous post), so your downloads become protected but stay untrusted
    b) select advanced resource protection and protect your mail directory (as shown above) plus your web address book (wab suffix) (see below)
    c) add password protection

    That is it, job done!


    How to find where Outlook Express mail archive is located
    1. Open OutlookExpress (msimn.exe)
    2. Select "Extra" in menu bar on top
    3. Select "Options" in drop down menu
    4. Click "Maintenance tab"
    5. Press Archive Map button

    (copy this location and paste in the folder screen of advanced resource protection for msimn see post #9)
     
    Last edited: May 9, 2008
  12. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    Hi Kees1958.

    I would like to add roboform to help protect my passwords and data.

    I am confused however as to what i need to add to the right hand box to enable roboform to still work with Firefox and I.E.

    Thanks if you can offer any advice (using Vista home premium btw)
     
  13. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    Hello Tony!

    I am not 100% but i think this is how you do it (i have used Firefox but same applies to IE):

    View attachment 199790
     
  14. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    This case you need to associate your browser(s) you use with Roboform and its data folders.
     
  15. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    Hi and thank you.

    So if i have got this right, then when i highlight firefox.exe in the left window, i then add my roboform data folder via the add new file folder or registry key in the right windowo_O
     
  16. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK

    Thast how i have done it.
     
  17. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    Thanks Bio-Hazard :thumb:

    Its working perfect as well as a warning resource isolation box pops up now when i start internet explorer as it tries to gain access to my roboform data folder. :)
     
  18. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Do same thing with IE too if you wish. You may just check "Allow this next time" and click "OK".
     
  19. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    Already done ;)

    Thanks Ilya :thumb:
     
  20. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Trying out version 2.40 RC1 and come up against a small problem.

    I created a folder DWTest in MyDocuments and added it in the Resource Protection list for access by my text editor only. When finished testing I deleted all the files in the DWTest folder but I cannot seem to delete the folder itself. I get the following error message each time I try and delete.

    I've removed the text editor process and folder from the resource protection list and the folder is not in any other DW list.
     

    Attached Files:

  21. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    OK, got it. Could you, please, provide me all the information, step-by-step- how did you exactly set up this folder with "resource protection" list, how did you work with it with your text editor (and what is your editor's program name), how did you erased files and folder. Just step-by-step I could reproduce it.
     
  22. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    OK Ilya.

    Will PM you the details since I've managed to reproduce the error.
     
  23. Reimer

    Reimer Registered Member

    Joined:
    Apr 6, 2008
    Posts:
    217
    I'm a fairly new user of DefenseWall so forgive my ignorance.

    Can someone explain exactly the purpose of "Download Areas"? I'm not quite understanding it.

    So the files I save in C:\Downloads, for example, are untrusted anyway. Setting a Download Area sets these files on "Defense Excluses" but what for? In what way would an untrusted program need to modify downloaded files aside from writing them to hard disk?


    Another question is, assuming my system is already perfectly clean of malware, what happens with all these events and changes that legitimate software attempt to make?

    For example, if I check the Events Log, I'll often get events like
    msnmsgr.exe - "Attempt to set value AppData within the key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"

    What if these changes should be made? Or is it like a case where if you need to update Firefox, you need to run as trusted first?

    Otherwise, I'm enjoying the program so far. I've pretty much been running with the default values since installation.
     
    Last edited: May 10, 2008
  24. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It means that if you download some file, it automatically puts into "Defense Excludes" list - otherwise, it would be impossible to save new downloaded pieces into it. DA allow you to remove those files from "Defense Excludes" automatically after two weeks period have passed.

    That events are about standard Windows functions that do that. It is normal, but contains potential dangerous things inside (malware may use such the activity in order to modify sensitive system data). Anyway, everything is fine with legitimate programs running untrusted- why to change something ain't broken?
     
  25. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    OK, everything is clear with it. Windows standard GetOpenFileName function requires OFN_NOCHANGEDIR- otherwise, it opens and locks up upper folder. Improvement will be released with RC2 build, today or tomorrow.
     
Loading...
Thread Status:
Not open for further replies.