Defensewall Question.

Discussion in 'other anti-malware software' started by nikanthpromod, Dec 18, 2009.

Thread Status:
Not open for further replies.
  1. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Im new to defensewall . From the DW help file
    http://www.softsphere.com/online-help/defensewall/
    i found this
    DefenseWall HIPS' (Host-based Intrusion Prevention) protection scheme is 'Isolation'.
    Applications and processes which interact with the internet - we call them 'threat gateways' - pose a serious risk to your system safety. Hackers use these threat gateways and applications to penetrate your computer, to infect and alter it or to damage your system integrity.
    DefenseWall marks these threat gateways and processes as 'Untrusted' and they operate in an 'isolated' environment. Any files and applications downloaded or launched through those untrusted gateways are also marked Untrusted - they cannot harm your system.

    So i tried to check effectiveness of DW. I used a trojan downloader , it downloaded files without disturbing DW and infected my system.
    So wats the use of DW. Just for sanboxing browserso_O
    Do u really think its goodo_O
    How it detects and untrusts a programo_O
     
    Last edited: Dec 18, 2009
  2. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    this why ilya made DW3 , its include a firewall , i guess you try version 2.56 (official) ....
     
  3. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Was the downloader set as untrusted in Defensewall?
     
  4. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    im currently using DW 2.56.
    so wats the use of DW 2.56 without firewall
     
  5. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    No:ouch: DW didnt notice that downloader..
     
  6. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    o_O
    Who told you Dwall 2.56 was a substitute for a firewall?
     
  7. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    DW by itself is a great policy-based sandbox HIPS.

    If you have the standalone DW with a third-party firewall/Vista/Win 7 firewall behind a router you do not need the added firewall in DW 3.
     
  8. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Lebowsky and Blackcat. I didnt mean its a substitute for firewall:gack: . Please read my 1st post in this thread and give me an answer if u cano_O
     
  9. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    nik, you have to understand how the program works.

    If you use firefox to access the internet, right-click on the firefox .exe file, and select 'change status to untrusted'. This means all downloads are protected.

    DefenseWall automatically adds Firefox, IE and others by default. All downloads are therefore protected. You can 'protect' any program accessing the internet, not just browsers, just by right-clicking and selecting 'change status to untrusted'.

    So if you download a trojan, it can't do any harm to your system.

    Which program did you use to download this trojan? Was it a browser not recognised by DefenseWall? Or did you add the file straight to your comp, from a USB, and selected 'run as trusted'. Or was the file already on your desktop before you installed DefenseWall? Those are the only scenarios I can think of.

    If you set DW up properly, it does what it says. Take a few minutes to read the online help file to understand how it protects your system.
     
  10. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    I added that file straight to my computer. And executed . It was a trojan downloader ,it downloaded trojans and infected my computer .I setup DW properly and there was no problem with DW at that time and it didnt notice that downloader.:doubt:
     
  11. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    so i have to manually add malwares to untrustedo_O?o_O
     
  12. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    nikanthpromod,
    Did you get infected through your browser while your browser was running as untrusted?
    or did you execute the malware as trusted?
     
  13. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    No. You have to manually add the program which downloaded it. That's the idea.
     
  14. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    please read my first post....
    I didnt do anything to DW. I had a trojan downloader in my pc. I executed that.
    It connected to internet and downloaded trojans .DW didnt do anything.
    After getting infected i scanned my pc with MBAM and it found 15 trojans.
     
  15. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    As with all securitysoftware it's to be installed on a clean machine.
     
  16. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    so if that malware download files without my input invisibly , whats the use of DW.
    DW untrusts removable medias and browsers automatically, not other malwareso_O
     
  17. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    My computer is clean always:D . But i checked DW ,whether it prevents that malware or not. But it failedo_O
     
  18. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    So when you have downloaded the malware with a software which isn't untrusted the malware can download whatever it wants and DW wouldn't notice, because the malware itself isn't untrusted of course.
     
  19. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Then why use DW altogether:D .
     
  20. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    come on man. please understand my question .Why it couldnt make that downloader as untrusted?? Thats my doubt.:doubt:
    From their help
    Applications and processes which interact with the internet - we call them 'threat gateways'
    DefenseWall marks these threat gateways and processes as 'Untrusted' and they operate in an 'isolated' environment.
     
  21. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    OK, man:) . Here goes: read a little bit more :


    DefenseWall has a built-in database of potential threat gateways: applications and processes which interact with the internet and are the doorway to possible infected files and malicious software.

    Add any other applications (executable files) to the Untrusted Applications List that you are using which are not in the this Built-in Default List and are considered to be threat gateways.
     
  22. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    Well if i understood corectly the trojan downlaoder was already on your PC when you installed Defense Wall.If u want to run the trojan,and test DW protection change it's status to untrusted.
     
  23. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    721
    Location:
    Cumbria, England
    If the trojan downloader was already on your machine before installing dw, then it will run as trusted unless you manually added it to the untrusted list or run it as untrusted.
    If you downloaded it with firefox/ie then it would automatically be added to the untrusted list that is how defensewall works, hence why it should be installed on a clean system.
     
  24. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    ok..... so anything downloaded via firefox(untrusted with DW) will be added to untrust list. And if i run that file it will be untrusted. Now that answer is clear:D
    I will download it with firefox again and close all untrust programs. Then i will execute that to check DW. After that ill post my results. Thanks for ur commentsssss:)
     
  25. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Ok so you launched the trojan downloader as trusted,no wonder you got infected.

    Exactly.

    Make sure you protect all the threat gateways, including browsers,media players,cd and dvd's, usb and all removable media. As long as your system is clean to begin with DW is superb in protection.
    Ilya is always very helpful getting any problems one might have solved.
     
    Last edited: Dec 19, 2009
Thread Status:
Not open for further replies.