Defensewall whitelist questions

I'm a lazy ass and don't want to use DW's expert mode since I am no expert. Are the whitelisted program lists proactively created after some sort of application analysis? What if I accidentally run an altered version of a default whitelisted app? Would DW catch it and make it run untrusted? Basically, how safe am I when I use default mode vs expert?

 

HI,

You only have to enter the untrusted aps. There are some defaults, but make sure all your e-mail, chat, skype, webbrowser, p2p, gamespeak, phone download softeware is added (via a standard add file windows dialogue).

 

Are you saying I should manually run all apps I open with the right click menu as untrusted? Secondly, does defensewall offer any user aid or information via context menus/tooltips? I find that its interface and help file are lacking. How will I know if I'm infected with anything if everything is done manually with defensewall? If that's the case, I'm thinking of sticking exclusively with Prevx1. Out of every other HIPS, it wasn't too intrusive like SSM or a resource hog like CyberHawk.

 

There are four ways to run application as untrusted.

1. There is built-in list of known threatgate applications. It installs on demand or during installation process.
2. Add in into untrusted list manually.
3. With right-click menu.
4. Application have been created by untrusted process and already in untrusted list (default mode).

Yes, via Explorer's context menu.

Will be improved for v2.0.

1. If malware is within untrusted area- you will never been infected as malware won't be able install itself propertly into your system.

2. Definition of penetration is a not DW's job as it is not an expert HIPS. At least, current versions...

 

That's what I need in my frozen FDISR-snapshot, to protect me against infections in the period between TWO reboots.
Security softwares that prevent the installation and execution of malware have my full attention.
I have Anti-Executable and DefenseWall on my wish list already. Now I'm trying Sandboxie.
Even when these three softwares fail, I still have my frozen snapshot to remove the rest.

 

HI, Monkey face

Defensewall is real easy. The default programs marked by DW as untrusted my wife uses are:
- MS outlook express mail
- MS internet explorer
- MS media player

Some weak programs are added by DW to this list by default
- hh.exe
- winhlp.exe
- tftp.exe
- ftp.exe
- ntvdm.exe

I added:
- LimeWire as her P2P program
- Scriptdefender (it intercepts all scripts, now all scripts run untrusted)
- 7Zip (is my default unzip program, DW handles windows zip, but with
this 'trick' all archives unpacked files are untrusted)
- DVD/CD Rom, the 2 USB-stick drives and the floppy drive
- The shared directory of limewire and the incomplete download directory
- Her Nokia 73 download manager

So all is very limited and very transparent.

Erik Albert,
When you use an anti-excutable (AE of FD which would be your first choice due to its compatibility with frozen snapshots, on-line armour, primary response safe connect) with default white and black lists and DefenseWall
you problably have the safest and user friendliest defense on top of your R.I.P.S protection

 

Finally somebody at Wilders, who fully understands me.

P.S. for all members :
R.I.P.S. doesn't exist, I heard about H.I.P.S. and C.I.P.S., but never R.I.P.S.
It's my sense of humor. LOL.

 

That is a part of the joke, my R.I.P.S. can also end up in a complete disaster.