Malware Defender 2.1.0 beta

I did some quick tests and can confirm that MD's network functionality depends on Vista's Base Filtering Engine (BFE) service. The Windows Firewall (MpsSvc) service is not a factor. Given this dependency, I added a new registry rule to protect BFE from being tampered with...

 

Thanks for confirming this. I can't believe no one else noticed this or had an issue with it, considering how many people disable the built in windows firewall. It's also unusual that the dev didn't point this out as a possible cause.

MD doesn't appear to turn the service on automatically or notice when it's shut down. A serious oversight for such a critical element, IMO (unless it's only an issue on my system).

 

I will fix it in next release. thx

 

Hi, after extensive testing, I would like to make a request if possible:

When an alert window pops up, under create rule for this action there are 2 options:
- Permanent Rule
- Temporary rule (until process exits)

Since some process automatically re-launched, I would really like a 3rd option, like:

- Temporary rule for the next ** minutes (like RTD)
- Temporary rule which will be deleted on next system reboot

Please consider implementation, thanks.

 

Thanks for the suggestion. I will think about it but the alert window is already big. You can put those processes in a special group and delete it manually later.

 

Malware Defender 2.1.1 beta1 is released

The beta version is available for download at http://www.torchsoft.com/download/md_setup_2.1.1_b1.exe

what's new?
- Added protection against controlling processes using DDE.
- Added support for Windows 7 build 7068.
- Added support for running in safe mode to change rules and settings.
- Moved rundll32.exe out of system applications rules.
- Changed the default initial file rules of explorer.exe to allow accessing all files.
- Fixed a bug when renaming rule group.
- Fixed a bug when verifying file signatures.

It's recommended to search rundll32.exe and delete all rundll32.exe in child applications rules. You may need to restart your system in learning mode to create new rules for rundll32.exe.

 

Xialin,

Would it be possible to also show the comment line when showing a pop up (of thet specific rule)

Thx

 

Actually, the feature is implemented in this beta release.

 

Thanks, but I do not see my own description in teh pop-up using beta 2.1.1 b1 at teh moment?

 

Re: Malware Defender 2.1.1 beta1 is released

i think this change will fix the all hangout or cpu high load +sysytem hangout


will check for some times and see

 

Re: Malware Defender 2.1.1 beta1 is released

can u write step by step how to do it?

10x

 

Re: Malware Defender 2.1.1 beta1 is released

This change is intend to reduce alerts when manipulating files with explorer.exe. It's only affect the initial rules (fresh installation or select Rule menu->Restore Default rules). If you upgrade from old versions, you can create a permit * rule in explorer.exe.

Thanks,
Xiaolin

 

You press "CTRL + F". Then you type "rundll32" in the searchbox and then you delete all instances found (including child applications' rules)

 

Re: Malware Defender 2.1.1 beta1 is released

1. Edit menu -> Find Rules -> search "rundll32.exe"
2. Double click the item in the Rule Find Results to jump to the rule, if it's a child app rule, delete it.
3. Restart system in learning mode.

 

i did fresh install an a never installed MD before , i still found like u said "rundll32.exe" rules , so do i need to dell them all ?

 

Yes delete them all and then reboot and put MD in learning mode for 30 minutes and during this, do some ordinary PC jobs, including windows update

 

10x mate but Xiaolin says i need not if its a fresh MD install...

 

Question:

Does the new beta support Windows 7 x64 ?

Hunter42

 

Running the latest beta. Smooth as silk. Cleaned the rundll32.exe schtuff easily.

MD is THE most actively maintained HIPS. Simply superb!

 

Yes, thanks very much xiaolin

 

MD do not support x64 yet. thx

 

Thanks again for the update xiaolin! BTW, can you or someone provide an example test for the DDE control?

 

There is a DDE test in Security Software Testing Suite found in Level 6 by http://www.matousec.com/
Not sure how relevant it is though

 

Thank you tony! I was just curious to see how MD responds to it because the protection against it was added to this release.

 

Actually, it's a bug that DDE messages are not handled in previous releases.