Malware Defender incompatible with O&O Defrag

Discussion in 'other anti-malware software' started by Rui, Feb 26, 2009.

Thread Status:
Not open for further replies.
  1. Rui

    Rui Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    141
    Location:
    Portugal
    I have been trialing Malware Defender and it seems to me that this quite nice HIPS appears to be, at this moment, incompatible with O&O Defrag.

    When starting an offline defragmentation job, my computer gives the BSOD FAILED INITIALIZATION. This never happened when I didn't have Malware Defender installed.

    Also, when performing a scheduled defrag jog with O&O (version 10), the computer freezes, and all icons disappear from the desktop. The only way to regain control over it is to power it off, and then on again.

    I had to revert to an image, which I made before installing Malware Defender.

    I am running XP Pro SP3.

    Could xiaolin investigate this isssue?

    Many thanks in advance.

    Rui
     
  2. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Hi Rui,
    I have just tested both offline defragmentation & a scheduled defrag job using latest O&O Defrag Version 11.1.3362 with MD 2.0.5.
    I had no BSOD or any other error using MD in learning mode. Here are the permissions generated by MD:

    c:\windows\system32\oodtray.exe:

    Execute allow,
    Child Applications - c:\program files\oo software\defrag\oodcnt.exe Permitted
    Network - TCP [Local host : Any] -> [127.0.0.1 : Any] Permitted

    c:\program files\oo software\defrag\oodcnt.exe

    Execute allow,
    Child Applications - c:\program files\internet explorer\iexplore.exe Permitted
    Network - TCP [Local host : Any] -> [127.0.0.1 : Any] Permitted

    c:\windows\system32\oodag.exe:

    Execute allow,
    Access physical disk allow,
    Registry - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services, value=OODBS - Permit

    c:\windows\system32\oodbs.exe:

    Execute allow,
    Access physical disk allow,
    Drivers - c:\windows\system32\drivers\oobctm.sys - Permit
    Registry - HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services value=OOTextMode - Permit
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OOTextMode value=ImagePath - Permit

    If you are having further problems then I'd suggest moving:
    oodtray.exe
    oodcnt.exe
    oodag.exe
    oodbs.exe

    into Trusted Applications group:

    In Malware Defender select the rules tab. Right click the application you wish to move into the 'Trusted Applications' Group, then from the context menu select 'Move to Group' and select 'Trusted Applications'.

    EDIT: Added Colour.
     
    Last edited: Feb 26, 2009
  3. Rui

    Rui Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    141
    Location:
    Portugal
    Hi tony62

    Thanks a lot for your detailed reply!

    I am going to follow your advice and give Malware Defender another try, after imaging my system once again (just in case...). So, before rebooting the computer, I'll put all these exe's in the trusted applications list. and see what happens.

    By the way, although a littlle off topic, I am using O&O Defrag version 10.0 build 164. Do you think it is worth upgrading to version 11?

    Will post later, providing some feedback.

    Thank you again and best regards

    Rui
     
  4. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    I do not use O&O Defrag, so I am unable to suggest upgrading.
    However if your problem is related to the version you are using and you really wanted compatibility with MD, then maybe you should trial O&O 11 first.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Just put MD in learning mode the first time you run it. That should work.

    Pete
     
  6. Rui

    Rui Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    141
    Location:
    Portugal
    Thanks tony62 and Pete for your suggestions, which I am following now.
    So far, so good. So, let's wait and see...
    By the way, MD seems to be a terrific HIPS!...
    Best regards to both of you.
    Rui
     
Loading...
Thread Status:
Not open for further replies.