Malware Defender - New HIPS from China

Hi,

Need a bit more info. What MD version are you using? What's your OS (2000/XP/Vista)? In your task manager, do you see either the MalwareDefender.exe or mdservice.exe processes running? Are you logged in as a limited user? Can you start MD manually (by double-clicking one of its program icons)?

Nick

 

I have it uninstalled.
don't know what version but i downloaded it last night.
nope, MalwareDefender.exe or mdservice.exe not running.
I log in as Admin....

perhaps it is due to SSM...

 

Malware Defender 1.2.0 is released.

The new version is available for download at http://www.torchsoft.com/download/md_setup.exe

NOTE:
The rule architecture is improved in v1.2. If you upgrade from v1.1.3, it is highly recommended to rebuild all the rules. You can delete rules.* in the installation folder before upgrading. Sorry for the inconvenience.

what's new in v1.2?
- Improved the rule architecture.
- Improved log functionality.
- Added support for verifying file signature of auotstart applications in background.
- Added support for exiting MD without disabling protection.
- Added support for using hot keys to execute some commands.
- Added support for searching rules.
- Added support for displaying permission settings of application rule in the tooltip.
- Added support for displaying stale rules before deleting.
- Added a menu item to remove temporary rules manually.
- Added support for using relative path in file rules, child application rules, target application rules, driver rules, hook modules rules, and allowed applications. A relative path is beginning with ".\" (current
directory) or "..\" (parent directory), and there can be more than one "..\".
- Fixed a bug that may cause BSOD.
- Minor improvements and fixes.

what's new in the rule architecture?
- Added "Ignore" and "Deny and kill the process" permissions.
- Added target application rules to make rules more flexible.
- The child application rules have higher priority than the "Create new processes" permission.
- The driver rules have higher priority than the "Loading kernel drivers"
permission.
- The hook module rules have higher priority than the "Install message/event hooks" permission.
- The target application rules have higher priority than the "Access memory of other processes", "Control other processes and threads", or "Send and receive messages" permission.
- If an action of creating process is detected, Malware Defender will search application rules for child process also. If the execute permission of child process is not "Permit", and the rule priority is higher than the matched rule of parent process, then the execute permission of child process will be used.

For more information, please read the help.

 

Thank you xiaolin,

I'm eager to try this out Is it okay to install it over the current beta 5?

**EDIT**

xiaolin, the version from your link is 1.1.3!? I installed it and that is the version in the "about malware.."

 

As a registered user I received a very brief email notice of the upgrade today. Since I was unaware of any way to EASILY delete rules except by uninstalling MD, I therefore proceeded to uninstall MD before installing the new version. Then I had to re-enter my registration license code, revert to learning mode, etc. PITA!!!

I am VERY unhappy with the fact that Xiaolin continues to provide faster & better information to Wilders forum than he does to his paid customers.

I am an active participant on a lot of security forums (e.g. Gladiator, DSL Reports, Techimo, Dozleng, etc) & software review groups (e.g. Beta News/File Forum, Download.com, etc). I have favorably reviewed & recommended MD on several of those forums, including Wilders. However, I am very upset by MD's shabby treatment of current users & will CEASE to be a *happy customer* if MD continues this practice of poorly informing existing customers.

 

Hi bellgamin,

what is the version number showing for yours? I keep getting 1.1.3 from xiaolin's link.

 

You can download it here: http://torchsoft.com/en/download.html

Thanks xiaolin, that's a really Superb hips

 

That's the right version! Thank you Alcyon

I agree.

 

I have 1.2. See screenie.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Please offer a link for purchase of MD (i'm in USA) because i refuse to let this HIPS escape my inventory. It's really that very well built and i;m gonna bring a PAID version on-board no matter what.

EASTER

 

Thank you bellgamin. Alcyon provided the link just before you posted. I hope you are not too hard on xiaolin just yet, especially since he's provided what seems to be an outstanding product thus far. I'd give him some time as he's probably working on limited resources atm.

 

Pls pass along the newest release and retail link because theres no way i can let this pass .

EASTER

 

Check out Alcyon's post #282. It's all there

 

Or this one: http://torchsoft.com/en/purchase.html

 

Much appreciated Alcyon

Thank You Kindly

 

More I play with Malware Defender & Registry Workshop, more I see them as one of the more stunning combo of lifetime-licensed value $60 can buy!

With the upcoming outbound protection feature, MD should then be ready to replace SSM on my main FD-ISR's system snapshots. Let see who from MD and DW will win the outbound stampete and how each will implement this feature... Ilya and xiaolin are both most excellent software developers, within each his own working & support style !

[EDIT: orthogr. corrections]

 

Im going to try MD just because it can remove hooks and other things which i haven't seen in other hips so far.

 

i have mdservices.exe running....
but the icon not running in the left taskbar...
is it correct?

it only appears when i double-click it from the desktop.

i have uncheck both MD hide when started and minimise

 

I'm sorry for asking this,but is this strickly a public beta developement or can we sign uP for a private beta to better offer feedback and/or bugs?

Thanks many times over xiaolin for taken up this torch in the HIPS field. A very welcome generosity on your behalf and your team. All the best my friend.

EASTER

 

Dear bellgamin,

Could you recheck the notify email? I have write the same instructions in the email.

EDIT:
I am wrong, I omitted the "v1.1.3" in the email, it's my mistake. I incorrectly assume the users did not install beta versions. I am sorry and this will not happen again.

 

It's OK. There is no tray icon for mdservices.exe.

 

No, it should be there. You might try enabling "Learning mode" under Options -> Protection, re-boot, then see if it's there after logging back on. Either that or you may have another program conflicting with MD.

from your post #277:

yes, it could be. This is too much overlap imo.

 

There are no private beta versions, except making special build to fix specific bugs. But the special build will be sent to the bug reporter only.

 

could be... hee heee

 

thanks alot... continue the great work...
xie xie...