Malware Defender - New HIPS from China

Hi wat0114,

I saw some strange application behavior when I made the mistake of keeping my MD 1.1.3 ruleset when I upgraded to MD 1.2.0. Doing so broke both Proxomitron and Thunderbird (and probably other apps as well). From the short time I played with MD and Jetico, I think both apps need some time to learn how the other works.

Nick

 

You must exit MD and disable the protections before upgrading.

If the UI of Malware Defender is not running, but the driver is running and realtime protection is enabled (even in learning mode), please run Malware Defender and then exit it.

 

That may have been the problem with my instal as well. Good point nick.

I think so too.

Thank you for the tip xiaolin! Eventually I'll figure out how this HIPS works

 

MalWare Defender is strong and fast but i will love to see a litle pop up(alert pop up)at the rigth bottom corner about what has been block and why

 

I think there are more pressing things than red alerts.

 

i know,permit or denny

 

MD does issue a pop-alert when it encounters something that isn't covered by an existing rule. That is the ONLY kind of pop-up that I want to see.

I am not fond of HIPS that do pop ups when they execute EXISTING rules. Those pop-ups can make for an excessively "busy" desktop -- very distracting & largely unnecessary.

MD has a log for tracking all permit/deny activities -- much better than pop-ups and FAR less distracting, in my opinion.

(NOTE to Xiaolin -- If this sort of extraneous alert is added, PLEASE make it optional).

 

yes i understand but i will love to see some thing nasty like a worm or sort of to be notify about the block,it is just me and no i dont like tons of pop ups also,but like i said i want at least know that i am protected even if i know i am

 

Congrats and keep this development in full swing pls. It is an amazing HIPS and in my testings so far it catches nearly if all my malware collections, a feat in and of itself without a doubt.

Plus is very user friendly and super compatible with no noticable conflicts as of yet and i don't expect very many.

 

are there any proposed rule-set that we can download and apply?

 

not yet

 

Hopefully Alcyon is monitoring this thread and also using MD. If so, perhaps he will be so kind as to share his rule set with us, as he did so superbly for EQSecure.

 

I'm but a peep amd a squeak from making my own purchase for this MD. I really like what i discovered so far, and in fact it eliminates some other of my layered approach apps so i hope he welds MD tight enough to prevent tampering it from being disrupted or closed.

Excellent Effort.

EASTER

 

Did just that a little over a week ago after the trial ran out.
Very happy with MD and looking forward to the next release, hopefully it will include network access control.
Working flawlessly here with Look'n'Stop and DefenseWall.

 

You couldn't dynamite me from the fabulous EQS 3.41 + with Alcyon's Multiple Rules but this Malware Defender is excitingly & extremely well made and IMO displays it's board of rules on alerts that are simple enough to understand. I can just imagine if Alcyon applies his in-depth rules to this HIPS. I don't want to over-hype this HIPS, but it's a very attractive choice (for me) as a second HIPS!

EASTER

 

Malware Defender 1.2.1 beta2 is released

The beta version is available for download at http://www.torchsoft.com/download/md_setup_1.2.1_b2.exe

what's new?
- Added protection against modifying kernel objects of known dlls.
- Added protection against duplicating handles.
- Added protection against debuging processes.
- Added several built-in file and registry rules.
- Added several search locations of autostart applications.
- Changed all the "Ignore" to "Ask" in system application rules to avoid being affected by low prioirty rules.

MD should pass more tests of the new Comodo Firewall Test Suite.

About the failed tests:

Hijacking: ActiveDesktop - I think there is a bug in the test. After adding "*.htt" file rule, MD should protect against chaning active desktop.
Invasion: RawDisk - It test reading raw disk. MD only protect against writing raw disk.

 

Re: Malware Defender 1.2.1 beta2 is released

Amazingly fast & effective progress!!!

Buying a license at a 1-off price was the smartest thing I've done in a long while.

 

Re: Malware Defender 1.2.1 beta2 is released

I also want to purchase a license for this at end of trial. Last night, however, selecting the Hooks tab froze my pc; a reboot was necessary to recover. Afterwards it was okay to select it. Also, it is strange that with NOD32 ver 2.7, I can find only one process - nod32krn but I can not find the other - nod32kui anywhere in the rules?? The process is clearly running so I would think it should show up somewhere in the rules, and I did not make Nod a trusted application.

At any rate as others have said, this is excellent progress on a very solid looking and lightweight HIPS.

 

Re: Malware Defender 1.2.1 beta2 is released

The following option is selected by default.


And if the application do not need special permissions, it will be only exist in the child application list of parent app.

 

Re: Malware Defender 1.2.1 beta2 is released

Thank you xiaolin. I did have that option un-checked, but I did so shortly after running in "Learning mode' for a couple reboots. That is likely the reason so I will do some checks with this latest beta.

 

1.2.1 beta 2 is running smooth. No issues so far.

Is 1.2.1 the version where you plan to add networm monitoring?

 

You just go ahead Professor bellgamin with continued positive reports as you been doing and you'll be credited with my purchase of this super-HIPS!

I been testing it thoroughly myself and although i prefer to take some credit as a more technically observant researcher in these type apps during research from these 21st Century innovations when pitted against severe malwares of all sorts, your own summations and results greatly encourage my enthusiasm and line up on a level equal to your own.

EASTER

 

V1.2.1 is a minor update, and will be released next week. The network monitoring feature will not be finished in a short time, a lot of work should be done.

 

No problems here xiaolin. Take your time to do what's necessary to improve on an already terrific product

 

that is good news xiaolin,take your time