Malware Defender - New HIPS from China

Discussion in 'other anti-malware software' started by johncage, Aug 11, 2008.

Thread Status:
Not open for further replies.
  1. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    There's no need to team up, wat0114. I'll play with MD in my spare times and you'll probably see a ruleset next year.
     
  2. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Malware Defender 1.2.2 beta1 is released

    The beta version is available for download at http://www.torchsoft.com/download/md_setup_1.2.2_b1.exe

    what's new?
    - Added support for jumping to the same registry key in HKLM or HKCU by context menu.
    - Added "Go To Referenced Key" command to the context menu of registry editor when the selected key or value contains a valid ProgID or ClassID.
    - Added "Open Containing Folder" command to the context menu of registry editor when the selected key or value contains a valid folder or file path.
    - Added "Open URL" command to the context menu of registry editor when the selected key or value contains a URL.
    - Added support for logging related data of actions. (command line, handle name, hook type, etc)
    - Added new built-in registry rules to protect against changing files and folders settings of explorer.
    - Changed execute permission of system application to "Ignore" if it is "Ask".
    - Fixed a bug when creating rules in learning mode.
    - Fixed a display bug in autostart manager.
    - Fixed a bug when parsing registry path in address bar.

    Known issue:
    1. There is a bug in "logging related data of actions" feature. If the action is "Set registry value" and the value data is binary, the data is not converted to string.
     
    Last edited: Nov 21, 2008
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    This beta is running stable on my computer. I installed it "on top."
     
  4. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    This beta is running fine here too (on XP Pro sp2). :thumb:

    And I find it great news seing you incorporated some of the nice RW's features in this MD's build. As Malware Defender is already neat right now, your deep knowledge of windows' registry arcane inners and your continue support dedication to squash any reported bug put a reassuring feeling and enrich my confidence in this classical HIPS brilliant futur!
     
  5. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,593
    Location:
    U.S.A. (South)
    Keep rollin 'em out

    Excellent HIPS
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,683
    I'd be very interested in this, hopefully MD will have outbound network access protection before you complete your ruleset.
     
  8. spidey

    spidey Guest

    I've been using Malware Defender for 2 weeks now and have found that I cannot run chkdsk on reboot. The 2nd index check stops at around 60% with an "unidentified error". If I disable Malware Defender and set it to not start with Windows, my chkdsk on reboot will run without a problem. I tried setting chkdsk to "Grant Full Permissions" in Malware Defender without any success. Has anyone else encountered this problem?

    Jetico Firewall also flagged Malware Defender yesterday trying to connect to 65.54.87.117 and 65.54.87.118. Does anyone know what these outbound requests are for?

    Thanks in advance for any help!
     
  9. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    65.54.87.117
    cds114.sjc9.llnw.net

    65.54.87.118
    cds115.sjc9.llnw.net

    65.52.0.0 - 65.55.255.255

    Microsoft Corp
    One Microsoft Way
    Redmond
    WA
    98052
    United States
     
  10. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    MD by default verifies file signatures automatically by contacting Microsoft's servers (including those your firewall identified).

    Nick
     
  11. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Nice find spidey. I see a similar problem on Vista. With MD in learning mode, when I run chkdsk /f and reboot, chkdsk hangs at 7% of "Stage 1 of 3". It eventually times out and Vista loads. If I disable MD's startup, chkdsk completes normally.

    Nick
     
  12. spidey

    spidey Guest

    Thanks for the IP info Einsturzende and nick s. I've been using CyberKit for years to do nslookups and didn't recognize the hostnames. I'm going to start using IPNetInfo to do whois lookups from now on.
     
  13. spidey

    spidey Guest

    I didn't mention in my original posting that my issue with chkdsk is on XP. Did you try changing anything in your rules to fix the issue in Vista? I tried everything I could think of and still no luck. I also have started having problems with ERUNT's autobackup failing. I'm still trying to determine if that's being caused by Malware Defender or not.
     
  14. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    To spidey and nick_s: Thanks for the information. I will check the problem.
     
  15. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    When troubleshooting MD, I apply learning mode first. Learning mode should not break anything. If it does, then playing with rules will probably not help.

    Nick
     
  16. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
  17. JosephB

    JosephB Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    310
    nick s, xiaolin,


    .... Does "verfiying file signatures" with Microsoft, mean that its checking that the Windows System Executables are properly "signed" with certificates or does it mean something else ?

    .... What happens if you often use your pc without being connected to the internet ?
     
  18. zen_usuario

    zen_usuario Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    153
  19. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    MD check the file signatures of all executables, not only Windows system executables. If the file pass the verification, it means the file is signed with certificate of the vendor.

    MD use the APIs which provided by Microsoft to verify file signatures. If an internet connection is unavailable, MD may failed to verify some files.
     
  20. pidbo

    pidbo Registered Member

    Joined:
    Dec 25, 2006
    Posts:
    198
    I don't want security software to call out to companies like this. That is one of the reasons that I have security software in the first place to keep out the snoopy corporate world.
     
  21. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    MD's "calling out" is optional. You can disable kernel symbol download/updates when you first install MD. You can also toggle off file verification via Tools > Options > General. You will diminish MD's shield by doing so. I would keep both enabled.

    Nick
     
  22. pidbo

    pidbo Registered Member

    Joined:
    Dec 25, 2006
    Posts:
    198
    Thanks for the info nick s

    I think I would prefer call outs to servers outside my machine to be turned off by default
    and then give me the option to turn it on if I felt I wanted that.
     
  23. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Malware Defender 1.2.3 beta1 is released

    The beta version is available for download at http://www.torchsoft.com/download/md_setup_1.2.3_b1.exe

    what's new?
    - Fixed a bug that may cause chkdsk error when startup.
    - Fixed a bug when creating rules for named pipe in learning mode.
    - Added support for resizing the registry rule dialog box.
    - Changed the default setting of "Allow signed applications to be run by system applications" to unchecked.
    - Other Minor improvements.
     
  24. MeFer

    MeFer Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    89
    Re: Malware Defender 1.2.3 beta1 is released

    -Can be install over 1.2.2 ?

    -I also noticed that if write permition rule put ask on Global Registry Rule (*)
    automatically log all,but log box unchecked ?
     
  25. wat0114

    wat0114 Guest

    Re: Malware Defender 1.2.3 beta1 is released

    I installed over top with no problems so far.

    I confirm this with latest beta. Personally I would leave this rule at the default "Permit", otherwise alerts will be almost non-stop.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.