Malware Defender - New HIPS from China

Discussion in 'other anti-malware software' started by johncage, Aug 11, 2008.

Thread Status:
Not open for further replies.
  1. MeFer

    MeFer Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    89
    Re: Malware Defender 1.2.3 beta1 is released

    Thanks
     
  2. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    Re: Malware Defender 1.2.3 beta1 is released

    Amazing! The chkdsk issue was reported by spidey on Dec 14, & now it's fixed -- just 2 days later!

    Excellent support for a truly exciting HIPS.
     
  3. spidey

    spidey Guest

    I agree. Thanks for the fast update!!
     
  4. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Re: Malware Defender 1.2.3 beta1 is released

    You need to exit MD and disable protection before upgrading.

    MD record logs in following situations:
    1. The matched rule is explicitly set to log event.
    2. An alert of suspicious action is displayed.
    3. A rule is created when using learning mode.
    4. A suspicious action is denied when in silent mode or user interface is not running.
     
  5. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
  6. spidey

    spidey Guest

    Xiaolin,

    I was wondering if you have any plans to include application checksum checking in any future release of Malware Defender? Thanks for creating such a powerful and easy to use application!
     
  7. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    I do not decide whether to implement such feature or not.

    All executables(.exe, .dll, sys...) can be infected, it's not enough to check .exe file of applications. But checking all executable files may slow down the system and increase the complexity.

    Thanks,
    xiaolin
     
  8. spidey

    spidey Guest

    Thanks for the reply!
     
  9. JosephB

    JosephB Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    310
    xiaolin,


    xiaolin,

    I just had an idea and question about the concept of application checksumming.

    Instead of verifying checksum executables at run tiime (which could slow pc response time, as you mentioned):
    .... would there be any benefit for MD to have a checksum feature that works by validating the checksum of all executable files (window system and applications) via a verfication scan that only runs at time of boot-up (or background task while booting up) and only when MD is re-enabled following a prevoius disabling of MD ? This way no slowness at execute time (since checksum not checked at execute time)

    just an idea, ... would this be of any benefit or maybe it is not practical at all.
     
    Last edited: Dec 18, 2008
  10. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    Better yet - have it verify checksums on-demand only (but NOT if such a feature starts us galloping down the road to a bloated MD).
     
  11. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    Hi, i have this error when shutting down my PC (Winxp) even when malware defender is in learning mode. However, no error message when when i exit malware defender first, then shutdown PC.

    "dwwin.exe - DLL Initialization Failed -
    The application failed to initialize because the window station is shutting down."

    How to resolve?
     
  12. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    It seems an application is crashed when shutting down. dwwin.exe is a part of the Microsoft Doctor Watson error reporting tool.

    Did you checked the "In learning mode..." option in options dialog -> Protection?
     
  13. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    Yup the Box is checked.
    Within the same dialog, i also checked "In learning mode, if explicit "deny" ....... do not permit the action"
     
  14. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Could you uncheck the "In learning mode, if explicit "deny" ....... do not permit the action", then try learning mode again?
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Let me suggest an optional real time process monitor like in System Safety Monitor. No other HIPS has this unique feature so far.
     
  16. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    295
    I use the Process tab in MD to see the active processes in Windows. I am not sure if the process monitor in SSM has more unique features or not.

     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Hmmm... i did not use MD except once. In SSM it pops up if u have a new process running that has no rules or blocked rules, like if u disable SSM and a new process is run on ur PC, then u re-enable SSM, it will warn u about the new processs running.
     
  18. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    tried still the same.....
     
  19. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    I will try to resolve the problem in next release.

    Thanks
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.