Malware Defender - New HIPS from China

Discussion in 'other anti-malware software' started by johncage, Aug 11, 2008.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,280
    Location:
    U.S.A. (South)
    I'm excited finally that more developers are seeing the usefullness of pure HIPS enough to realize there definitely is a viable market for them, and the better they fashion them, the more security customers can enjoy from these type efforts. Plus, constructive competition is a very healthy benefit for all concerned.

    EASTER
     
  2. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,072
    Location:
    Europe, UE citizen
    Quote, I've always thought that it needs to have a dedicated HIPS program, developped as HIPS and different from HIPS functions of the av/fw. I have KIS, but I use it as av/fw, and I have SSM as HIPS.
     
  3. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    MD may cause high CPU usage when starts. It need to initialize the process list, and verifying file signatues. Users may have better experience than initializing the process list when using it.
     
  4. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,674
    One interesting thing happened since installing Malware Defender, I had an unexpected reboot when I went to scan a file with DrWeb, never happened with DrWeb before. Maybe a fluke, maybe a conflict. I'll see if it happens again. Weird cause before that happened I scanned a folder with alot more files inside without a hitch.
     
  5. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Is it possible to "permanently" close a process' window?

    I.e. shut down a window and instantly close it each & every next opening try (similar to Window module in SSM).
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,674
    Is this what you mean?
    Process/ General / Execute permission / deny
     

    Attached Files:

  7. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    In SSM, I'd use this feature to get rid of this kind of window (or with similar Antivir's nagging sub-window):

    M-D_2.png

    Is it possible with MD?


    EDIT: I did not find a way to accomplish this, but I do like the feel of Malware Defender and am thinking of buying a license.

    The only glich I had, playing with it for some hours, was a big system freezing to the point I had to hard reboot the pc. It happend after its opened window stop responding and while MD was in learning mode.
     
    Last edited: Sep 14, 2008
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,333
    Location:
    Hawaii
    @ruinebabine-- Would you mind deleting that big white block of nothing at the bottom of your post? Please.
     
  9. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    done.
     
  10. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    MD do not support such feature.
     
  11. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Malware Defender 1.1.1 is released.

    The new version is available for download at http://www.torchsoft.com/download/md_setup.exe

    What's new?
    - Added multiple selection support to process manager and kernel module manager.
    - Improved protection against broadcasting messages.
    - Fixed a bug when executing actions from multiple threads of same process. The program will ask user even if a rule is created.
    - Fixed bugs in file reading protection.
    - Fixed a crash bug in the process manager.
    - Fixed a bug when handling registry rules.
    - Fixed a bug when deleting files.
    - Fixed a bug when all protection is disabled. New processes will be suspended in some cases.
    - Decreased the size of installer by changing the NSIS compressor.
    - Minor improvements and fixes.

    Known issue:
    MD may cause Process Monitor to freeze when file reading protection is enabled. If you are using Process Monitor, please do not log file reading events, and do not set read permission of file rules to DENY or ASK.
     
  12. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,674
    xiaolin,
    Install new version over top of of older version (beta) or is it best to uninstall old version first?
    Thanks.
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,739
    Location:
    Canada
    i installed over the old one but dissable first and no problems:thumb:
     
  14. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell

    hi xiaolin and welcome in here !!!:thumb:
    MD is great and very powerfull if u dig in to it ... nice work so far on it mate.!!


    there is some thing look very "ugly" or in bad order and i am talking on the
    "rules" ruler .

    take alook at the "application rules" and see its not all in the right place.
    i think litle cosmetic can do the trick there

    cheers:D
     
    Last edited: Sep 15, 2008
  15. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Could you describe the problem in more detail? Thanks :)
     
  16. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Malware Defender 1.1.2 is released

    What's new?
    - Fixed a bug may cause BSOD when handling very long file paths.

    Sorry for the bug!:oops:
     
  17. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    yes sure its simple , when i open the "application rules" (under label rules")
    its shown also "trusted application" "blocked application" both are as root + lots of program names listed under.

    maybe u can take "trusted application" "blocked application" to main root not under "application rules" ? it will make view and understand more easy

    cheers
     
    Last edited: Sep 15, 2008
  18. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,674
    Thanks, did the same. Installed fine. :thumb:
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,333
    Location:
    Hawaii
    I have a similar concern. For example, I would like to see a list of "trusted" applications. So I click on the Trusted Group, but... NO list.:(
     
  20. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Thanks!

    If you add apps to the group, there will be a '+' ahead of the group name.

    The application groups actually are application rules, moving to main root is not suitable.
     
  21. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I exchanged some emails with Xiaolin on this subject. The folder-less apps that are listed are not trusted apps. These apps have special permissions beyond being allowed to execute. It's up to the user to populate the Trusted folder. So far, I have not seen the need to do so.

    I agree that the application tree needs works. One improvement, for me, would be to add a folder/category for all child applications. Child apps only have permission to execute and are not listed in the basic "special permissions" view. You have to dig to find them (by taking a look at the child apps listed under the properties for parent apps like explorer.exe and svchost.exe.)

    Nick
     
  22. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    I will improve the UI of rule manager in v1.2.
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,739
    Location:
    Canada
    yourwelcome.
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,280
    Location:
    U.S.A. (South)
    Keep up the nice effort on this HIPS. I been saying all along the global internet community needs a few more entries in this pure HIPS field, and it stirs excitement as well as anticipation because HIPS, carefully and thoughtfully designed, is a fantastic deterrent against forced intrusions and makes a huge difference when it comes to Windows security. It's a welcome relief you've taken up this special field, and with the expert scrutiny your program will receive right here from members, it's a sure bet your HIPS will sharpen even beyond your own expectations as well as ours.

    Another welcome and thanks for listening and all you do to try to fine tune it to most everyone's expectations.

    Regards EASTER
     
  25. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    cool , looking forward this :thumb: btw awesome appz , :cool:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.