Malware Defender - New HIPS from China

Discussion in 'other anti-malware software' started by johncage, Aug 11, 2008.

Thread Status:
Not open for further replies.
  1. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,683
    Just noticed a new build is avaliable today 1.1.3
    xiaolin, will or when will you be adding network access detection ?
    Also an update option somewhere ?
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,619
    Location:
    U.S.A. (South)
    Excellent. This developer is focused and best of ALL he LISTENS! and then makes the appropriate improvements within his power of programming to satisfaction. It's exciting to follow this progression as he takes reports from membership here, examines to try to reproduce, and releases updated even better improvements. These are specialty apps, and take a special degree of balancing many factors as well as compatibility, and so far as i see it he's doing his very best to accommadate all users/customers to their and his own expectations.

    And it's such a relief he is locked in correspondence with all of us in this effort.

    My Word? ALL THE BEST! FOR A VERY SUCCESSFUL RUN!

    EASTER
     
  3. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    xiaolin is any chance u may add auto import rules when windows start? it can help alot when u uses a rollback programas like fdisr and rollback / eaz fix...no need manualy add latest ruler .


    cheers :thumb:
     
    Last edited: Sep 25, 2008
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Lead-in to a question - Near the bottom of MD's rule-setting form, I notice that there is a check box labelled "Protect this application from being accessed by other processes".

    Assumption I assume that checking this box would prevent an application from being terminated, suspended, or modified by any other process.

    QUESTIONS Am I correct in my assumption? If not, how can I get MD to protect a given application from being terminated?
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Comments After 2 days of trialing MD, I am VERY satisfied with its apparent protective power, stability, and light footprint. Also, I am becoming at least a LITTLE more proficient in using & configuring it...

    +I have established 3 new Application Rule groups, got them listed in MD's GUI (by setting a rule for each of them), and moved appropriate applications into each such group.

    +I succeeded in getting MD to block execution of wuauclt.exe so that Windows can't execute it until I say so.

    +I changed the "Execute permission" rule for "Application Rule - *" from "permit" (which is the default) to "ask". {I did this because it causes MD (while in Learning mode) to eventually list all my current applications as I execute them. Why? Because I like having them all listed, that's why. ;) }
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Install mode? I can't find an "install mode" on MD's system tray pop-up menu. Is there one somewhere? { IMO "Learning mode" would be an unacceptable substitute since it will allow/trust a new program to undertake ANY activity during & after it is installed.}
     
    Last edited: Sep 25, 2008
  5. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    u know what ? this is a probleme... MD collect every single file or what ever run and put in in the rule in the application ruler....after some time (days) it get mess and u dont know who is what....any soluation 2 that? or it a probleme in MD modeling ?

    cheers
     
  6. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    374
    Location:
    Louisville, KY
    You can get rid of rules for programs that don't exist anymore by clicking Rule, Remove Stale Rules.
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Yes. Good answer! I still hope to get answers to MY questions, however. Please... anyone?
     
  8. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    374
    Location:
    Louisville, KY
    bellgamin: Clicking the "Protect this application from being accessed by other processes" checkbox does prevent an application from being terminated, suspended, or modified by any other process.
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    10 Q verrry much!

    Is there no install mode? :doubt:
     
  10. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    it been discussed early in this thread... like Zero3K said...:D
     
  11. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    374
    Location:
    Louisville, KY
    Well, there is an ability to make temporary rule(s). No true Install Mode though.
     
  12. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    oww... i missed this command some how...this appz so big and so much to dig in....many 10x zero3k!:thumb:

    cheers:cool:
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    So If I want to protect nod32,do I just go in the rules find C:program files eset ekrn.exe right click properties and check the protect box of application being accessed by other processes.would this be correct?
     
  14. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    Zero3K did u find "file guard protecion" usefull? coz when i copy some files it always popup and give ne the choose screen.....very annoying if it only blink when file copy....


    cheers
     
  15. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    374
    Location:
    Louisville, KY
    That's correct.
     
  16. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    374
    Location:
    Louisville, KY
    I usually click on the option with an asterisk in it (in the dialog that pops up when it asks me if I should allow/deny the action that's occurring). Depends on the program that's trying to copy/move/create the file(s), though. If its trying to install a program, I just allow it to access the folder its installing to.
     
  17. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Thank you.:thumb:
     
  18. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    the probleme it cant never learn (file protection) so every time u copy file from 1 place to other it pop up and ask what 2 do.... very frustrate and annoying

    cheers
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Yes -- at least, that's the way I read it. If you want to test it, try the Aigle method ;) .
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,619
    Location:
    U.S.A. (South)
    It does my research and heart good that this developer is brought forward Malware Defender and continues to improve it. This latest version seems to have overcome any earlier issues i experienced and i am very satisfied with the present attention it's receiving from both it's maker and customers/users (trial).

    It's a good one and nice to find a new entry in this special field finally.

    EASTER
     
  21. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    File rules created in learning mode are file name and extension specific. When you return to normal mode, you will still get alerts for file operations on unknown files. You need to tweak your file rules with wildcards to eliminate the alerts.

    Nick
     
  22. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    The way most of you praise this new tool makes one regard it as an interesting alternative, but have you really checked its hooking model?

    Hint: use MD´s own hooks detection tool ;)

    /C.
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    or just use silent mode to be quiet:thumb:
     
  24. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    374
    Location:
    Louisville, KY
    Any action that's not permitted will be denied in that mode.
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    yeap,thas cool,cause you never know any new drive by download infections,not detected by you antivirus/antispyware can be easily block by malware defender.
    this way only allow what you want(you are in control)the rest is denny(block in real time)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.