Malware Defender - New HIPS from China

Just noticed a new build is avaliable today 1.1.3
xiaolin, will or when will you be adding network access detection ?
Also an update option somewhere ?

 

Excellent. This developer is focused and best of ALL he LISTENS! and then makes the appropriate improvements within his power of programming to satisfaction. It's exciting to follow this progression as he takes reports from membership here, examines to try to reproduce, and releases updated even better improvements. These are specialty apps, and take a special degree of balancing many factors as well as compatibility, and so far as i see it he's doing his very best to accommadate all users/customers to their and his own expectations.

And it's such a relief he is locked in correspondence with all of us in this effort.

My Word? ALL THE BEST! FOR A VERY SUCCESSFUL RUN!

EASTER

 

xiaolin is any chance u may add auto import rules when windows start? it can help alot when u uses a rollback programas like fdisr and rollback / eaz fix...no need manualy add latest ruler .


cheers

 

Lead-in to a question - Near the bottom of MD's rule-setting form, I notice that there is a check box labelled "Protect this application from being accessed by other processes".

Assumption I assume that checking this box would prevent an application from being terminated, suspended, or modified by any other process.

QUESTIONS Am I correct in my assumption? If not, how can I get MD to protect a given application from being terminated?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Comments After 2 days of trialing MD, I am VERY satisfied with its apparent protective power, stability, and light footprint. Also, I am becoming at least a LITTLE more proficient in using & configuring it...

+I have established 3 new Application Rule groups, got them listed in MD's GUI (by setting a rule for each of them), and moved appropriate applications into each such group.

+I succeeded in getting MD to block execution of wuauclt.exe so that Windows can't execute it until I say so.

+I changed the "Execute permission" rule for "Application Rule - *" from "permit" (which is the default) to "ask". {I did this because it causes MD (while in Learning mode) to eventually list all my current applications as I execute them. Why? Because I like having them all listed, that's why. }
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Install mode? I can't find an "install mode" on MD's system tray pop-up menu. Is there one somewhere? { IMO "Learning mode" would be an unacceptable substitute since it will allow/trust a new program to undertake ANY activity during & after it is installed.}

 

u know what ? this is a probleme... MD collect every single file or what ever run and put in in the rule in the application ruler....after some time (days) it get mess and u dont know who is what....any soluation 2 that? or it a probleme in MD modeling ?

cheers

 

You can get rid of rules for programs that don't exist anymore by clicking Rule, Remove Stale Rules.

 

Yes. Good answer! I still hope to get answers to MY questions, however. Please... anyone?

 

bellgamin: Clicking the "Protect this application from being accessed by other processes" checkbox does prevent an application from being terminated, suspended, or modified by any other process.

 

10 Q verrry much!

Is there no install mode?

 

it been discussed early in this thread... like Zero3K said...

 

Well, there is an ability to make temporary rule(s). No true Install Mode though.

 

oww... i missed this command some how...this appz so big and so much to dig in....many 10x zero3k!

cheers

 

So If I want to protect nod32,do I just go in the rules find Crogram files eset ekrn.exe right click properties and check the protect box of application being accessed by other processes.would this be correct?

 

Zero3K did u find "file guard protecion" usefull? coz when i copy some files it always popup and give ne the choose screen.....very annoying if it only blink when file copy....


cheers

 

That's correct.

 

I usually click on the option with an asterisk in it (in the dialog that pops up when it asks me if I should allow/deny the action that's occurring). Depends on the program that's trying to copy/move/create the file(s), though. If its trying to install a program, I just allow it to access the folder its installing to.

 

Thank you.

 

the probleme it cant never learn (file protection) so every time u copy file from 1 place to other it pop up and ask what 2 do.... very frustrate and annoying

cheers

 

Yes -- at least, that's the way I read it. If you want to test it, try the Aigle method .

 

It does my research and heart good that this developer is brought forward Malware Defender and continues to improve it. This latest version seems to have overcome any earlier issues i experienced and i am very satisfied with the present attention it's receiving from both it's maker and customers/users (trial).

It's a good one and nice to find a new entry in this special field finally.

EASTER

 

File rules created in learning mode are file name and extension specific. When you return to normal mode, you will still get alerts for file operations on unknown files. You need to tweak your file rules with wildcards to eliminate the alerts.

Nick

 

The way most of you praise this new tool makes one regard it as an interesting alternative, but have you really checked its hooking model?

Hint: use MD´s own hooks detection tool

/C.

 

or just use silent mode to be quiet

 

Any action that's not permitted will be denied in that mode.

 

yeap,thas cool,cause you never know any new drive by download infections,not detected by you antivirus/antispyware can be easily block by malware defender.
this way only allow what you want(you are in control)the rest is denny(block in real time)