Malware Defender - New HIPS from China

Discussion in 'other anti-malware software' started by johncage, Aug 11, 2008.

Thread Status:
Not open for further replies.
  1. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Thats How I have it,its like a lock down of course after learning my programs first.Here is something I experienced if open a program In learning mode example my paragon back up software GUI it learns but lets say I only use certain parts of that program certain section of that program and I open the section I use and then if I switch back to silent mode and try to open any other part of that program it will not open.if thats not a bug I think thats pretty cool.The program has limited writes.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    yeap,it is a lock down feature for files,apps,registry you are in charge,not the virus/trojan/spyware:thumb:
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    My answer to your question is "No."

    And your point is?
     
  4. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    My point is that it´s maybe to much focus on GUI design and functionality of these types of spamhookers like in this case, rather than to check if the application makes the OS unstable or not. As long as you only run this spamhooker alone, then the security risk will be smaller. Add some other security tools that hooks at kernel level, and BSOD is waiting right around the corner.

    /C.
     
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,688
    That's possible with any given combination of softwares. (I know from experiance)
    Thus far though my setup has proven to be very stable as well as secure.
     
    Last edited: Sep 27, 2008
  6. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Trying MD out again after all the positive comments in this thread. Still getting slowdown of PC. This seems to be caused by the File Protection module in MD.

    Performed Autorun scan with various MD setups.
    - MD not installed, using EQS. Autoruns scan time = 12 secs.
    - MD installed, all protection enabled, default rules. Autoruns scan time = 1 min 25 secs !!
    - Registry Protection only enabled. Scan time = 12 secs
    - Application Protection only enabled. Scan time = 15 secs
    - File Protection only enabled. Scan time = 1 min 17 secs

    MD processes do not seem to be taking much CPU time at all but enabling File Protection has drastic effect on performance.

    Open to suggestions at this point.
     

    Attached Files:

    • md1.jpg
      md1.jpg
      File size:
      118.1 KB
      Views:
      678
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    I do not have similar issue using MD with File Protection enabled. Very brief peaks only.
     

    Attached Files:

    Last edited: Sep 27, 2008
  8. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Thanks bellgamin.
    I have traced problem to a rule I added to prevent access to confidential files.
    I had the Log Event box checked for Reads and this caused the slowdown.

    I wonder why this would cause a slowdown. There were no log entries.

    Update: If I change the Read rule for Permit to Deny, this also causes slowdown. Anybody else seeing this sort of behaviour?
     

    Attached Files:

    • md3.jpg
      md3.jpg
      File size:
      51.9 KB
      Views:
      650
    • md4.jpg
      md4.jpg
      File size:
      36.5 KB
      Views:
      648
    Last edited: Sep 27, 2008
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,768
    Location:
    U.S.A. (South)
    Thank You guys for the screenshots and comparison ratios. This latest version eliminated for me also the CPU useage spiking and does quite a brilliant job, but as in any new HIPS, i'm still learning my way around the building and hallways, but it's a joy to finally see another alternative as good as this one is panning out to be, and especially the developer's input on our behalf.

    Nice Job Guys.

    EASTER
     
  10. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    lo all

    i got another wierd isue with MD113 ... i add a aglobal file rule + a dir to protect , and it doesnt show nothing in the "rules" bar as the pic shown.. anyone got any idea why ?

    ImageXc2.jpg
     
    Last edited: Sep 28, 2008
  11. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Enter a new File Rule and then select your new program group. It should then appear.
     
  12. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    yes it does ! 10x alot mate , i think a little polish need to do over there by software developer....very unclear way of setiing :mad:

    anyway i set deny for both read and write in this c:\data ... and i can read and i can even edit the file(and save)....any idea why?
     
  13. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Make sure you are in Normal mode (not learning) and Enable all protection. That should deny you access to files in the folder c:\data

    If this works, would you mind trying Autoruns if you have it to see if scan speed is affected by your new rule. Please try a scan with new rule enabled and one with rule disabled. Thanks.
     
  14. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    still doesnt work...i can read / update the files in c:\data ... but i cant del them (axx deny than), i can also del them using total commander in here :) .... i think its look like some sort of rules conflicy maybe

    how can i test the scan speed ?

    cheers
     
  15. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Hmm.. I think I have the same rule as you and I cannot get access to the test text file at all. Not sure what to suggest. Could try disabling Application Protection. Are you using 1.1.3?

    Scan speed you can check with a watch. On my system the rule extended the scan time by 1 minute !!
     

    Attached Files:

    Last edited: Sep 28, 2008
  16. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    yes i am using 113 ver....

    maybe its best DISABLE file protection for good....its realy seems useless as far i see what he protect...
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    File protection is a valuable protection IMO. If you want just basic & simple file protection, try SensiveGuard -- it's free. Highly regarded by Kees.

    Sensive Guard is very light-footed so you could readily run it alongside MD, if you want file protection that's easy to use.

    As for me, MD's file protection works GRRRREAT!!! :thumb:
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,768
    Location:
    U.S.A. (South)
    Same here.

    So far file protection via MD is working just fine. I still am trudging thru settings and the like due to it's new forms, but i really like what i experienced so far with new HIPS.

    Just hope it continues to progress and not put on the brakes like all the others have.
     
  19. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    10x bellgamin for the advice , but apart of this SensiveGuard is firewall , and it cant compare to MD ... not head to head compare anyway:)

    i think MD make some sort ot rules conflict acording 2 your software installed... lets say i can del files locate in c:\data with total commander (installed on my pc) and CANT with the explorer ... so maybe my probleme is a mix of rules which got conflicted this way or another :doubt:
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i want to ask you about sensive guard,is it a application firewall or hips?
    do you recomend to try it?is it fast and strong protection?thanks:thumb:
     
  21. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    i think u wana ask bellgamin not me (never use it lol) , coz he the person who recommend it :D

    what i can recommend is anti exe from faronic, or HorizonDataSys Executable Lockdown...its seems it cover all this malware stuff in one easy to use interface and conception

    cheers
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    Read the Kees thread I linked to. Also do a Wilders search -- lots of threads re SensGd.

    As to what it is -- SensGd is a basic firewall + basic HIPS + file protector. A good sidekick to other security apps lacking one or more of those capabilities.

    If you want a stripped-down application firewall with SPI & *some* HIPS capabilities, you might try the free Dynamic Security Agent -- lots of Wilders threads about that. It's another splendid sidekick, but lacks SensGd's file protection. For a HIPS that is BUILT around the concept that file protection is a security cornerstone, try DriveSentry -- it has much more granular controls than even MD over file access, child/parent, etc.

    As to demoneye's comment -- I didn't compare SensGd to MD. I offered it as a simple solution for someone who dislikes MD's file protection, & who wants something simpler to do that job. As for me, I find MD is quite simple to use, with a very clear (seldom needed) Help file.

    By the way -- I'm still waiting for the MD proponent to add network monitor capability, as he said he would.
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    ok thanks:thumb:
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    thanks for the value info:thumb:
     
  25. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    I have travelled for several days, sorry for replying late.

    1. slowdown problem:

    If you set read permission of any file rules to ASK or DENY, or choose to log events of file reading, MD will check all file reading actions. If an application frequently read files, the performace will be reduced.

    So, it's not recommend to set read permission to ASK or DENY, or log events of file reading.

    2. install mode

    I have not decide whether to add install mode or not. If you are installing a trusted application, you can add the installer to "Installers and Updaters" group, all file and registry actions will be permitted.

    3. network protection:

    The network protection feature will be implemented after releasing V1.2. (V1.2 will be releaded in this month.) I hope the network protection feature will be finished in one or two months.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.