Malware Defender - Usage Tips & Tricks?

Discussion in 'other anti-malware software' started by 1boss1, Jun 26, 2009.

Thread Status:
Not open for further replies.
  1. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Hello everyone,

    I've been lurking here just reading for a few weeks, and the wealth of information is fantastic Wilders is a great community. I won't name everyone who has posted advice that's helped me, because i am bound to miss somebody.

    Anyhow, i have Malware Defender (awesome product Xiaolin) and i was wondering if anyone knew of any articles/posts that had tips for getting the most out of MD?

    Such as how to use it to recognize rootkits, keyloggers, backdoors etc.

    For instance under "Hooks" i have items in red with "Unknown Module" and listed as "Not Verified" and don't know if they are bad and how bad they are. Also what things should i look out for in "Autostarts" that may be problematic.

    Also "Kernal Modules" i have items in red with no publisher, no description etc example: http://i41.tinypic.com/13z6a77.png

    Also how about hardening of default Windows components in the rules?

    I know this is quite broad, but everything i've encountered assumes a sound working knowledge of HIPS software and the usage of MD. I really want to understand MD and start using properly but without a gentle shove in the right direction it's hard to know if i'm doing the right thing.

    I can see HIPS offers massive benefits over signature based programs, but only if the HIPS is used right so i want to persist until MD and i can protect this machine with confidence. :)

    Note: After reading here, i now have Sandboxie for running untrusted software which launches with RegFromApp to see registry changes. I have Malwarebytes & SuperAntiSpyware for on-demand scanning. I also have Outpost Pro (not real fond of it) plus Norton 09 for real time stuff.

    Thanks. :)
     
  2. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I could definately use that myself, this thread is informative:
     
  3. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Last edited: Jun 26, 2009
  4. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Yes Malware Defender is very powerful, it seems the articles and documentation only scratch the surface of this powerful app.

    That's a good thread (screenshots are a bonus) although i did manage to BSOD my computer trying to follow it. :(

    Many things in it are different than on my MD/System.

    No i have not seen MD's help file, where is that? On the MD sites FAQ it just explains what is Malware and what is HIPS in 2 paragraphs and that's all the documentation.

    Thanks for those 2 links also, it's going to take a while to get the hang of this i see. For now i've only got "File Protection" and "Registry Protection" running because enabling Network & Application protection was killing me with pop-ups and i'm not to sure how to handle the rules.

    I'm starting to think for me (at least for now) MD is best used as a system inspection tool rather than a protection tool because without a grasp on the rules i'm likely just to approve malware.
     
  5. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    unfortunately it's help file has limited information.

    Malware Defender is not for the Faint Hearted. Its more for technical users. To learn how it works properly you have to have patience and spend time playing around with it.
     
  6. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    You are right.:oops:

    I will write some tutorials later.
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Open MD, left click "help", left click "help topics".


    There is a learning curve for understsnding MD as with any classical HIPS.
    I would sugggest starting out in "learning mode" for a few days, running all your normal programs as well as rebooting a few times so MD can learn your system.
     
  8. JosephB

    JosephB Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    310
    Planning on trying MD very soon and I was wondering .....

    Has anyone tried and tested running the 3rd party defragmenters of PerfectDisk and Diskeeper Pro on a pc running MD ?

    ... Do they get along without any issues ?
    ... When using PerfectDisk and Diskeeper Pro can one use their options of performing a "boot time - defrag" (aka defrag before windows loads) with MD without any potential conflicts or issues ?
     
  9. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    that won't be a problem

    just use learning mode to automatically create rules about defrag & boot defrag
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    that is what i call piece of cake:D
     
  11. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Excellent thanks Xiaolin, keep up the great work :D

    These ones have got me wondering/concerned:

    Kernel Modules: http://i41.tinypic.com/13z6a77.png
    Hooks: http://i42.tinypic.com/1zei4xf.png

    For the Hooks, the ones without a description and that say "Unknown Module" i can't right click and "Locate in Windows Explorer" like i can with others so i can't find the .sys name to Google.

    Are these Unknown Hooks safe to Right Click > Unhook?

    Also for the "Kernel Modules" that are not found, for instance the first one awhrnf4m.sys it's 404 plus i Googled and there's zero results. Would it be safe to search in registry and delete the keys pertaining to it? (Backing up the registry state prior of course)

    I'm usually a fan of RTFM, but i completely overlooked the inbuilt help topics. That's a mistake, there's tons of helpful info in there thanks LoneWolf.. So to anyone else new to Malware Defender first stop should be:

    Help > Help Topics

    Yes i run MD in learning mode for a few days, but i think that wasn't long enough for me. I have a "lot" of applications installed, i do SEO/Web Development so i have everything from Xampp to Photoshop to site architecture analysis tools.

    I might throw MD back in learning mode for a week and make a conscious effort to open and use all tools.

    BTW would the abbreviation for Classical HIPS be CHIPS? :D
     
Loading...
Thread Status:
Not open for further replies.