Malware Defender

Discussion in 'other anti-malware software' started by Ibrad, Mar 15, 2010.

Thread Status:
Not open for further replies.
  1. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    Although I'm not a firm believer in Matousec's tests, I see that MD failed in many of their tests and one of them is FileMov2. So how serious are these tests and has MD 2.7.2 rectified all these?
     
  2. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Depends how you class 'many' - 14 out of 148 is not many imo. Only 5 other Firewall/HIPS bettered it. With regard to FileMov2, if you get to the point where you've allowed malware to execute (first popup), followed by various other popups until you reach the FileMov2 piece, then it's game over anyway. MD 2.7.2 has not addressed these 'failures' and I think is unlikely to. Anything with a 'Good' or above rating in the Matousec tests provides a wide range of protection against methods used by Malware. Just choose you're favourite from Online Armor, CIS, OSSS, KIS, MD, Privatefirewall and Outpost and you'll be well protected. A good HIPS rarely misses malware, normally it's the user that lets it through :)
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    ScooB says it correct;) :thumb:
     
  4. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    Well, that says it all. Unless the malware is allowed to run in the first place, FileMov2 test is meaningless. Thanks.:)
     
  5. claudiu

    claudiu Guest

    Re: Malware Defender How To:

    Hi,

    The Help for Malware Defender says:

    "Protect folder from being accessed

    You can create global file rules to protect a folder from being accessed.

    For example, to protect "c:\aaa\bbb", you can create a file rule "c:\aaa\bbb\*", and set the read and write permissions to "Deny". "

    Can anyone, please, guide me how to do this?

    PS:

    In:
    Aplication Rules there is
    c\windows\explorer.exe with a rule "* permit/permit/permit/permit"
    I made another rule in c\windows\explorer.exe : my file /deny/deny/deny/deny
    with higher priority than "* permit/permit/permit/permit", yet I can still open the file.


    If I create the rule in "Global file rules" is to low in priority and the rule "c\windows\explorer.exe with "* permit/permit/permit/permit" would come first.

    thanks,
    Claudiu
     
    Last edited by a moderator: Dec 12, 2010
  6. claudiu

    claudiu Guest

    I figured out by myself, thanks!
     
  7. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    So . . . please share what you learned with the rest of us.
     
  8. claudiu

    claudiu Guest

    Ok,

    I followed step by step instruction from Help:

    Protect folder from being accessed

    You can create global file rules to protect a folder from being accessed.

    For example, to protect "c:\aaa\bbb", you can create a file rule "c:\aaa\bbb\*", and set the read and write permissions to "Deny". If you want to hide the file list in "c:\aaa\bbb", you should create an another file rule, write "c:\aaa" in the "Folder" edit box and "bbb" in the "File or subfolder" edit box


    At this point "bbb" is not accesible anymore BUT::oops:

    I still can compress it with RAR and decompress it in some other location ; the decompressed one is fully accesible so "You can create global file rules to protect a folder from being accessed" doesn't realy work!
     
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    I guess it's because you have already allowed WinRar to read/write any file?

    If you want you can try setting it at "Ask" and try again, if you read your Pop Ups you can block it BUT it will be a pain in the "#$ :D (There's still the Human Factor for error HAHAHAHA)

    BTW, i'm not sure because i never tried to do that with MD :D
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    There is an old post by Arran where he describes in detail how to do this. Search is your friend.

    Pete
     
  11. LODBROK

    LODBROK Guest

    Re: Malware Defender How To:

    Denying explorer.exe of those read, write, create and delete permissions... I'm waiting on hearing about how well that works out. :D
     
  12. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,868
    refering to your message
    a global file rule (most top rules group) didnt work here too
    if i define a application rule for
    app: *
    rights: nothing set
    files: c:\aaa (folders and files: forbidden/all)

    i can see content of c:\aaa but i cannot acces any file or look into subfolders.

    not the best solution maybe a special app for hiding folders may better.

    eg.
    * FolderMage (seems no longer available)
    * Folder Castle
    * Hide My Folders
    * Folder Defence
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    reading must be apply to the rules other way maybe get some problems for sure
     
  14. claudiu

    claudiu Guest

     
  15. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,972
    Will this work on Win7 SP1 when it becomes final in a few weeks?
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    it is in beta so maybe it is;)
     
  17. Night_Raven

    Night_Raven Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    388
    I am running Malware Defender under Windows 7 SP1 at the moment. I installed SP1 when it leaked. So far no issues whatsoever. Only problems are if the network protection is enabled. The Malware Defender driver isn't very stable in terms of network protection. But that problem was there even without SP1.
     
  18. zerotox

    zerotox Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    419
    Are you running the latest beta 2.7.2?
     
  19. Night_Raven

    Night_Raven Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    388
    I'm running 2.7.2.0001 (also known as 2.7.2.1). It is supposed to be a final/table release as far as I know.
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    are they going to continue to next version?
     
  21. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,972
    I figure a new version will come when needed. It would not make much since t acquire the product and then kill it. Maybe the dev will come by and give us an update?
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    it will be nice if xioalin tells more about this
     
  23. zerotox

    zerotox Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    419
    Do you think this latest version would interfere with Sandboxie and Prevx 3.0 used together as Malware Defender has kernel hooks as does Sandboxie.
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    they like each other like brothers,just trust sandboxie and bo-ya
     
  25. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    please post link for the latest build..
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.