Reg. Usage and Configuring of Defensewall

Discussion in 'other anti-malware software' started by harsha_mic, Dec 12, 2009.

Thread Status:
Not open for further replies.
  1. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    Hello All,
    Thanks to Gizmo for offering such a top tier product. Now i have added Defense Wall to my security setup.

    My Current Setup
    OA Premium v 4.0.0.15
    NOD32 AV v 4.0.474
    Defensewall v2.56
    Sandboxie v3.42

    I have some very basic questions in configuring my setup and usage of Defensewall.
    Reg. Configuring Defensewall
    1. In Defensewall, I have added NOD32 and OA Premium under “Defense Excludes” Category.
    2. In NOD32, I have excluded OA Premium. Should I exclude Defensewall also?
    3. In OA, I have added DefenseWall under Exclusion list.
    Pls. let me whether above changes are good or I need to make any further change/revert changes.

    Reg. Usage of Defensewall
    After ~1 hour of browsing (firefox) and using media player, I have the following got logged under ‘File and Registry tracks’

    So, After closing all the untrusted applications, what I am supposed to do with the above tracks. Should I rollback/allow/delete?

    Thanks in Advance for reading such a lengthy post and any help is much appreciated.. :)

    Thanks & Regards,
    Harsha.
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    You can leave them untouched.
     
  3. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    Thanks Kees1958.

    I have one more question. Even i close all the untrusted applications, Defensewall icon is still in orange color. Pls. find the attached image. What does that mean?

    Thanks,
    Harsha.
     

    Attached Files:

  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It means you have switched "alarm via tray icon" on.
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    my question to you:
    Do you really need 2 HIPS programs? (OA and DW)

    OA HIPS is really strong - different from DefenseWall.
    Both set untrusted or new or unknown programs "untrusted" and prevent
    bad behaviour by default. Either turn it off in OA - or uninstall DW.
    advantage OA is that its HIPS is implemented in the "suite" - it fits the rest
    of OA while DW is watching its own purpose.
    if using both the may have conflicts - not ever but be prepared to that.
    if you dont know how to configure HIPS - uninstall both!
    there is only one thing more bad than no security - a wrong configured
    security which offer deceiving security user rely on.

    PS nothing vs DefenseWall - i cannot use it on Winxp - but i try the latest
    "free" offer now on Win7 - LookNStop as firewall, Eset AV as antivirus.
    i have tried OA v4 but it makes me lag and stutter ingame/online.
     
  6. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    Thanks for the Info Ilya Rabinovich & caution regarding using of 2 hips Brummelchen.


    Brummelchen, i've installed DW only to support in the event of unknowingly executing some unknown files. I'm very much comfortable using OA HIPS and hope i could able to use DW seamlessly with my setup w/o any problems. Yes, I have unchecked "start unknown programs as run safer" in OA and set run-safer option to the process which are not in untrusted group of DW.

    And after using DW for one day, i have one question regarding cleaning of files in the event of malware attack (just did a small test in sandboxie)...

    I've dwd'ed malware sample (load.exe and setup.exe) from malwarebytes.org to test DW...

    Scenario -1
    1. double-clicked load.exe (in sandboxie).
    2. OA gave pop-up during start of the load.exe
    3. Clicked Allow for few pop-ups and when it tried to inject into other dlls, i clicked "Block" and got terminated offending process automatically.
    4. Now saved load.exe to my real hard drive and then cleaned all the contents of the sandboxie by clicking "Delete Contents"

    The following entry is present in the File and Registry tracks.Eventhough i delete it, the entry just re-appears after clicking refresh button and moreover the file is not removed from the system (load.exe). Is this working as intended??

    File: C:\Documents and Settings\Harsha\Desktop\Infected\To Be Sent\load.exe created by C:\Program Files\Sandboxie\SbieCtrl.exe at 12.13.2009 16:53:35

    Scenario -2
    Performed same steps as the above scenario. But deleted all the processes and files created by setup.exe thru sandboxie. Nothing got saved to my real hdd

    Why i'm seeing the below entry in the File and Registry tracks, even though the file does not exists on my system? Am i interpreting correct?

    File: C:\Documents and Settings\Harsha\Desktop\Infected\To Be Sent\setup.exe created by C:\Program Files\Sandboxie\SbieCtrl.exe at 12.13.2009 19:15:12

    Some insight on this is higly appreciated.

    I use XP SP3.

    Thanks,
    Harsha.
     
  7. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    Hmmm...Clicked Apply button after Delete button. Problem Solved...

    Thanks!
    Harsha
     
  8. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    Hello All,

    I'm planning to shift from XP to windows 7 (w/o Aero) 32 bit this weekend.

    So, some questions reg. security s/w's

    1. Is Defensewall is as good in 7(stability and security wise) as in XP?

    some off topic questions..
    2. Is ESET NOD32 is as good in 7(stability wise) as in XP?
    3. In Case, what are all the other good HIPS Programs (+ firewall) in 7, if not gonna install defensewall.
    (or) If defensewall is installed in 7, is it necessary for me to install other HIPS program with firewall (such as OA Premium or CIS w/o AV) by disabling windows built-in firewall?

    Thanks,
    Harsha.
     
    Last edited: Dec 15, 2009
Thread Status:
Not open for further replies.