Third party app to use with DefenseWall

A few days ago my unprotected system got completely dominated by some vicious malware and I had to re-format. I was very glad to find this forum which opened my eyes to all sorts of ways that I could avoid becoming some hacker's ~ Snipped as per TOS ~ in the future. After reading a lot of posts I decided to try using DefenseWall in combination with Prevx (XP SP3).

I'm really happy with the power/unobtrusiveness I get from this, but in DefenseWall the list of

1) Untrusted applications
2) File/registry changes

Seems to be getting kind of large/unwieldy. I've read that users of, for example, Sandboxie can use the Buster's Sandbox Analyzer to make their sandbox more manageable.... is there any such third party app that will let me "tidy up" DefenseWall? Or some app that will might stop it from getting so bloated in the first place?

Alternately, feel free to recommend some other combination of apps that gives solid-but-not-chatty HIPS with the ability to roll back select changes to the system...

 

I really like Defensewall. Sandboxie is probably more configurable if that is what your looking for. If you know what to delete you can manage the File and Registry rollback in DW. I make sure when I download something I "allow" it (after checking out the download with Hitman Pro first), then change its status to "trusted" before installing it. DW will then decide if it is Internet facing it will place it with untrusted as it should be (i.e., Firefox). You have to be careful not to delete anything that would cripple your system. If you manage your downloads you should be able to mange DW untrusted process with little effort. DW removes items in the rollback list after 30 days (if you have that option checked). I am currently using DW with Emsisoft Anti-Malware, MBAM and ClearCloud DNS. There are a lot of combination's you can try. Do some research on this forum. DW and Prevx is a very good combination. Add MBAM free as an extra scanner. Maybe consider something like ClearCloud or MVPS Host file. Sorry for rambling, but I am not aware of any DW sandbox managers.

 

I think I am not looking so much for configurability. I chose DefenseWall because it sounded a bit more "set and forget"

However I can't resist for now (having just started using it) knowing exactly what it is running untrusted vs trusted so that I can have some peace of mind that it will work for me and that I'm not doing stupid things with it. The untrusted list seems to include every file on my system almost, and there doesn't seem to be a list of what will run trusted at all (just a list of what is currently running).

On the other hand maybe I should just shut up and let it do its job... I did score 330/340 on Comodo's test suite so I'm sure my security is fine. Probably just teething issues?...

 

In different PCs, I use DW with different IRS software (e.g. Rollback Rx, EAZ-FIX, and AyRecovery).

 

Yes DW very powerful and set and forget is what I like.

 

Update: I'm now trialling Online Armor Premium.

OA can be configured to run quite similarly to DefenseWall - I have it using "Run Safer" on all unknown (aka untrusted) processes, which I believe restricts their rights in a similar way to DefenseWall. You can configure it to run silently, but I have it displaying little system tray notifications whenever something runs as trusted. Once I'm happy that it's behaving as expected I'll switch this off for some nice, silent protection. To be honest I also just find the GUI to be much more pretty which for some reason makes me feel safer

However, does anyone know of any avenues of attack that I'm leaving exposed using OA Premium vs DefenseWall?

 

with defensewall you have the rollback feature and with OA you will have to hunt the offending program to block it or delete it but both will easilly bring back your pc back but with defensewall is easier my 2 mexican pesos

 

Melf,

This is a good combo IRS with defensewall. You can try the freebie Comodo Time Machine. CTM + DW + PrevX = reaaaaal strong plus ability to rollback in an easy manner.

P.S.

Forget about the list. It shows that DW is doing its work. It is administrated in the Registry, so it does not slow down your PC (because it is read all the time, it is constantly in memory)

 

Kees, Comodo Time Machine solid as a rock these days?

 

anyone knows if Trusteer Rapport is compatible with Defensewall?

 

nicely said

 

No, its not. Caused complete lockups on my machine, Rapport seems not to work with any kind of sandboxing.

 

tnx m8!

that was my suspicion as well since it's not working with either Geswall or Sandboxie.

too bad though.

 

The current version 2.8 has resolved the previous MBR issues,it's extremely stable for me here.

 

I've been using DW/Prevx/Rollback Rx combo for several months now and am very happy with it. Kees, what are your current heuristics settings for Prevx? I noticed you changed your recommended settings a couple of times recently, and I wondered why.

 

I might check time machine out. Catchy marketing names always win me over My reservation with rollback software is that I am lazy and don't think I will actually make images/restore points... that's why DW seemed appealing since it will rollback the important stuff for me (most malware doesn't bother deleting your personal files, and my real *can't be deleted or I will cry* stuff does not change very often).

I have a confession to make. I've found DW to be inconsistent in what it labels as trusted/untrusted. e.g. on a fresh install I downloaded some application that came in an archive. DW labeled it as untrusted, so far so good. I did not have an archive unpacker yet installed so I used explorer to open the archive and dragged the files out. Then I ran them, and it ran as trusted! I then downloaded an archive unpacker and installed it (as trusted so that it could add itself to the right mouse button click menu). Then I had to manually change the application itself to untrusted (kind of annoying... maybe there's some option to "run as install" that I missed). Anyway, when I unpacked the archive with this program, the original application ran as untrusted. Then I tried the original method (using explorer again) and it now seemed to "remember" and run as untrusted.

This inconsistency led me to drop it... I don't want to have to check to make sure every time I download something. OA gives me a little "hey, guess what" each time so I'm happier with that I think.

But it sounds like DW is preferred around here... anybody else noticed any inconsistencies like this? I haven't read about them so was loathe to even mention... maybe I didn't install DW properly or something. I think I need "So easy even my blind grandmother could do it" programs because sometimes I just don't pay attention to what I'm doing.

 

That is a very old bug I reported to Ilya a long time ago. When you use latest version please inform DW support

 

Good stuff andy. You have faith in em, then I'll give it a go.

Melf, about DefenseWall, I'd leave the entries, scan your system with CureIt, Hitman Pro, MBAM, Superantispyware, whatever does it for you, and remove anything suspicious.

Everything else, is harmless while running DW.

 

If you downloaded "known as good" software, signed with a "known as good" vendor's name, it's OK, that's how DW's whitelisting's working. Other case, it's a security hole and I need as much information as possible to reproduce it.

 

Ahh, I did not realise there would be a whitelist, I thought that anything through the browser would be untrusted unless I indicate otherwise (I assume there is some way to disable the whitelist?). It probably is on the whitelist, I believe it was the "autoruns" program from sysinternals / microsoft.

 

his current was:

He was trying to reduce hdd overhead of prevx.

 

Wow, that's another new setting! So far, I've tried the following:

1. medium setting on heuristics, age and popularity, set heuristics After Age

2. Heuristics max, Age max, Popularity off, set heuristics After Age

3. Heuristics max, Age max, Popularity low, set heuristics After Age

and now

4. Heuristics high, Age and Popularity off, set Heuristics After Age


I've tried each of the first three and haven't really noticed much difference in performance or in the number of detections.

 

I am now using Defensewall Personal Firewall on its own! Ok well I have EMET and Windows Firewall + Defender as well. I will also scan with HMP occasionally.

I am happy with this setup, what does the collective brain think?

A

 

DW is great protection. Your setup looks good.

 

I use DW and am happy with it. You are well protected.