Third party app to use with DefenseWall

Discussion in 'other anti-malware software' started by Melf, Sep 7, 2010.

Thread Status:
Not open for further replies.
  1. Melf

    Melf Registered Member

    Joined:
    Sep 7, 2010
    Posts:
    105
    A few days ago my unprotected system got completely dominated by some vicious malware and I had to re-format. I was very glad to find this forum which opened my eyes to all sorts of ways that I could avoid becoming some hacker's ~ Snipped as per TOS ~ in the future. After reading a lot of posts I decided to try using DefenseWall in combination with Prevx (XP SP3).

    I'm really happy with the power/unobtrusiveness I get from this, but in DefenseWall the list of

    1) Untrusted applications
    2) File/registry changes

    Seems to be getting kind of large/unwieldy. I've read that users of, for example, Sandboxie can use the Buster's Sandbox Analyzer to make their sandbox more manageable.... is there any such third party app that will let me "tidy up" DefenseWall? Or some app that will might stop it from getting so bloated in the first place?

    Alternately, feel free to recommend some other combination of apps that gives solid-but-not-chatty HIPS with the ability to roll back select changes to the system...
     
    Last edited by a moderator: Sep 7, 2010
  2. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    I really like Defensewall. Sandboxie is probably more configurable if that is what your looking for. If you know what to delete you can manage the File and Registry rollback in DW. I make sure when I download something I "allow" it (after checking out the download with Hitman Pro first), then change its status to "trusted" before installing it. DW will then decide if it is Internet facing it will place it with untrusted as it should be (i.e., Firefox). You have to be careful not to delete anything that would cripple your system. If you manage your downloads you should be able to mange DW untrusted process with little effort. DW removes items in the rollback list after 30 days (if you have that option checked). I am currently using DW with Emsisoft Anti-Malware, MBAM and ClearCloud DNS. There are a lot of combination's you can try. Do some research on this forum. DW and Prevx is a very good combination. Add MBAM free as an extra scanner. Maybe consider something like ClearCloud or MVPS Host file. Sorry for rambling, but I am not aware of any DW sandbox managers.
     
    Last edited: Sep 9, 2010
  3. Melf

    Melf Registered Member

    Joined:
    Sep 7, 2010
    Posts:
    105
    I think I am not looking so much for configurability. I chose DefenseWall because it sounded a bit more "set and forget" :)

    However I can't resist for now (having just started using it) knowing exactly what it is running untrusted vs trusted so that I can have some peace of mind that it will work for me and that I'm not doing stupid things with it. The untrusted list seems to include every file on my system almost, and there doesn't seem to be a list of what will run trusted at all (just a list of what is currently running).

    On the other hand maybe I should just shut up and let it do its job... I did score 330/340 on Comodo's test suite so I'm sure my security is fine. Probably just teething issues?...
     
  4. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    In different PCs, I use DW with different IRS software (e.g. Rollback Rx, EAZ-FIX, and AyRecovery).
     
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Yes DW very powerful and set and forget is what I like. :thumb: :thumb: :thumb:
     
  6. Melf

    Melf Registered Member

    Joined:
    Sep 7, 2010
    Posts:
    105
    Update: I'm now trialling Online Armor Premium.

    OA can be configured to run quite similarly to DefenseWall - I have it using "Run Safer" on all unknown (aka untrusted) processes, which I believe restricts their rights in a similar way to DefenseWall. You can configure it to run silently, but I have it displaying little system tray notifications whenever something runs as trusted. Once I'm happy that it's behaving as expected I'll switch this off for some nice, silent protection. To be honest I also just find the GUI to be much more pretty which for some reason makes me feel safer o_O

    However, does anyone know of any avenues of attack that I'm leaving exposed using OA Premium vs DefenseWall?
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    with defensewall you have the rollback feature and with OA you will have to hunt the offending program to block it or delete it but both will easilly bring back your pc back but with defensewall is easier;) my 2 mexican pesos:)
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Melf,

    This is a good combo IRS with defensewall. You can try the freebie Comodo Time Machine. CTM + DW + PrevX = reaaaaal strong plus ability to rollback in an easy manner.

    P.S.

    Forget about the list. It shows that DW is doing its work. It is administrated in the Registry, so it does not slow down your PC (because it is read all the time, it is constantly in memory)
     
  9. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Kees, Comodo Time Machine solid as a rock these days?
     
  10. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    anyone knows if Trusteer Rapport is compatible with Defensewall?
     
  11. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    nicely said:thumb:
     
  12. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    No, its not. Caused complete lockups on my machine, Rapport seems not to work with any kind of sandboxing.
     
  13. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx m8! :)

    that was my suspicion as well since it's not working with either Geswall or Sandboxie.

    too bad though.
     
  14. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    The current version 2.8 has resolved the previous MBR issues,it's extremely stable for me here.
     
  15. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    207
    I've been using DW/Prevx/Rollback Rx combo for several months now and am very happy with it. Kees, what are your current heuristics settings for Prevx? I noticed you changed your recommended settings a couple of times recently, and I wondered why.
     
  16. Melf

    Melf Registered Member

    Joined:
    Sep 7, 2010
    Posts:
    105
    I might check time machine out. Catchy marketing names always win me over :) My reservation with rollback software is that I am lazy and don't think I will actually make images/restore points... that's why DW seemed appealing since it will rollback the important stuff for me (most malware doesn't bother deleting your personal files, and my real *can't be deleted or I will cry* stuff does not change very often).

    I have a confession to make. I've found DW to be inconsistent in what it labels as trusted/untrusted. e.g. on a fresh install I downloaded some application that came in an archive. DW labeled it as untrusted, so far so good. I did not have an archive unpacker yet installed so I used explorer to open the archive and dragged the files out. Then I ran them, and it ran as trusted! I then downloaded an archive unpacker and installed it (as trusted so that it could add itself to the right mouse button click menu). Then I had to manually change the application itself to untrusted (kind of annoying... maybe there's some option to "run as install" that I missed). Anyway, when I unpacked the archive with this program, the original application ran as untrusted. Then I tried the original method (using explorer again) and it now seemed to "remember" and run as untrusted.

    This inconsistency led me to drop it... I don't want to have to check to make sure every time I download something. OA gives me a little "hey, guess what" each time so I'm happier with that I think.

    But it sounds like DW is preferred around here... anybody else noticed any inconsistencies like this? I haven't read about them so was loathe to even mention... maybe I didn't install DW properly or something. I think I need "So easy even my blind grandmother could do it" programs because sometimes I just don't pay attention to what I'm doing.
     
  17. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    That is a very old bug I reported to Ilya a long time ago. When you use latest version please inform DW support
     
  18. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Good stuff andy. You have faith in em, then I'll give it a go.

    Melf, about DefenseWall, I'd leave the entries, scan your system with CureIt, Hitman Pro, MBAM, Superantispyware, whatever does it for you, and remove anything suspicious.

    Everything else, is harmless while running DW.
     
  19. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    If you downloaded "known as good" software, signed with a "known as good" vendor's name, it's OK, that's how DW's whitelisting's working. Other case, it's a security hole and I need as much information as possible to reproduce it.
     
  20. Melf

    Melf Registered Member

    Joined:
    Sep 7, 2010
    Posts:
    105
    Ahh, I did not realise there would be a whitelist, I thought that anything through the browser would be untrusted unless I indicate otherwise (I assume there is some way to disable the whitelist?). It probably is on the whitelist, I believe it was the "autoruns" program from sysinternals / microsoft.
     
  21. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    his current was:
    He was trying to reduce hdd overhead of prevx.
     
  22. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    207
    Wow, that's another new setting! So far, I've tried the following:

    1. medium setting on heuristics, age and popularity, set heuristics After Age

    2. Heuristics max, Age max, Popularity off, set heuristics After Age

    3. Heuristics max, Age max, Popularity low, set heuristics After Age

    and now

    4. Heuristics high, Age and Popularity off, set Heuristics After Age


    I've tried each of the first three and haven't really noticed much difference in performance or in the number of detections.
     
  23. AdamL

    AdamL Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    116
    Location:
    France/Fife
    I am now using Defensewall Personal Firewall on its own! Ok well I have EMET and Windows Firewall + Defender as well. I will also scan with HMP occasionally.

    I am happy with this setup, what does the collective brain think?

    A
     
  24. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    :thumb: DW is great protection. Your setup looks good.
     
  25. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    I use DW and am happy with it. You are well protected. :thumb:
     
Loading...
Thread Status:
Not open for further replies.