- Nov 17, 2014
Just to understand, the new Anti-Malware and Anti-Exploit Contextual Engine will be ported to VS or not?Hey Guys,
Here is the first DefenderUI Pro version. DefenderUI Pro is not going to be compatible with VS since they offer a lot of the same protections. So if you prefer slightly more robust protection, you can run VS and DefenderUI Free.
Although ultimately (assuming things work out as planned), both DefenderUI and VS will have the same Anti-Malware and Anti-Exploit Contextual Engine, which is the main new feature I have been working on. It is similar to the VS anti-exploit mechanism, but utilizes a lot less code and should reduce unwanted blocks even further, while maintaining an even more robust security posture.
When I first created the original VS anti-exploit mechanism while I was on wilders, CET told me that one of our competitors told him it was not possible. Obviously it is possible since many products have adopted that tech now .
Wow, that was a long time ago… VoodooShield ?
But this new Anti-Malware and Anti-Exploit Contextual Engine tech is on an entirely different level, and it looks like it is going to work out extremely well. It might take a month or so to fine tune everything, but I think was are in amazing shape, and fine tuning will be super easy.
And actually, I have to admit, the first couple days of working on this new feature was so incredibly difficult and mind boggling, I almost gave up, thinking it was not possible. And really, the whole idea behind this new feature is that context means EVERYTHING in cybersecurity. For example, some people think that not knowing the parent process in an attack chain does not matter. Trust me, it does, and this is just one example.
You will find the new Pro features on the DefenderGuard tab, and they are active but not user adjustable yet, but they will be soon. I tried to keep the new options as simple as possible, for example, the Anti-Malware and Anti-Exploit Contextual Engine option also handles scripts, LOLBins, etc.
I promise you. Mark my words. The two most significant keys to solving cybersecurity are contextual engines and dynamic security postures.
Please let me know if you experience any unwanted blocks or are able to figure out a bypass. All of the blocks will be logged on our server, so that will help me to refine the contextual engine rules even more.
DefenderUI 0.90 beta
Thank you guys!