App Review iDefender Free (Presentation & Reviews)

[Shadowra]

Content source

https://odysee.com/@Shadowra:f/iDefender-Free-(Presentation-and-Reviews):e

iDefender is security software that monitors the behavior of each program and determines whether that program behaves like malware.
This is known as HIPS.

HIPS: Protects your system from malware or any unwanted activity that attempts to harm your computer. It does this by using advanced behavioral analysis combined with network filtering detection features used in monitoring running processes, files, and registry keys.

Warning: Even though iDefender has a small anti-malware engine, it is not an antivirus program!



iDefender offers protection through HIPS.
Of course, on its own, this protection is clearly insufficient.
However, I noticed that the rules are quite flexible, even though I haven't tested the program for two years...
Several infections went unnoticed, including a RAT that was able to inject code without triggering any alerts.
iDefender is also very poor at dealing with Infostealer-type malware, as it captures them without taking any action.
If you want to use it, it's best to combine it with an antivirus program such as Microsoft Defender or Avira.

 

[Bot]

iDefender is security software that monitors the behavior of each program and determines whether that program behaves like malware.
This is known as HIPS.

HIPS: Protects your system from malware or any unwanted activity that attempts to harm your computer. It does this by using advanced behavioral analysis combined with network filtering detection features used in monitoring running processes, files, and registry keys.

Warning: Even though iDefender has a small anti-malware engine, it is not an antivirus program!



iDefender offers protection through HIPS.
Of course, on its own, this protection is clearly insufficient.
However, I noticed that the rules are quite flexible, even though I haven't tested the program for two years...
Several infections went unnoticed, including a RAT that was able to inject code without triggering any alerts.
iDefender is also very poor at dealing with Infostealer-type malware, as it captures them without taking any action.
If you want to use it, it's best to combine it with an antivirus program such as Microsoft Defender or Avira.

Thanks for the detailed overview and review of iDefender, @Shadowra! It's always helpful to get real-world insights on HIPS tools like this, especially since behavioral monitoring can be a great layer when paired with something more robust.

I agree that on its own, it's not a full replacement for a proper AV—pairing it with Microsoft Defender or Avira sounds like a solid recommendation to cover the gaps you mentioned (like RATs and infostealers). Have you tried it recently with any specific AV combos, or noticed any improvements in the ruleset since your last test two years ago?

If anyone else has experiences with iDefender or similar HIPS software (e.g., Comodo's containment or OSSEC), feel free to chime in!

 

[Shadowra]

Have you tried it recently with any specific AV combos, or noticed any improvements in the ruleset since your last test two years ago?

The improvement is mainly in a few PowerShell injections, but it remains minimal.
They have also integrated a small anti-malware engine, but it remains poor.

 

[Bot]

The improvement is mainly in a few PowerShell injections, but it remains minimal.
They have also integrated a small anti-malware engine, but it remains poor.

@Shadowra Thanks for the update! It's a bit disappointing that the improvements are mostly limited to handling some PowerShell injections and still feel minimal overall. And yeah, if the integrated anti-malware engine isn't cutting it, that reinforces the need to pair it with something stronger like you suggested earlier.

Out of curiosity, have you tested it with any specific AV combos recently? For example, does it play nice with Microsoft Defender's real-time protection, or have you run into any conflicts? Always good to hear about practical setups.

Anyone else in the community using HIPS tools? How do they stack up against iDefender in your experience?

 

[Shadowra]

Out of curiosity, have you tested it with any specific AV combos recently? For example, does it play nice with Microsoft Defender's real-time protection, or have you run into any conflicts? Always good to hear about practical setups.

No conflicts with MS Defender and Avira.
But I wouldn't recommend it with antivirus software that has its own behavioral system (such as Avast).

 

[Bot]

No conflicts with MS Defender and Avira.
But I wouldn't recommend it with antivirus software that has its own behavioral system (such as Avast).

@Shadowra Appreciate the clarification on compatibility! Good to know it runs smoothly alongside Microsoft Defender and Avira without issues—that's a plus for users looking to layer their defenses. And yeah, steering clear of combos with AVs that already have strong behavioral monitoring (like Avast) makes sense to avoid potential overlaps or false positives.

What specifically makes those pairings problematic in your experience? Overly aggressive alerts, performance hits, or something else? It'd be interesting to hear more details for anyone considering similar setups.

For the rest of the community: If you've mixed HIPS tools with various AVs, what combos have worked (or not) for you? Share your thoughts!

 

[EASTER]

Thank You @Shadowra for this excellent review of iDefender.

I have had a little time studying this recent new HIPS lately. For those who might remember Windows XP and 32bit computing, this looks like the 64 bit version of EqSysSecure that many of us wished we had at the time, but development discontinued when 64bit computing put such HIPS at a disadvantage, where many just faded away. EQSysSecure HIPS was, as is this iDefender, very highly configurable via replying to ongoing alerts or specific system file/folder TEMPLATES/RULESETS.

Very Interesting. The granularity of safely/effectively applying custom rules to programs and/or our systems continue.
This one obviously needs more effectiveness which can only come from continued development i would imagine.

 

[yvan]

Excellent work, but there are some differences between manual HIPS and antivirus software. iDefender itself provides rules for detecting modifications and destructive actions, without rules for Infostealer-type behavior. However, it offers comprehensive capabilities that allow professionals to manually customize rules. Relying on self-added rules can achieve more robust protection. For example, users can add privacy protection rules to prevent files from being stolen. Someone has compiled over 400 protection rules based on Sigma rules (though they are in Chinese, 【转发】iArmor·冰铠高级威胁防护规则 - 规则分享 | 执盾者安全社区) that you can try.

 

[yvan]

The code injection feature relies on Kernel Enhanced Defense and requires the Pro version for full support. However, a free one-month trial is currently available. You may enable it to test whether it successfully blocks attempts?

 

[Avethil]

However, it offers comprehensive capabilities that allow professionals to manually customize rules. Relying on self-added rules can achieve more robust protection. For example, users can add privacy protection rules to prevent files from being stolen.

Hello,
from what you wrote I deduct that iDefender is mainly aimed towards expert users as relying on default rules currently isn't enough to offer a adequate protection, as Shadowra test has demonstrated. Non-expert users like me may not be able to edit default rules or add new ones. You wrote that's is possible import rules from 3rd parties sources but if they were really effective the iDefender developer could have already included them by default, with the permission of who compiled them. Also, even if the 400 rules you mentioned were in English language, I would prefer not mass importing them without knowing in general what they do, besides coming from a source other than the iDefender developer. Furthermore does iDefender really need more then 400 new rules to improve its privacy protection ?
About those rules the Chinese webpage is vague (I used a translator, of course ) and, just out of curiosity, I tried to download the zip file just to see if a readme.txt does exist but for downloading it you need to scan a QR code to access QQ Account or WeChat account. Too complicated, I gave up.

 

[Avethil]

The code injection feature relies on Kernel Enhanced Defense and requires the Pro version for full support. However, a free one-month trial is currently available. You may enable it to test whether it successfully blocks attempts?

Surely enabling Kernel Enhanced Defense could improve protection but the developer warns about it as it isn't officially supported by the Windows (maybe he means Microsoft ?) and it could conflict with other softwares that use a similar technique. Serious Discussion - iDefender . I guess the result would be a BSOD.
Anyway I agree with you that a test with the Pro version would be very interesting.

 

[Kongo]

Spoiler: Request

@Shadowra

 

[Shadowra]

Spoiler: Request

View attachment 291145

@Shadowra

Of course !

 

[yvan]

Hello,
from what you wrote I deduct that iDefender is mainly aimed towards expert users as relying on default rules currently isn't enough to offer a adequate protection, as Shadowra test has demonstrated. Non-expert users like me may not be able to edit default rules or add new ones. You wrote that's is possible import rules from 3rd parties sources but if they were really effective the iDefender developer could have already included them by default, with the permission of who compiled them. Also, even if the 400 rules you mentioned were in English language, I would prefer not mass importing them without knowing in general what they do, besides coming from a source other than the iDefender developer. Furthermore does iDefender really need more then 400 new rules to improve its privacy protection ?
About those rules the Chinese webpage is vague (I used a translator, of course ) and, just out of curiosity, I tried to download the zip file just to see if a readme.txt does exist but for downloading it you need to scan a QR code to access QQ Account or WeChat account. Too complicated, I gave up.

Privacy depends on the specific content that needs to be included. Here is a reference rule you can try. Other rules are based on ATT&CK defense rules and are not solely focused on privacy protection. The rule has been uploaded, but I'm not sure if it was successful.

 

[Avethil]

Privacy depends on the specific content that needs to be included. Here is a reference rule you can try. Other rules are based on ATT&CK defense rules and are not solely focused on privacy protection.

Thank you for the clarification and for uploading the files. I was able to download them successfully but at the moment I haven't installed iDefender yet.
I prefer to wait a little longer to get more information about this software, also the Shadowra test on the Pro version which I might be interested in.
Starting from the most recent versions I notice that iDefender is updated quite frequently and I appreciate the fact that the developer, in addition to the subscription model, also includes a one-time payment for a Lifetime license. I don't really like having to pay a subscription to use a software but nowadays it seems that the subscription model is prevalent, not only for the software related to cybersecurity. Lifetime licenses are very rare but if I decide to spend some money for purchasing a software I prefer the latter option, if I can afford the cost of purchasing, of course.