Serious Discussion iDefender

B-boy/StyLe/

Level 2
Thread author
Verified
Mar 10, 2023
97
Hello,

Sorry if already there is a topic about this one, but the search didn't return anything related.
Did someone of you is aware and tested this Korean freeware application?
I watched some tests and one application caught my eyes. It is called iDefender.
Didn't have the time to test it yet, but it looks promising and interesting.
What do you think? Is it worth a try? Probably @Shadowra or @cruelsister can give it a test as well? :)

Here are the tests:





This seems to be the homepage (with Google Translate):

The GitHub page:

The download link: (the latest version is 2.9.1).

The installer is clean regarding the virusTotal results:

Best regards!
 
Last edited:

lvseqiji

Level 2
Mar 30, 2022
55
It's a basicly a manaul HIPS come with many internalrules.
A Chinese company made it. The company makes a living by selling their iMonitorSDK(which is the tech inside iDefender) to big companies.
Have some screenshots:
1.png


2.png


3.png

4.png

You can see, iDefender's rules are based on template.
There are some templates with internal rules like System Reinforcement, Intelligent Protection, these templates are enabled by default.
 
Last edited by a moderator:

Shadowra

Level 32
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,155
Tried it quickly and was rather disappointed.
The product is nice and so is the interface, but I noticed several problems.
Note that I used an old malware pack to see how the software would behave.

Here's what I noticed:

- The interface is quite nice and clear. However, there are still translation problems. On one alert, I saw symbols in Chinese, which can be disturbing. The software tries to guide, but can make bad decisions.
Example on this TDSS Rootkit once installed.

Capture d’écran 2023-08-13 100018.png

- On the RATs, it's clearly bad...
I quickly built a NanoCore-RAT which I encrypted with a crypter and selected to inject MSBuilder.exe and connect directly to one of my VPS servers. No reaction (I forgot to screen, sorry)

- On this test, I decide to run PolyRanson, a Ransomware that also releases ViraLock. The software tries to block the launch of the Ransomware, but after 2 minutes of struggle, the Ransomware launches...

Capture d’écran 2023-08-13 100837.png

And to conclude, the software lacks maturity and has very few rules.
On the other hand, it did block my JS, VBS and HTA attacks, and the same in PowerShell, but it lacks rules for other malware...

I'll make a video about it later, but I strongly advise against using it on its own...
Why not use it as a second protection with Microsoft Defender, for example.
 

B-boy/StyLe/

Level 2
Thread author
Verified
Mar 10, 2023
97
I guess it will only be good in addition to the main solution installed on the system to complement it (if such addition is needed, of course).
I will stick to my current combo then (Comodo Firewall and Kaspersky Free) with my own settings. :)
The main reason I opened this topic was to see if it can compare with AppCheck Anti-Ransomware and KART to decide if I should recommend it as a companion against ransomware.
These were also good regarding the tests Nuri Anti-Ransom (not free anymore), INCRYPT (no longer available), Owlyshield (need to be further developed) so I hoped that iDefender could also be included in my recommendation list. Too bad that RansomOff and RanStop were abandoned a few years ago. They also had the potential to be good.
Thanks for your time testing it. :)
 

lvseqiji

Level 2
Mar 30, 2022
55
Tried it quickly and was rather disappointed.
The product is nice and so is the interface, but I noticed several problems.
Note that I used an old malware pack to see how the software would behave.

Here's what I noticed:

- The interface is quite nice and clear. However, there are still translation problems. On one alert, I saw symbols in Chinese, which can be disturbing. The software tries to guide, but can make bad decisions.
Example on this TDSS Rootkit once installed.


- On the RATs, it's clearly bad...
I quickly built a NanoCore-RAT which I encrypted with a crypter and selected to inject MSBuilder.exe and connect directly to one of my VPS servers. No reaction (I forgot to screen, sorry)

- On this test, I decide to run PolyRanson, a Ransomware that also releases ViraLock. The software tries to block the launch of the Ransomware, but after 2 minutes of struggle, the Ransomware launches...


And to conclude, the software lacks maturity and has very few rules.
On the other hand, it did block my JS, VBS and HTA attacks, and the same in PowerShell, but it lacks rules for other malware...

I'll make a video about it later, but I strongly advise against using it on its own...
Why not use it as a second protection with Microsoft Defender, for example.
It still lacks rules. And it's not like comodo, it will not alert unless there is a rule.
For the translation problem part, its actually just the name of the rule template(which is in chinese), can be manually changed.
 

lvseqiji

Level 2
Mar 30, 2022
55
I guess it will only be good in addition to the main solution installed on the system to complement it (if such addition is needed, of course).
I will stick to my current combo then (Comodo Firewall and Kaspersky Free) with my own settings. :)
The main reason I opened this topic was to see if it can compare with AppCheck Anti-Ransomware and KART to decide if I should recommend it as a companion against ransomware.
These were also good regarding the tests Nuri Anti-Ransom (not free anymore), INCRYPT (no longer available), Owlyshield (need to be further developed) so I hoped that iDefender could also be included in my recommendation list. Too bad that RansomOff and RanStop were abandoned a few years ago. They also had the potential to be good.
Thanks for your time testing it. :)
It's not really an anti-ransomware solution.Just an old-school HIPS with some custom rules.
Detecting a ransomware is much more complicated.;)
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,128
Although this is a very interesting application, I personally wouldn't suggest it as either primary or secondary protection as it suffers from far too many flaws.

With regard to ransomware, utilizing the program with default rules in place one will notice that although certain items in the Documents folder are protected (as long as one ONLY has certain file types- like doc, docx, xls, etc- essentially those things set in the protection rule), other items not in the rule will be trashed. A further issue will occur if an added rule for txt files is added. Although protection will be afforded for these items, I noticed HIPS-like warnings when installing legitimate applications that will throw out txt files during installation.

Also file types in other locations will not be protected, so at default everything in the Pictures , Video, and Music folders will be encrypted' even more of a pain is stuff on the Desktop are toast.

As to other malware forms, although most Scriptor Worms are prevented (along with their persistence mechanisms), other are not. Malware utilizing Powershell are detected and prevented, but once again there are issues with valid applications that use Powershell- warnings will also appear here making it difficult to decide what is malicious and what is benign.

DLL side loading and straight dropping with persistence were also seen to be problematic as was the creation of malicious services.

So although I did a quite cursory test, it was enough to determine that iDefender is a sub-optimal choice for protection against malware.
 

NormanF

Level 7
Verified
Jan 11, 2018
338
Hello,

Sorry if already there is a topic about this one, but the search didn't return anything related.
Did someone of you is aware and tested this Korean freeware application?
I watched some tests and one application caught my eyes. It is called iDefender.
Didn't have the time to test it yet, but it looks promising and interesting.
What do you think? Is it worth a try? Probably @Shadowra or @cruelsister can give it a test as well? :)

Here are the tests:





This seems to be the homepage (with Google Translate):

The GitHub page:

The download link: (the latest version is 2.9.1).

The installer is clean regarding the virusTotal results:

Best regards!


Latest version is 2.9.3
 

NormanF

Level 7
Verified
Jan 11, 2018
338
Tried it quickly and was rather disappointed.
The product is nice and so is the interface, but I noticed several problems.
Note that I used an old malware pack to see how the software would behave.

Here's what I noticed:

- The interface is quite nice and clear. However, there are still translation problems. On one alert, I saw symbols in Chinese, which can be disturbing. The software tries to guide, but can make bad decisions.
Example on this TDSS Rootkit once installed.


- On the RATs, it's clearly bad...
I quickly built a NanoCore-RAT which I encrypted with a crypter and selected to inject MSBuilder.exe and connect directly to one of my VPS servers. No reaction (I forgot to screen, sorry)

- On this test, I decide to run PolyRanson, a Ransomware that also releases ViraLock. The software tries to block the launch of the Ransomware, but after 2 minutes of struggle, the Ransomware launches...


And to conclude, the software lacks maturity and has very few rules.
On the other hand, it did block my JS, VBS and HTA attacks, and the same in PowerShell, but it lacks rules for other malware...

I'll make a video about it later, but I strongly advise against using it on its own...
Why not use it as a second protection with Microsoft Defender, for example.

Its robust with custom rules. Not so much as a standalone. This is an HIPS not an anti-exe.
 

NormanF

Level 7
Verified
Jan 11, 2018
338
Although this is a very interesting application, I personally wouldn't suggest it as either primary or secondary protection as it suffers from far too many flaws.

With regard to ransomware, utilizing the program with default rules in place one will notice that although certain items in the Documents folder are protected (as long as one ONLY has certain file types- like doc, docx, xls, etc- essentially those things set in the protection rule), other items not in the rule will be trashed. A further issue will occur if an added rule for txt files is added. Although protection will be afforded for these items, I noticed HIPS-like warnings when installing legitimate applications that will throw out txt files during installation.

Also file types in other locations will not be protected, so at default everything in the Pictures , Video, and Music folders will be encrypted' even more of a pain is stuff on the Desktop are toast.

As to other malware forms, although most Scriptor Worms are prevented (along with their persistence mechanisms), other are not. Malware utilizing Powershell are detected and prevented, but once again there are issues with valid applications that use Powershell- warnings will also appear here making it difficult to decide what is malicious and what is benign.

DLL side loading and straight dropping with persistence were also seen to be problematic as was the creation of malicious services.

So although I did a quite cursory test, it was enough to determine that iDefender is a sub-optimal choice for protection against malware.

Its not meant to be an anti-ransomware solution. Stick to your AV or AppCheck for that. Ice Shield is intended to provide HIPS protection by leveraging the Microsoft kernel using its built-in protection and its more of a front-end to it here.
 
Last edited:

B-boy/StyLe/

Level 2
Thread author
Verified
Mar 10, 2023
97
Updated to 3.2.0.0
A lot of usability improvements, especially the rules template system.
Many new rules were added too.
This product is being updated quite frequently.
And now the version is 3.2.1.0.
They work really hard (fast), but too bad they don't update the GitHub page and the changes are not in English, so one should use the translator.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top