Serious Discussion iDefender

B-boy/StyLe/

B-boy/StyLe/

Level 3
Thread author
Verified
Well-known
Mar 10, 2023
144
Hello,

Sorry if already there is a topic about this one, but the search didn't return anything related.
Did someone of you is aware and tested this Korean freeware application?
I watched some tests and one application caught my eyes. It is called iDefender.
Didn't have the time to test it yet, but it looks promising and interesting.
What do you think? Is it worth a try? Probably @Shadowra or @cruelsister can give it a test as well? :)

Here are the tests:





This seems to be the homepage (with Google Translate):
singingdalong-blogspot-com.translate.goog

무료 멀웨어 및 랜섬웨어 방어 | iDefender

iDefender의 작동 방식은 HIPS와 유사하다. 즉, 프로세스 하나하나 세심하게 관리하고픈, 또 관리할 수 있는 여력을 보유한 고급 사용자를 위한 취약성 공격 차단 및 멀웨어/랜섬웨어 방어용 Windows 보안 프로그램이라고 할 수 있다.
singingdalong-blogspot-com.translate.goog singingdalong-blogspot-com.translate.goog

The GitHub page:
github.com

Releases · wecooperate/iDefender

iDefender(冰盾 - 终端主动防御系统). Contribute to wecooperate/iDefender development by creating an account on GitHub.
github.com github.com

The download link: (the latest version is 2.9.1).

The installer is clean regarding the virusTotal results:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

Best regards!
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: Behold Eck, Xtwillight, Jonny Quest and 9 others
L

lvseqiji

Level 2
Mar 30, 2022
66
It's a basicly a manaul HIPS come with many internalrules.
A Chinese company made it. The company makes a living by selling their iMonitorSDK(which is the tech inside iDefender) to big companies.
Have some screenshots:
1.png


2.png


3.png

4.png

You can see, iDefender's rules are based on template.
There are some templates with internal rules like System Reinforcement, Intelligent Protection, these templates are enabled by default.
 
Last edited by a moderator:
  • Like
  • +Reputation
Reactions: Xtwillight, Trident, Jonny Quest and 8 others
Shadowra

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,312
Tried it quickly and was rather disappointed.
The product is nice and so is the interface, but I noticed several problems.
Note that I used an old malware pack to see how the software would behave.

Here's what I noticed:

- The interface is quite nice and clear. However, there are still translation problems. On one alert, I saw symbols in Chinese, which can be disturbing. The software tries to guide, but can make bad decisions.
Example on this TDSS Rootkit once installed.

Capture d’écran 2023-08-13 100018.png

- On the RATs, it's clearly bad...
I quickly built a NanoCore-RAT which I encrypted with a crypter and selected to inject MSBuilder.exe and connect directly to one of my VPS servers. No reaction (I forgot to screen, sorry)

- On this test, I decide to run PolyRanson, a Ransomware that also releases ViraLock. The software tries to block the launch of the Ransomware, but after 2 minutes of struggle, the Ransomware launches...

Capture d’écran 2023-08-13 100837.png

And to conclude, the software lacks maturity and has very few rules.
On the other hand, it did block my JS, VBS and HTA attacks, and the same in PowerShell, but it lacks rules for other malware...

I'll make a video about it later, but I strongly advise against using it on its own...
Why not use it as a second protection with Microsoft Defender, for example.
 
  • Like
  • Thanks
  • +Reputation
Reactions: Behold Eck, Xtwillight, Trident and 10 others
B-boy/StyLe/

B-boy/StyLe/

Level 3
Thread author
Verified
Well-known
Mar 10, 2023
144
I guess it will only be good in addition to the main solution installed on the system to complement it (if such addition is needed, of course).
I will stick to my current combo then (Comodo Firewall and Kaspersky Free) with my own settings. :)
The main reason I opened this topic was to see if it can compare with AppCheck Anti-Ransomware and KART to decide if I should recommend it as a companion against ransomware.
These were also good regarding the tests Nuri Anti-Ransom (not free anymore), INCRYPT (no longer available), Owlyshield (need to be further developed) so I hoped that iDefender could also be included in my recommendation list. Too bad that RansomOff and RanStop were abandoned a few years ago. They also had the potential to be good.
Thanks for your time testing it. :)
 
  • Like
Reactions: [correlate], Xtwillight, Trident and 4 others
L

lvseqiji

Level 2
Mar 30, 2022
66
Shadowra said:
Tried it quickly and was rather disappointed.
The product is nice and so is the interface, but I noticed several problems.
Note that I used an old malware pack to see how the software would behave.

Here's what I noticed:

- The interface is quite nice and clear. However, there are still translation problems. On one alert, I saw symbols in Chinese, which can be disturbing. The software tries to guide, but can make bad decisions.
Example on this TDSS Rootkit once installed.

View attachment 277804

- On the RATs, it's clearly bad...
I quickly built a NanoCore-RAT which I encrypted with a crypter and selected to inject MSBuilder.exe and connect directly to one of my VPS servers. No reaction (I forgot to screen, sorry)

- On this test, I decide to run PolyRanson, a Ransomware that also releases ViraLock. The software tries to block the launch of the Ransomware, but after 2 minutes of struggle, the Ransomware launches...

View attachment 277805

And to conclude, the software lacks maturity and has very few rules.
On the other hand, it did block my JS, VBS and HTA attacks, and the same in PowerShell, but it lacks rules for other malware...

I'll make a video about it later, but I strongly advise against using it on its own...
Why not use it as a second protection with Microsoft Defender, for example.
Click to expand...
It still lacks rules. And it's not like comodo, it will not alert unless there is a rule.
For the translation problem part, its actually just the name of the rule template(which is in chinese), can be manually changed.
 
  • Like
Reactions: Xtwillight, Trident, vtqhtr413 and 3 others
L

lvseqiji

Level 2
Mar 30, 2022
66
B-boy/StyLe/ said:
I guess it will only be good in addition to the main solution installed on the system to complement it (if such addition is needed, of course).
I will stick to my current combo then (Comodo Firewall and Kaspersky Free) with my own settings. :)
The main reason I opened this topic was to see if it can compare with AppCheck Anti-Ransomware and KART to decide if I should recommend it as a companion against ransomware.
These were also good regarding the tests Nuri Anti-Ransom (not free anymore), INCRYPT (no longer available), Owlyshield (need to be further developed) so I hoped that iDefender could also be included in my recommendation list. Too bad that RansomOff and RanStop were abandoned a few years ago. They also had the potential to be good.
Thanks for your time testing it. :)
Click to expand...
It's not really an anti-ransomware solution.Just an old-school HIPS with some custom rules.
Detecting a ransomware is much more complicated.;)
 
  • Like
Reactions: Xtwillight, Trident, eonline and 3 others
cruelsister

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,149
Although this is a very interesting application, I personally wouldn't suggest it as either primary or secondary protection as it suffers from far too many flaws.

With regard to ransomware, utilizing the program with default rules in place one will notice that although certain items in the Documents folder are protected (as long as one ONLY has certain file types- like doc, docx, xls, etc- essentially those things set in the protection rule), other items not in the rule will be trashed. A further issue will occur if an added rule for txt files is added. Although protection will be afforded for these items, I noticed HIPS-like warnings when installing legitimate applications that will throw out txt files during installation.

Also file types in other locations will not be protected, so at default everything in the Pictures , Video, and Music folders will be encrypted' even more of a pain is stuff on the Desktop are toast.

As to other malware forms, although most Scriptor Worms are prevented (along with their persistence mechanisms), other are not. Malware utilizing Powershell are detected and prevented, but once again there are issues with valid applications that use Powershell- warnings will also appear here making it difficult to decide what is malicious and what is benign.

DLL side loading and straight dropping with persistence were also seen to be problematic as was the creation of malicious services.

So although I did a quite cursory test, it was enough to determine that iDefender is a sub-optimal choice for protection against malware.
 
  • Like
  • +Reputation
  • Applause
Reactions: Behold Eck, Xtwillight, kylprq and 9 others
N

NormanF

Level 8
Verified
Jan 11, 2018
355
B-boy/StyLe/ said:
Hello,

Sorry if already there is a topic about this one, but the search didn't return anything related.
Did someone of you is aware and tested this Korean freeware application?
I watched some tests and one application caught my eyes. It is called iDefender.
Didn't have the time to test it yet, but it looks promising and interesting.
What do you think? Is it worth a try? Probably @Shadowra or @cruelsister can give it a test as well? :)

Here are the tests:





This seems to be the homepage (with Google Translate):
singingdalong-blogspot-com.translate.goog

무료 멀웨어 및 랜섬웨어 방어 | iDefender

iDefender의 작동 방식은 HIPS와 유사하다. 즉, 프로세스 하나하나 세심하게 관리하고픈, 또 관리할 수 있는 여력을 보유한 고급 사용자를 위한 취약성 공격 차단 및 멀웨어/랜섬웨어 방어용 Windows 보안 프로그램이라고 할 수 있다.
singingdalong-blogspot-com.translate.goog singingdalong-blogspot-com.translate.goog

The GitHub page:
github.com

Releases · wecooperate/iDefender

iDefender(冰盾 - 终端主动防御系统). Contribute to wecooperate/iDefender development by creating an account on GitHub.
github.com github.com

The download link: (the latest version is 2.9.1).

The installer is clean regarding the virusTotal results:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

Best regards!
Click to expand...


Latest version is 2.9.3
 
N

NormanF

Level 8
Verified
Jan 11, 2018
355
Shadowra said:
Tried it quickly and was rather disappointed.
The product is nice and so is the interface, but I noticed several problems.
Note that I used an old malware pack to see how the software would behave.

Here's what I noticed:

- The interface is quite nice and clear. However, there are still translation problems. On one alert, I saw symbols in Chinese, which can be disturbing. The software tries to guide, but can make bad decisions.
Example on this TDSS Rootkit once installed.

View attachment 277804

- On the RATs, it's clearly bad...
I quickly built a NanoCore-RAT which I encrypted with a crypter and selected to inject MSBuilder.exe and connect directly to one of my VPS servers. No reaction (I forgot to screen, sorry)

- On this test, I decide to run PolyRanson, a Ransomware that also releases ViraLock. The software tries to block the launch of the Ransomware, but after 2 minutes of struggle, the Ransomware launches...

View attachment 277805

And to conclude, the software lacks maturity and has very few rules.
On the other hand, it did block my JS, VBS and HTA attacks, and the same in PowerShell, but it lacks rules for other malware...

I'll make a video about it later, but I strongly advise against using it on its own...
Why not use it as a second protection with Microsoft Defender, for example.
Click to expand...

Its robust with custom rules. Not so much as a standalone. This is an HIPS not an anti-exe.
 
  • Like
Reactions: Xtwillight, roger_m and Shadowra
N

NormanF

Level 8
Verified
Jan 11, 2018
355
cruelsister said:
Although this is a very interesting application, I personally wouldn't suggest it as either primary or secondary protection as it suffers from far too many flaws.

With regard to ransomware, utilizing the program with default rules in place one will notice that although certain items in the Documents folder are protected (as long as one ONLY has certain file types- like doc, docx, xls, etc- essentially those things set in the protection rule), other items not in the rule will be trashed. A further issue will occur if an added rule for txt files is added. Although protection will be afforded for these items, I noticed HIPS-like warnings when installing legitimate applications that will throw out txt files during installation.

Also file types in other locations will not be protected, so at default everything in the Pictures , Video, and Music folders will be encrypted' even more of a pain is stuff on the Desktop are toast.

As to other malware forms, although most Scriptor Worms are prevented (along with their persistence mechanisms), other are not. Malware utilizing Powershell are detected and prevented, but once again there are issues with valid applications that use Powershell- warnings will also appear here making it difficult to decide what is malicious and what is benign.

DLL side loading and straight dropping with persistence were also seen to be problematic as was the creation of malicious services.

So although I did a quite cursory test, it was enough to determine that iDefender is a sub-optimal choice for protection against malware.
Click to expand...

Its not meant to be an anti-ransomware solution. Stick to your AV or AppCheck for that. Ice Shield is intended to provide HIPS protection by leveraging the Microsoft kernel using its built-in protection and its more of a front-end to it here.
 
Last edited:
  • Like
Reactions: Behold Eck and Trident
B-boy/StyLe/

B-boy/StyLe/

Level 3
Thread author
Verified
Well-known
Mar 10, 2023
144
lvseqiji said:
Updated to 3.2.0.0
A lot of usability improvements, especially the rules template system.
Many new rules were added too.
This product is being updated quite frequently.
Click to expand...
And now the version is 3.2.1.0.
They work really hard (fast), but too bad they don't update the GitHub page and the changes are not in English, so one should use the translator.
 
  • Like
Reactions: Behold Eck, CyberDevil and Trident

Similar threads

CyberTech
    • Wow
Technology Twitch will end service in Korea on February 27, 2024, citing "prohibitively high" costs
Replies
0
Views
249
Technology News
CyberTech
CyberTech
CyberTech
    • Like
Technology LG Gram Fold is the latest Windows 11 foldable laptop, and it's also very expensive
Replies
0
Views
344
Technology News
CyberTech
CyberTech
Gandalf_The_Grey
    • Like
    • Thanks
    • +Reputation
AVLab.pl Advanced In-the-Wild Malware Test January 2024
Replies
8
Views
1,002
Security Statistics and Reports
Anthony Qian
Anthony Qian

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top