In about tab the developer added links to MalwareTips, Wilders Security and MajorGeeks communities.
iDefender
- Thread starter B-boy/StyLe/
- Start date
- Featured
- Oct 25, 2014
- 2,636
- 7,290
- 3,588
- 40
Hi
Here are some questions and answers of them
1. How can I submit samples for check and fix
The old version supported enabling debug mode to report missed detection data, but the new version has disabled this feature, and it will be restored as needed in the future. This is because the current focus is on resolving false positives, while missed detections can be addressed through HIPS.
2. Which scan engines did you use it
An in-house developed ML-powered scanning engine. It differs from traditional machine learning engines.
3. Any info tzo add the scan engines to virustotal
Not
4. Any infos for the multilanguage version as example german language of it available
We will consider supporting it in the future.
5. What are your plans for the future with it
6. Any infos for a roadmap available
Version 5.x will achieve sufficient capability in the recognition and detection of fundamental behaviors. Subsequently, Version 6.x will introduce an intelligent interception mechanism based on real-time EDR. This mechanism will leverage behavioral chains to automatically block malware.
Activity + Rules + EDR + AI
7. Will you add the support for Windows 8.1
8. How long will you support Windows 8.1
It supports Windows 7 and above; however, some versions of the operating system have not been fully rigorously tested.
If you find any compatibility problems, please let us know so we can fix them.
9. Will you have a beta or Alpha or RC Versions for testing
10. Or will you have an option into the programm that can download and install that Versions see question 9 for that
iDefender adopts an agile and rapid iteration approach, with feature releases updated monthly, minor functionalities iterated every two weeks, and patch versions fixed within a week or immediately.
In China, there is a WeChat communication group. Generally, feature versions are tested in the group for about a week before release, while other updates typically undergo 2-3 days of testing. The official release follows once no abnormal feedback is received.
For the international version, there is currently no suitable communication group. Therefore, it is generally released only after the Chinese version has stabilized, and there will be no beta releases.
An auto-update option is on the roadmap.
Mops21
Here are some questions and answers of them
1. How can I submit samples for check and fix
The old version supported enabling debug mode to report missed detection data, but the new version has disabled this feature, and it will be restored as needed in the future. This is because the current focus is on resolving false positives, while missed detections can be addressed through HIPS.
2. Which scan engines did you use it
An in-house developed ML-powered scanning engine. It differs from traditional machine learning engines.
3. Any info tzo add the scan engines to virustotal
Not
4. Any infos for the multilanguage version as example german language of it available
We will consider supporting it in the future.
5. What are your plans for the future with it
6. Any infos for a roadmap available
Version 5.x will achieve sufficient capability in the recognition and detection of fundamental behaviors. Subsequently, Version 6.x will introduce an intelligent interception mechanism based on real-time EDR. This mechanism will leverage behavioral chains to automatically block malware.
Activity + Rules + EDR + AI
7. Will you add the support for Windows 8.1
8. How long will you support Windows 8.1
It supports Windows 7 and above; however, some versions of the operating system have not been fully rigorously tested.
If you find any compatibility problems, please let us know so we can fix them.
9. Will you have a beta or Alpha or RC Versions for testing
10. Or will you have an option into the programm that can download and install that Versions see question 9 for that
iDefender adopts an agile and rapid iteration approach, with feature releases updated monthly, minor functionalities iterated every two weeks, and patch versions fixed within a week or immediately.
In China, there is a WeChat communication group. Generally, feature versions are tested in the group for about a week before release, while other updates typically undergo 2-3 days of testing. The official release follows once no abnormal feedback is received.
For the international version, there is currently no suitable communication group. Therefore, it is generally released only after the Chinese version has stabilized, and there will be no beta releases.
An auto-update option is on the roadmap.
Mops21
Last edited:
Hi all,
yesterday in GitHub issues webpage I posted to the developer a question about iDefender Pro and online games that could be of interest for World of Warcraft players like me but in general for online gamers.
iDefender Pro and online games · Issue #44 · wecooperate/iDefender
I thought about it a lot and I must say that I'm reluctanct to install iDefender Pro (I'm not interested in iDefender Free).
Blizzard's games, World of Warcraft included, integrate a anti-cheat protection software called Warden. From World of Warcraft Wiki Warden (software)
"Warden (also known as Warden Client) is an anti-cheating tool integrated in Blizzard Entertainment games such as Diablo II (since patch 1.11), StarCraft (patch 1.15), Warcraft III and most notably World of Warcraft. While the game is running, Warden uses API function calls to collect data on open programs on the user's computer and sends it back to Blizzard servers as hash values to be compared to those of known cheating programs. Privacy advocates consider the program to be spyware. Blizzard has said that Warden does not gather any personally identifiable information about players other than the account being used. It also states that the data collected is only used for finding evidence of malicious programs and cheating."
With its stock rules / plugins iDefender isn't a cheating software but it can become so if its rules are edited in a specific way for cheating purpose or if rules specifically created for cheating are imported from sources external to the developer. iDefender's developer wrote "Many people use it for illegal purposes related to cheating plugins. Dozens of people ask about it every day, so we have now banned all game-related questions, almost all of which are aimed at bypassing the game's anti-cheat mechanisms" and also "It is strictly prohibited to be used for any form of cheating". Obviously I don't want to cheat in playing at World of Warcraft but my fear is that Blizzard could still include it in the list of cheating apps even if it is not used for this purpose. As far as I know, Blizzard's blacklist is not public so it isn't possible to know what Blizzard considers as cheating apps. Even more so if someone were to use iDefender to cheat in World of Warcraft, I definitely think Blizzard would add it to the blacklist.
If the anti-cheat system Warden finds a blacklisted app in player's system the penalty in general is a ban from the game. The ban could be for a period of time but, in the worst case scenario, it could lead to a permanent ban with the forced closure of Blizzard's account.
As for playing World of Warcraft I've already spent time and a considerable sum of money for subscription and in-game purchases, I certainly can't afford such a risk, so I prefer to avoid installing iDefender.
yesterday in GitHub issues webpage I posted to the developer a question about iDefender Pro and online games that could be of interest for World of Warcraft players like me but in general for online gamers.
iDefender Pro and online games · Issue #44 · wecooperate/iDefender
I thought about it a lot and I must say that I'm reluctanct to install iDefender Pro (I'm not interested in iDefender Free).
Blizzard's games, World of Warcraft included, integrate a anti-cheat protection software called Warden. From World of Warcraft Wiki Warden (software)
"Warden (also known as Warden Client) is an anti-cheating tool integrated in Blizzard Entertainment games such as Diablo II (since patch 1.11), StarCraft (patch 1.15), Warcraft III and most notably World of Warcraft. While the game is running, Warden uses API function calls to collect data on open programs on the user's computer and sends it back to Blizzard servers as hash values to be compared to those of known cheating programs. Privacy advocates consider the program to be spyware. Blizzard has said that Warden does not gather any personally identifiable information about players other than the account being used. It also states that the data collected is only used for finding evidence of malicious programs and cheating."
With its stock rules / plugins iDefender isn't a cheating software but it can become so if its rules are edited in a specific way for cheating purpose or if rules specifically created for cheating are imported from sources external to the developer. iDefender's developer wrote "Many people use it for illegal purposes related to cheating plugins. Dozens of people ask about it every day, so we have now banned all game-related questions, almost all of which are aimed at bypassing the game's anti-cheat mechanisms" and also "It is strictly prohibited to be used for any form of cheating". Obviously I don't want to cheat in playing at World of Warcraft but my fear is that Blizzard could still include it in the list of cheating apps even if it is not used for this purpose. As far as I know, Blizzard's blacklist is not public so it isn't possible to know what Blizzard considers as cheating apps. Even more so if someone were to use iDefender to cheat in World of Warcraft, I definitely think Blizzard would add it to the blacklist.
If the anti-cheat system Warden finds a blacklisted app in player's system the penalty in general is a ban from the game. The ban could be for a period of time but, in the worst case scenario, it could lead to a permanent ban with the forced closure of Blizzard's account.
As for playing World of Warcraft I've already spent time and a considerable sum of money for subscription and in-game purchases, I certainly can't afford such a risk, so I prefer to avoid installing iDefender.
Last edited:
Cruelsister did a quick test of this product, results at Wilders if anyone is interested.
Hint: It wasn't pretty.
Hint: It wasn't pretty.
iDefender Free while with an (eye candy) gorgeous UI and few embed rules, seems is woefully inadequate as a user cannot even export rules AVAILABLE ONLY IN PRO VERSION. Well, it is a x64 HIPS so some might do the PRO buy as a layered measure of sorts.
I doubt this day and age someone would pay for a standalone HIPS, specially with unproven efficacy. But then again, you never know.
For who is interested on the topic "iDefender and online games" Serious Discussion - iDefender here it is the reply from the developer
www.wilderssecurity.com
iDefender (new HIPS for Windows)
I would like to get more info about which type of code injection methods are detected, and how they block Direct Syscall attacks, which is often used...
www.wilderssecurity.com
Some tutorials and use cases for iDefender have been added here ( Tutorials )
A new explanation has been added.For who is interested on the topic "iDefender and online games" Serious Discussion - iDefender here it is the reply from the developer
iDefender (new HIPS for Windows)
I would like to get more info about which type of code injection methods are detected, and how they block Direct Syscall attacks, which is often used...
wecooperate/iDefender
iDefender - The Infinite Potential Host Intrusion Prevention System (HIPS) & Real-time Endpoint Detection and Response for Home - wecooperate/iDefender
github.com
Given that many people are confused about whether iDefender affects games or leads to account bans, here's a further explanation: iDefender does not impact games, nor does it provide any cheating methods such as reading or modifying game memory.
So why was it mentioned before that some people used iDefender in cheating scenarios? This is because game anti-cheat systems typically load drivers. As HIPS (Host Intrusion Prevention System) software, iDefender can intercept driver loading, which may cause the game's anti-cheat system to malfunction, potentially allowing some cheating tools to avoid detection.
Any antivirus software with HIPS capabilities can achieve this. However, because iDefender is very lightweight and its settings are straightforward, it can easily be configured to block driver loading, which is why it was recommended by some.
Later, game anti-cheat systems were updated to deny game entry if driver loading fails. Simultaneously, iDefender has since included certain game drivers in its built-in trustlist to prevent them from being blocked by custom rules. Consequently, the original method lost effectiveness, leading many to inquire about the reason.
Finally, never use iDefender to intercept the driver loading of anti-cheat systems. If you encounter such issues, please report them to us. We will add the relevant drivers to the built-in trustlist to prevent this from happening.
5.1.2 -> Import and export rules are available for limited-time free use.
They changed their mind and on GitHub issues webpages they deleted issue # 44 and the new explanation you've reported above wecooperate/iDefender . Also they deleted issue # 42 that I was referring when I posted my question in issue # 44 wecooperate/iDefender Now the discussion of game-related issues is prohibited Discussion of game-related issues is prohibited. · Issue #45 · wecooperate/iDefender
Last edited:
Happy to see DEVS will tighten the <potential> keylogging API's to detect.
Keylogging API detection is supported in version 5.2.0.
Updated to 5.2.0.
- Mechanism Improvements
- Refactored all built-in rules based on ATT&CK framework, adding labels, scoring, and threat levels
- Added automatic blocking mechanism based on IOA multi-step behavior
- Added automatic blocking mechanism based on scoring system
- Added stack detection to identify Direct Syscall, Indirect Syscall, and Shellcode calls
- Added UAC Bypass detection
- Added Keylogging detection
- Added asynchronous detection mechanism based on ETW-TI
- New Built-in Rules
- Global Trusted Modules
- Automatically Blocking Malicious Behaviors (IOA)
- Automatically Blocking Malicious Behaviors (Scoring)
- Automatically Allowing Anomalous Behaviors from High-Reputation Processes
- Automatically Blocking Suspicious Behaviors from Low-Reputation Processes
- Block modification of HVCI settings to intercept driver loading
- Lsass Hardening
- Block LOLBins Process Network Access
- Block Keylogging
- Block Browser Data and Password Theft
- Block UAC Elevation Bypass Exploits
- Block Exploits Leveraging System Mechanisms
- Block WDAC modifications
- Block DosDevices symbolic link modifications
- Block wow64log.dll hijacking
- Feature Optimizations
- Optimized process reputation mechanism
- Optimized injection detection mechanism
- Optimized process caching
- Network Access Prompt support allowing high-reputation processes
- Prompt pop-ups now display TTP
- Other usability improvements
- Issue Fixes
- Fixed UI lag caused by driver blocking pop-ups in Windows 11, version 25H2
- Fixed various other reported issues
Definite Improvements. Testing on 8.1 currently.
Updated to version 5.2.2
- Added automatic update support
- Added built-in rule: Privacy & Ad-Blocking DNS Guarding
- Added RegisterHotKey support for keylogging blocking
- Add a privacy policy link and telemetry data option
- Optimized file access (kernel mode) rules (does not block EA reading, reducing alerts)
- Optimized built-in rules, reducing false positives
- Fixed the issue of wow64 key not working in some registry protection sections
- Fixed the issue of direct raw disk access blocking not working
- Fixed the issue of YARA rules not working
- Fixed the issue of process information not being obtained in some RPC scenarios
- Fixed the issue of APC injection warnings constantly appearing in environments where Avast was installed.
- Retrained the antivirus engine
For anyone interested, yesterday Shadowra ran a test on iDefender Pro.
https://malwaretips.com/threads/idefender-pro-présentation-reviews.138491/
https://malwaretips.com/threads/idefender-pro-présentation-reviews.138491/
Last edited:
Thanks for keeping the discussion alive. I wasn't very active lately because of lack of time, sadly.
Yesterday Shadowra posted some clarifications posted about the test. App Review - iDefender Pro (Présentation & Reviews)
Updated to version 5.3.0 && Support Team Management
- Add Process Rule Template
- Supports Integrity Level Control
- Supports Privilege Control
- Supports Control Over 20+ Types of Behaviors
- Supports Advanced Behavior Control
- Add Transparent Proxy Template
- Add C2 Detection Support
- Supports Accurate Detection of SilverFox
- Supports Accurate Detection of BRC4
- Add Detection for Common Defense Evasion Techniques
- Stack Obfuscation Detection
- Stack Spoof Detection
- WFP Silent EDR Detection
- Direct RPC Call Detection
- Patch ETW Detection
- Patch AMSI Detection
- Advanced Template Supports Adding Firewall Events
- Advanced Template Supports Process Reputation Field
- Fixed Issue with Invalid Zooming
- Fixed Issue Where Real-Time Protection Failed Due to Custom Real-Time Protection
- Optimized Some User Experience Aspects
You may also like...
-
Twitch will end service in Korea on February 27, 2024, citing "prohibitively high" costs- Started by CyberTech
- Replies: 0
-
LG Gram Fold is the latest Windows 11 foldable laptop, and it's also very expensive
- Started by CyberTech
- Replies: 0
-
Harmony Endpoint by Check Point- Started by Trident
- Replies: 704